01-08-202103-08-2021

Security daily (02-08-2021)

National cyber director endorses plan for a bureau to collect, analyze threat data

National Cyber Director Chris Inglis called for the creation of a bureau of cyber statistics while outlining his priorities for the office in a speech Monday. The idea, initially proposed by Congress’s bipartisan Cyberspace Solarium Commission, would require the Department of Homeland Security to collect, process, and analyze statistics relevant to cyber threats and cybercrimes. It would require organizations that provide incident response services or cyber insurance to report information every 180 days. Inglis was a member of the same commission prior to his current role. “I would observe that to properly address risk we have to first understand it. We have to understand where it’s concentrated, where it cascades, what causes it, and more importantly to then discover how to address it,” Inglis said at an Atlantic Council event. “I think all would agree that in the absence of this information, we are going to be episodic, we’re going […] The post National cyber director endorses plan for a bureau to collect, analyze threat data appeared first on CyberScoop. (CyberScoop)

Popular technology that hospitals use to send lab samples is vulnerable, researchers found

A key technology that hospitals use to deliver medications, blood and other vital lab samples is at significant risk of hacking, new findings suggest. Researchers from the security vendor Armis found nine critical vulnerabilities in the control panel that powers the Translogic pneumatic tube systems from logistics automation company Swisslog Healthcare. The Translogic pneumatic tube system is used by more than 3,000 hospitals worldwide and over 80% of hospitals in North America, according to a report published Monday. Researchers warn that the vulnerability could be used to launch a ransomware attack against the delivery system, crippling hospital functions. Hackers could also use such access to leak sensitive medical data. There’s no evidence attackers have exploited the software issue for their own gain. Ransomware attacks against hospitals have risen dramatically in recent years, costing organizations millions of dollars and sometimes crippling emergency care. Five of the vulnerabilities, which researchers have collectively […] The post Popular technology that hospitals use to send lab samples is vulnerable, researchers found appeared first on CyberScoop. (CyberScoop)

CISA Launches Own Vulnerability Disclosure Program

(News ≈ Packet Storm)

Microsoft Warns Of Sneakier Than Usual Phishing Attack

(News ≈ Packet Storm)

SolarWinds Attackers Breached Email Of US Prosecutors, Says Department Of Justice

(News ≈ Packet Storm)

Novel Meteor Wiper Used In Attack That Crippled Iranian Train System

(News ≈ Packet Storm)

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks. Israeli cybersecurity firm Sygnia, which identified the campaign, is tracking the advanced, stealthy (The Hacker News)

PyPI Python Package Repository Patches Critical Supply Chain Flaw

The maintainers of Python Package Index (PyPI) last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanese security researcher RyotaK, who in the past has disclosed critical vulnerabilities in the  (The Hacker News)

Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild

Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar. Dubbed "Solarmarker," the malware campaign is believed to be active since September 2020, with (The Hacker News)

Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers

An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are (The Hacker News)

‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics

Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware. (Threatpost)

Chipotle Emails Serve Up Phishing Lures

Mass email distribution service compromise mirrors earlier Nobelium attacks. (Threatpost)

01-08-202103-08-2021

/security-daily/ 03-08-2021 23:44:23