Security daily (03-08-2021)

Cyberattack knocks Italian vaccine registration portal offline

A cyberattack over the weekend shut down the COVID-19 vaccination registration system for an Italian region that includes the city of Rome, officials there said. Nicola Zingaretti, president of the Lazio region, said in a Facebook post on Monday that the area suffered a “cyber attack of criminal origin,” according to a Google translation. “We do not know who the perpetrators are and their purposes,” he wrote. CNN reported that Lazio received a ransom claim and was hit by a “crypto locker,” according to an unnamed source. Authorities say the incident is the most grave on an Italian government agency ever. The attack won’t interfere with anyone who already has booked a vaccine appointment, but new appointments are temporarily suspended, Zingaretti said. Health and financial data seems safe, he said. “The attack blocked almost all files in the data center,” he wrote. “At the moment the system is shut down […] The post Cyberattack knocks Italian vaccine registration portal offline appeared first on CyberScoop. (CyberScoop)

Federal agencies are failing to protect sensitive data, Senate report finds

Of eight federal agencies audited for their cybersecurity programs, only the Department of Homeland Security showed improvements in 2020, according to a report from the Senate Homeland Security and Governmental Affairs Committee. Released by the panel on Tuesday, the report expresses concerns about the state of federal agencies’ cyber posture during an overall 8% rise in security incidents across agencies. The report underscores the increased scrutiny of federal cybersecurity by lawmakers in the aftermath of a months-long alleged Russian cyber-espionage campaign the private sector first uncovered in December 2020. Russian hackers used a flaw in network management software SolarWinds to infiltrate nine government agencies. The report found that seven of the eight agencies reviewed still use legacy systems that no longer have security updates supported by their vendor. The practice can leave agencies vulnerable to foreign hacking, the report notes. “It is clear that the data entrusted to these eight […] The post Federal agencies are failing to protect sensitive data, Senate report finds appeared first on CyberScoop. (CyberScoop)

Suspected Chinese hackers took advantage of Microsoft Exchange vulnerability to steal call records

Hackers with ties to China took advantage of vulnerabilities in Microsoft Exchange for several months starting in late 2020 to steal call logs from a Southeast Asia telecommunication company, researchers at Cybereason report. The White House last month formally blamed Chinese government-affiliated hacking group HALFNIUM for a massive hacking campaign exploiting vulnerabilities in Microsoft Exchange servers, a kind of mail technology. Cybereason found that the groups targeting the unnamed Southeast Asian telecom had access to the same vulnerability for months prior to Microsoft’s disclosure. The new findings build on a 2019 report from Cybereason, in which investigators identified a long-running hacking campaign that breached about 10 cellular providers in Africa, Europe, the Middle East, and Asia. Now researchers can say that not only has that group not let up, but that they are now also joined by two more groups tied to Chinese intelligence conducting the same kinds of operations. The […] The post Suspected Chinese hackers took advantage of Microsoft Exchange vulnerability to steal call records appeared first on CyberScoop. (CyberScoop)

BazarCaller – the malware gang that talks you into infecting yourself

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family. (Naked Security)

Supply Chain Attacks Are Getting Worse, And You Are Not Ready For Them

(News ≈ Packet Storm)

DeadRinger: Chinese APTs Strike Major Telecom Companies

(News ≈ Packet Storm)

Check Out The Newly Discovered Tetraquark

(News ≈ Packet Storm)

PwnedPiper Outlines Devastating Bugs In More Than 80% Of Hospital Pneumatics

(News ≈ Packet Storm)

Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs

As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities.

Until recently, IT integrators, VARs, and MSPs haven't participated in the growing and profitable MSSP market as it entailed massive investments in (The Hacker News)

PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S.

Cybersecurity researchers on Monday disclosed a set of nine vulnerabilities known as "PwnedPiper" that left a widely-used pneumatic tube system (PTS) vulnerable to critical attacks, including a possibility of complete takeover. The security weaknesses, disclosed by American cybersecurity firm Armis, impact the Translogic PTS system by Swisslog Healthcare, which is installed in about 80% of all (The Hacker News)

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456. (Threatpost)

Ransomware Volumes Hit Record Highs as 2021 Wears On

The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way. (Threatpost)

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware. (Threatpost)

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017. (Threatpost)


/security-daily/ 04-08-2021 23:44:22