Cybersecurity News Roundup: Week of August 8, 2022

Welcome to our blog ! It’s been yet another fascinating week in cybersecurity.

We start in China, where a hacker claimed to have stolen the personal information of nearly 49 million Shanghai Covid app users. In a post on Breach Forums on Wednesday, a hacker with the pseudonym “XJP” said “This database (database) contains everyone who lives in or has visited Shanghai since the adoption of Suishenma,” and provided a sample data, including phone numbers, Chinese names and ID numbers, and health code status of 47 people. Reuters contacted eleven of the 47 people. Only two said their ID numbers were wrong.

In the UK, the national health system faced a serious security incident after an attack on a key service provider last Thursday. According to The Guardian, “at least nine NHS mental health trusts have been affected by the outage, reducing their access to patient records”. The story goes on to say that “the cyberattack targeted systems used to refer patients to care, including dispatching ambulances, scheduling out-of-hours appointments, triage, care after hours, emergency orders and safety alerts. It also targeted the financial system used by the trust.

Also in Europe, a massive attack hit the website of the German Chambers of Industry and Commerce (DIHK), forcing the organization to shut down its IT systems as a precautionary measure for security reasons. Earlier this week, the DIHK said it relied only on telephone and fax for communications. Michael Bergmann, CEO of DIHK, described the attack as serious and massive, he also added that the organization was unable to estimate how long its systems will be unavailable.

On Wednesday, networking giant Cisco released details of a breach that occurred in May. While the cybercriminals responsible for the May 24 incident stole information, the company says the business was unaffected. According to Dark Reading »[W]We took immediate action to contain and root out bad actors, remediate the impact of the incident, and further harden our IT environment,” a company spokesperson said in the statement sent to Dark Reading. “No ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since the incident was discovered.”

Talk about painful! Security firm Sophos said this week that an unnamed automotive supplier had its systems hacked and files encrypted by three different ransomware gangs for two weeks in May, with two of the attacks occurring in just two hours. While dual ransomware attacks are becoming more common, “this is the first incident we’ve seen where three separate ransomware actors used the same entry point to attack a single organization,” the responders said. of Sophos X-Ops in a report released Wednesday.

A group of 18 technology and cyber companies have announced that they are developing a common data standard for sharing cybersecurity information. They aim to address a problem for corporate security chiefs who say cyber products often don’t integrate, making it difficult to fully assess hacking threats. The effort is led by Amazon.com Inc.’s AWS cloud business, cybersecurity firm Splunk Inc., and the security unit of International Business Machines Corp.

Cloudflare disclosed a “targeted phishing attack” against at least 76 employees and their family members. The incident was very similar to a recent phishing attack against customer engagement platform Twilio. Cloudflare’s attack came from four phone numbers associated with SIM cards issued by T-Mobile, but ultimately failed. The text messages pointed to a seemingly legitimate domain containing the keywords “Cloudflare” and “Okta” in an attempt to trick employees into handing over their credentials.

It’s all for this week. Stop by our blog next week for the latest cybersecurity news!

Top Global Security News

Reuters (August 12, 2022) Hacker offers to sell data of 48.5 million Shanghai COVID app users

A hacker claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second allegation of a data breach from the Chinese financial hub in one little over a month.

The hacker with the username “XJP” posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday.

The hacker provided sample data, including phone numbers, Chinese names and ID numbers, and health code status of 47 people.

READ MORE

safety week (August 11, 2022) Cybercriminals hacked into Cisco systems and stole data

For-profit cybercriminals hacked into Cisco’s systems in May and stole gigabytes of information, but the networking giant says the incident had no impact on its business.

Cisco on Wednesday issued a security incident notice and a technical blog post detailing the breach. The intrusion was detected on May 24, but the company has now shared its side of the story, shortly after cybercriminals released a list of files allegedly stolen from its systems.

