Suspected Chinese threat actors are targeting installations of unpatched F5 and ScreenConnet.
Welcome to Cybersecurity Today. It's Monday, March 25, 2024. I'm Howard Solomon. In the US, he is a reporter who writes about cybersecurity for ITWorldCanada.com and TechNewsday.com.
hundreds of organizations Countries such as the United States, Canada, the United Kingdom, and Australia have been targeted by China-based attackers. According to Mandiant researchers: The attacker, named UNC5174, is targeting unpatched installations of his BIG-IP appliances from F5, ScreenConnect from ConnectWise, Confluence servers from Atlassian, Zyxel firewalls, and Linux servers. The individual, who once belonged to a Chinese hacktivist group, is now suspected of selling access to infringing companies to China's Ministry of State Security. The IT administrator is requested to promptly perform the recommended repair steps for the F5 appliance and his ScreenConnect software.
Over 100 companies The United States and Europe have been targeted by attackers in the latest phishing message campaign spreading StrelaStealer malware to steal email passwords. Palo Alto Networks researchers say the new campaign began in January. Some messages claim that the attachment is a bill that must be paid. High-tech companies are particularly targeted. Employees should be careful not to click on email or text attachments unless they know who is sending the message.
More powerful variation A piece of the Russian AcidRain data wiper that crippled satellite modems across Europe early in the invasion of Ukraine has been discovered. SentinelOne researchers refer to this variant as AcidPour. Although the first version was targeted at devices with MIPS processors, AcidPour can attack devices running x86 processors. These include Linux-powered networks and his IoT devices, RAID arrays, and large-scale storage devices. This new wiper is being used for Internet and communication service providers in Ukraine. His IT and network administrators in critical industries of any country must continue to patch their critical devices to avoid successful infrastructure attacks.
released by Microsoft Emergency Windows Server update to resolve issues with the March Patch released a few weeks ago. This issue causes Windows domain servers to crash. According to Bleeping Computer, the update is for WinServer 2022, 2016, and 2012. A hotfix for WinServer 2019 will be released soon.
seized by German authorities As part of an operation between the United States and Lithuania, a darknet market called Nemesis was established. Founded in 2021, Nemesis Market sold stolen data, ransomware and phishing services, and drugs. Forensic data collected in the seizure will help investigate the marketplace's more than 150,000 users and his 1,100 sellers.
What is needed How can we get America's hospitals and healthcare providers to get tougher on cybersecurity? U.S. Sen. Mark Warner says he is forced to act under the law. He introduced a bill Friday that would allow health care providers to accelerate payments if they are the victim of a cyberattack that meets minimum cybersecurity standards. limited to cases. These proposed standards have not yet been set. Warner introduced the bill as a ransomware attack on Change Healthcare, which processes patient payments, is impacting the nation. According to the news site CyberScoop, major U.S. medical organizations oppose having to meet mandatory minimum cybersecurity standards.
MozillaThe group behind the Firefox browser has discontinued a reputation service called Onerep that it had bundled with its Mozilla Plus subscription service. This comes after security journalist Brian Krebs reported that Onerep's owner also owns dozens of services that do people's internet searches, including one that sells personal background reports. . Onerep's owner said there was no information sharing between his company, called Nuwber, and Onerep. But that didn't satisfy Mozilla.
Here's the latest data breach news:
Select Education Group, which operates multiple institutions of higher education in California and Oregon, including the Institute of Technology, Bauman University, Fremont University, and the National Institute of Holistic Studies, has access to the personal data of more than 67,000 people. I reported it stolen. The incident happened in November last year. The stolen data included names, social security numbers, billing and payment records, and/or educational records.
Monmouth University in Illinois, home to about 750 students, has notified nearly 45,000 students that their personal data was compromised in a ransomware attack last December.
Coincidence or not, nearby Henry County was hit by a ransomware attack last week. According to cybersecurity news service The Record, the perpetrators of this attack are members of the Medusa ransomware gang.
The city of Jacksonville Beach, Florida, notified about 49,000 people that their personal data had been copied in a January cyberattack. According to local news sites, the mayor said it was a ransomware attack.
The American division of GardaWorld Cash, a cash management provider for banks and retailers, has notified approximately 40,000 people about the theft of personal data stored in its administrative files. The incident occurred last fall, but it took until this month to identify the victim and find his address. Stolen data included names, social security numbers, driver's license numbers, dates of birth, and insurance benefits or health information.
finally, March is the time when individuals in Canada, the United States, the United Kingdom, and other countries prepare their income tax returns. This is also the time when scammers expose the latest email and text-based tax scams. Ignore emails that claim to be from government tax authorities and contain attachments that may help you fill out your taxes. Also, ignore any phone messages warning you to call this number due to tax issues. Rather than sending you an email with an attachment, the government typically asks you to log into your tax account and look for the message. Scammers also send emails promising to help you get a large refund under certain government programs or help you fill out your taxes. Below is the IRS list of common tax frauds and Microsoft's report on tax fraud.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to Flash Briefing on your smart speaker. Thank you for listening.
