Cybersecurity News Headlines Update on September 29, 2020

Largest Ransomware Attack? UHS Hospital Network. Universal Health Service (UHS) suffered a ransomware attack over the weekend. The attack prompted the organization to shut down systems at its healthcare facilities in the US. Reports from UHS employees indicate that facilities in several US states, including California, Texas, and Florida, were without access to phone systems and computers. Affected facilities are redirecting ambulances to other hospitals, and patients who require surgery are being transferred. A public statement from UHS says that its “IT Network across Universal Health Services (UHS) facilities is currently offline, due to an IT security issue.” Read more in:

Ransomware Impacts Many State and Local Governments: Tyler Technologies. A company that provides IT services to US state and local governments has confirmed that a cyber incident reported last week was a ransomware attack. Some Tyler Technologies customers have reported detecting suspicious logins. The company is urging its customers to change their passwords for remote access accounts. Read more in:

School Data Leaked After Ransomware Demand is Not Paid. Ransomware operator’s published data stolen from the Clark County (Nevada) School District after the district declined to pay the ransomware demand. The Clark County School District has 320,000 students; the leaked data include Social Security numbers, grades, and other personal information. (Please note that the WSJ story is behind a paywall.) Read more in:

$6.85M Penalty for HIPAA Data Breach Violation. The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a financial penalty of $6.85 million on Premera Blue Cross for violating the Health Insurance Portability and Accountability Act (HIPAA). A 2014 data breach affected the protected health information (PHI) of 10.4 million patients. An OCR investigation of the breach found “systemic noncompliance” with HIPAA rules. Read more in: OCR Imposes $6.85M Penalty Over Data Breach

Former Employee Sentenced for Damaging Company Computers. A US District Judge has sentenced a former tech support person to a year and a day in prison for accessing his former employer’s computer system, deleting file storage drives, and changing the storage management system password. Shannon Stafford was also ordered to pay his former employer nearly $200,000 in restitution. Stafford was found guilty of intentional damage to a computer and attempted intentional damage to a computer. Stafford’s responsibilities included “disabling company users’ network access credentials at the end of their employment.” Read more in:

Microsoft Source Code Leaked. Source code for Microsoft Windows XP, Windows Server 2003, and other older operating systems has been leaked online. The data have been posted by a 4chan user. Microsoft is investigating the issue. It appears that much of what was made available was previously leaked material. Read more in:

Twitter Fixes Caching Bug That May Have Exposed API Keys. Twitter has warned developers that a caching bug in developer.twitter.com may have exposed API keys and access tokens. Twitter says it has fixed the issue by changing caching instructions so that browsers will no longer store information about developer accounts or apps. Read more in:

Microsoft Pulls Azure Apps Being Used to Support Phishing Attacks. Microsoft has pulled 18 Azure Active Directory apps after determining that they were components of a command-and-control structure supporting malicious activity of China-based cyberthreat actors. The apps were being used to help the group launch phishing attacks. Read more in:

Student Arrested for Allegedly Launching Attacks Against Indiana School District System. Authorities in Indiana have arrested a 13-year-old middle school student in connection with a series of cyberattacks against the computer network of the Valparaiso School District. The student is believed to be responsible for a string of attacks that disrupted remote learning activities. Read more in: Student Arrested Over Cyber-attacks on Indiana Schools

911 Emergency Service Outages Affect Several US States. At least 14 US states reported outages of 911 emergency service lines on Monday, September 28. Most of the systems are now operational. The outages were reported in Arizona, California, Colorado, Delaware, Florida, Illinois, Indiana, Missouri, Minnesota, Nevada, North Carolina, North Dakota, Ohio, Pennsylvania, and Washington. Read more in:

Microsoft Office 365 Outage. A Microsoft Office 365 outage on Monday, September 28 affected users in the US and Australia. The outage started at 21:25 UTC Microsoft first attempted to fix the problem by rolling back a change identified as causing the outage, but the roll back did not resolve the problem. Microsoft then began “rerouting traffic to alternate systems to provide further relief to the affected users.” As of 4:00 UTC Tuesday, September 29, Microsoft says the issue has been resolved. Read more in:

Apple announced to release four security updates which, patched vulnerabilities affecting macOS Catalina, High Sierra and Mojave including:

  • CVE-2020-9973: Out-of-bounds read vulnerability affected the Model I/O component reported by the Cisco Talos researcher Aleksandar Nikolic.
  • CVE-2020-9961: Arbitrary code execution vulnerability that affects the ImageIO component reported by the researcher Xingwei Lin from Ant Group Light-Year Security Lab.
  • CVE-2020-9968: Sandbox vulnerability which and can be exploited by a malicious application to access restricted files reported by Adam Chester of TrustedSec.
  • CVE-2020-9941: Mail component vulnerability in the High Sierra OS which can be exploited by a remote attacker reported by researchers from the FH Münster University of Applied Sciences in Germany.

