UnitedHealth says ‘Blackcat’ ransomware group behind hack at tech unit
Article Link: https://www.reuters.com/technology/unitedhealth-confirms-blackcat-group-behind-recent-cyber-security-attack-2024-02-29/
- UnitedHealth Group said on Thursday a cyberattack at its tech unit, Change Healthcare, was perpetrated by hackers who identified themselves as the “Blackcat” ransomware group.
- STAT cited UnitedHealth Chief Operating Officer Dirk McMahon as saying that the company is setting up a loan program to help providers who cannot submit insurance claims while Change Healthcare is offline.
- A prolonged disruption of Change Healthcare’s systems could disrupt the ability of some health systems to pay salaries and equipment, the association said.
Pharma Giant Cencora Reports Cybersecurity Breach
Article Link: https://www.infosecurity-magazine.com/news/cencora-reports-cybersecurity/
- Leading drug distributor Cencora has disclosed a cybersecurity incident where data from its information systems was compromised, potentially containing personal information.
- “Healthcare organizations are very attractive to threat actors because of the wide range of IoT devices and applications used, ranging from systems like EPIC all the way to security cameras, printers and access control systems,” commented Viakoo CEO, Bud Broomhead.
- it is concerning, though not entirely unexpected, that Cencora cannot conclusively confirm whether the exfiltrated data includes personal information.
Biden Warns Chinese Cars Could Steal US Citizens’ Data
Article Link: https://www.infosecurity-magazine.com/news/biden-chinese-cars-us-data/
- US President Joe Biden has warned that Chinese manufactured automobiles could be used to steal sensitive data of US citizens and critical infrastructure.
- The statement highlighted that most cars are now connected to other systems, including phones, navigation systems, critical infrastructure and the companies that made them.
- The announcement follows an executive order signed by Biden on February 28, which aims to prevent the sale of personal and financial data to countries of concern, including China.
Securing Perimeter Products Must Be a Priority, Says NCSC
Article Link: https://www.infosecurity-magazine.com/news/securing-perimeter-products/
- UK cybersecurity experts have warned that threat actors are increasingly targeting insecure self-hosted products at the corporate network perimeter.
- “Attackers have realised that the majority of perimeter-exposed products aren’t ‘secure by design’, and so vulnerabilities can be found far more easily than in popular client software,”
- “Furthermore, these products typically don’t have decent logging (or can be easily forensically investigated), making perfect footholds in a network where every client device is likely to be running high-end detective capabilities.”
Anycubic 3D printers hacked worldwide to expose security flaw
Article Link: https://www.bleepingcomputer.com/news/security/anycubic-3d-printers-hacked-worldwide-to-expose-security-flaw/
- According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks.
- This vulnerability allegedly enables potential attackers to control any Anycubic 3D printer affected by this vulnerability using the company’s MQTT service API.
- “Despite our initial intention to resolve the issue amicably (and we still hope in it), it appears that our concerns have not been taken seriously by Anycubic. Consequently, we are now preparing to disclose these vulnerabilities to the public along with our repo and our tools.”
Hackers target FCC, crypto firms in advanced Okta phishing attacks
Article Link: https://www.bleepingcomputer.com/news/security/hackers-target-fcc-crypto-firms-in-advanced-okta-phishing-attacks/
- A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals.
- The attackers may call, email, or SMS the target, pretending to be customer support, directing them to the phishing site to “recover” their accounts.
- The phishing kit deployed by the cybercriminals enables them to interact with the victims in real time to facilitate scenarios like asking for additional authentication in case multi-factor authentication (MFA) codes are required to take over the target’s account.