Pastebin added new features called ‘Burn After Read’ and ‘Password Protected Pastes’ allow Pastebin users to create pastes (pieces of text) that expire after a single read or pastes that are protected by a password. Security export warns those features will make it easier to disguise malware operations.

CISA: Federal Agency Hacked, Data Exfiltrated. The US Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis report detailing a cyberattack against a federal agency’s enterprise network. The threat actor gained access to the unnamed agency’s system and exfiltrated data. The report provides information about the methods used to gain access to the network. The breach was detected through EINSTEIN, CISA’s intrusion detection system. The threat actor was able to gain persistent network access through reverse Socket Secure proxies. Read more in:

Operation DisrupTor Nets 179 Arrests. Authorities in six countries have arrested a total of 179 people in connection with Dark Web activity. The enforcement effort, known as Operation DisrupTor, also seized 500 kilograms of drugs and confiscated $6.5 million in cash and cryptocurrency. Suspects were arrested in the US, Germany, the Netherlands, the UK, Austria, and Sweden. Read more in:

Polish Hacker Gang Shut Down. Authorities in Poland have shut down a hacking groups that has allegedly been involved in a variety of cybercrimes. Four people have been arrested and another four are under investigation. The group’s alleged activities include spreading ransomware, other malware, SIM swapping, and bank fraud. Read more in:

Contractor Sentenced for Using Employers System to Mine Cryptocurrency. A man in Australia has been sentenced for using his former employer’s systems to mine cryptocurrency. The man worked as an IT contractor at Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO). His responsibilities included data archiving and software support. The man altered data to use the computers to mine AU$9,400 (US$6,800) in cryptocurrency, while costing the company AU$76,000 (US$55,000) in computing time. The unnamed man received a 15-month non-custodial sentence. Read more in: Contractor convicted of pinching supercomputer cycles to mine cryptocurrency

Cisco Patches Vulnerabilities in IOS XE. On Thursday, September 24, Cisco released fixes for numerous security issues affecting Cisco IOS XE software. The vulnerabilities addressed could be exploited to cause denial-of-service conditions, overwrite files, and launch input validation attacks. Read more in:

British Pilots Not Satisfied with Proposed MCAS Software Fixes for Boeing 737 Max. The British Airline Pilots’ Association (BALPA) says it is not satisfied with proposed fixes to Boeing Manoeuvring Characteristics Augmentation System (MCAS) software for the 737 Max aircraft. BALPA detailed the issue in public comments submitted to a US Federal Aviation Administration (FAA) notice of proposed rulemaking (NPRM). The NPRM proposes fixes and procedures for pilots to follow if a problem arises. BALPA warned that a proposed workaround for an MCAS failure could lead to a crash. Read more in: Proposed US fix for Boeing 737 Max software woes does not address Ethiopian crash scenario, UK pilot union warns

Microsoft: ZeroLogon is Being Actively Exploited; Patch Now. Microsoft is urging users to patch vulnerable systems against the ZeroLogon flaw, which is being actively exploited to. The vulnerability lies in Microsoft’s Netlogon protocol. It can be exploited to bypass authentication measures to obtain domain level admin access in networks. Last week, CISA issued an Emergency Directive instructing agencies to apply the patch by midnight on Monday, September 21. Read more in:

Microsoft Updates Security Update Guide. Microsoft has updated its Security Update Guide, which contains information about all of the security updates Microsoft releases. Microsoft says that the “new version will provide a more intuitive user experience to help protect our customers regardless of what Microsoft products or services they use in their environment.” It is now easier to generate a list of all CVEs from Patch Tuesday, and the display can be personalized. Read more in:

Ransomware: US School Districts Targeted. Networks belonging to at least 16 school districts in the US have been hot with ransomware in the past few months. In some of the districts, the attacks pushed back the first day of school; in others, classes were cancelled for a day or more. Having a functioning IT system is especially crucial to school districts as so many are holding classes remotely. Read more in: Cybercriminals Strike Schools Amid Pandemic

Ransomware: Tyler Technologies. Systems at Tyler Technologies, a company that provides software and IT services to state and local governments across the US, has been hit with what appears to be a ransomware attack. The company has not specified the nature of the attack, but the details that have emerged are consistent with a system beset with ransomware. In an email to clients, Tyler’s CIO wrote, that after discovering “that an unauthorized intruder had disrupted access to some of our internal systems, …out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem.” Read more in:

Texas County eMail Hacked.The Hamilton County (Texas) email system suffered a malware attack. Individuals who emailed the county clerk received maliciously-crafted replies that included an attached file and a password to open the file. The attachments contained malware. The county had not implemented two-factor authentication (2FA) or DMARC for its email system email. Read more in: Foreign Hackers Cripple Texas County’s Email System, Raising Election Security Concerns

NSA Cybersecurity Information Sheets. The US National Security Agency (NSA) has published two cybersecurity information sheets. The first, “Compromised Personal Network Indicators and Mitigations,” is for government teleworkers; it “provides guidance to users who have received authorization to connect GFE (government furnished equipment) to personal networks.” The second document, “Performing Out-of-Band Network Management,” provides information for system admins on isolating management traffic from operational traffic. Read more in:

FERC/NERC Report Looks at Electric Utility Cyber Incident Response. A report from the U.S. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) outlines best practices for cybersecurity incident response. The report is based on information gleaned from cybersecurity incident response plans of eight US utilities. Read more in:

CISA Emergency Directive on Windows Server Vulnerability. On Friday, September 18, the US’s Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive ordering federal agencies to patch a critical vulnerability in Windows Server for which Microsoft issued a fix in August. The flaw lies in an Active Directory authentication component called Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Agencies have been directed to “update all Windows Servers with the domain controller role by 11:59 PM EDT, Monday, September 21, 2020.” The privilege elevation vulnerability has been given a CVSS score of 10. Read more in:

Researchers: Rampant Kitten Hacking Campaign Uses an Arsenal of Data-Stealing Malware. Researchers at Check Point have detected a long-standing surveillance campaign used by Iranian entities to target dissidents and expatriates. Dubbed Rampant Kitten, the campaign employs malware to steal information, including two-factor authentication (2FA) SMS codes, take screenshots, and record sounds near infected devices. Read more in:

Hijacking Flaw in Firefox for Android is Fixed in Version 79. Firefox for Android users are urged to update their apps to version 79 or newer to protect the browser from being hijacked. An attacker on the same Wi-Fi network as someone running a vulnerable version of Firefox for Android could cause a new browser window to open. The issue lies in the browser’s Simple Service Discovery Protocol (SSDP) engine. Read more in:

Internet Archive and Cloudflare Collaborate to Archive More Website Content. A partnership between the Internet Archive and Cloudflare will automatically archive content of websites that use Cloudflare’s Always Online service. The Always Online feature serves cached static versions of websites when the sites are experiencing downtime. The partnership will help increase the number of sites the Internet Archive’s Wayback Machine archives. Read more in:

Another Patch for Discount Rules for WooCommerce WordPress Plugin. The developers of the Discount Rules for WooCommerce WordPress plugin have released an update to address a pair of high-severity cross-site scripting vulnerabilities. This is the third time that updates have been issued to address the flaws; two earlier versions did not sufficiently fix the problem. Users are urged to update to version 2.2.1. Read more in:

Jekyll Island Authority Systems Hit with Ransomware. The Jekyll Island Authority (JIA) has acknowledged that its network was hit with a ransomware attack last week. (Jekyll Island is located off the coast of the US state of Georgia.) The JIA executive director said, “All of our computer systems … were impacted, and it’s a very serious situation.” JIA employed a third-party IT services provider that is working on restoring JIA systems. Read more in: Jekyll Island Authority Targeted by Ransomware Attack

Ransomware Operators Stole Data from ArbiterSports. ArbiterSports has acknowledged that its network suffered a ransomware attack in July. According to its website, “ArbiterSports provides a complete suite of tools and technology that caters to the needs of Assigners, Coordinators, Business Offices, Game officials and Athletic or Federal Program Directors.” The company said that the attackers stole data belonging to 540,000 users. Although ArbiterSports paid the demanded ransom and the hackers said they deleted the stolen files, there is no guarantee that the information is not still in their possession. Read more in: Details of 540,000 sports referees taken in failed ransomware attack

Published by Julie Robert

, passionate about technology, Windows, and everything that has a power button, I spent most of the time to develop new skills and learning more about the tech world because I derive great satisfaction from helping readers eliminate technological headaches that plague their day-to-day lives.