According to Cisco, the attacker targeted one of its employees and only managed to steal files stored in a Box folder associated with that employee’s account, as well as employee authentication data from Active Directory. The company says the information stored in the Box folder was not sensitive.

READ MORE

pirate news (August 10, 2022) Hackers behind Twilio Breach also targeted Cloudflare employees

Web infrastructure company Cloudflare revealed on Tuesday that at least 76 employees and their family members received text messages on their home and work phones with characteristics similar to the sophisticated phishing attack on Twilio.

The attack, which happened around the same time Twilio was targeted, originated from four phone numbers associated with SIM cards issued by T-Mobile and ultimately failed.

The text messages pointed to a seemingly legitimate domain containing the keywords “Cloudflare” and “Okta” in an attempt to trick employees into handing over their credentials.

READ MORE

beeping computer (August 10, 2022) Automotive supplier raped by 3 ransomware gangs in 2 weeks

An automotive supplier had its systems hacked and files encrypted by three different ransomware gangs for two weeks in May, with two of the attacks occurring in just two hours.

The attacks followed an initial breach of company systems by an initial access broker (IAB) likely in December 2021, which exploited a firewall misconfiguration to breach the domain controller server at the using an RDP (Remote Desktop Protocol) connection.

While dual ransomware attacks are becoming more common, “this is the first incident we’ve seen where three separate ransomware actors used the same entry point to attack a single organization,” the responders said. of Sophos X-Ops in a report released Wednesday.

READ MORE

the wall street journal (August 10, 2022) Tech and cyber firms launch security standard to monitor hacking attempts

A group of 18 technology and cyber companies said Wednesday they were developing a common data standard for sharing cybersecurity information. They aim to address a problem for corporate security chiefs who say cyber products often don’t integrate, making it difficult to fully assess hacking threats.

Amazon. com Inc., the cloud business of AWS, cybersecurity firm Splunk Inc. and the security unit of International Business Machines Corp., among others, launched the Open Cybersecurity Schema Framework, or OCSF, on Wednesday during of the Black Hat USA cybersecurity conference in Las Vegas.

Other companies involved in the initiative are CrowdStrike Holdings Inc., Rapid7 Inc., Palo Alto Networks Inc., Cloudflare Inc., DTEX Systems Inc., IronNet Inc., JupiterOne Inc., Okta Inc., Salesforce Inc., Securonix Inc., Sumo Logic Inc., Tanium Inc., Zscaler Inc., and Trend Micro Inc.

LEARN MORE (subscription required)

DataBreachToday (8 August 2022) Cyberattack on NHS provider already offering key lessons

A notice on the NHS Oxford Health website warns the public of service issues related to the 111 software outage.
Britain’s hotline is on its fourth day of downgraded service following a cyber attack on a key service provider on Thursday.

The outage stems from software provider Birmingham Advanced, which is contracting with the UK government to provide digital services to NHS 111. The outage is expected to last at least until Tuesday at the earliest, UK news site Metro reports. .

The incident, which has forced the NHS to fall back on rolling out its various business continuity processes, reminds the healthcare sector to be prepared for its own cybersecurity surprises as well as to highly disruptive incidents involving critical third parties.

READ MORE

Security cases (August 7, 2022) Serious Cyber ​​Attack Hits German Chambers of Commerce and Industry

A massive attack hit the website of the German Chambers of Industry and Commerce (DIHK), forcing the organization to shut down its IT systems as a precautionary measure for security reasons.

“Due to a possible cyberattack, the IHK organization has shut down its IT systems as a precautionary measure for security reasons. We are currently working intensively on a solution and defense. The IT systems are successively restarted after the tests, in order to that the services will then be available again for businesses, reads the announcement published by the German Chambers of Industry and Commerce (DIHK).

The DIHK indicates that telephone and fax are the only channels to use to contact it.

Michael Bergmann, CEO of DIHK, described the attack as serious and massive, he also added that the organization was unable to estimate how long its systems will be unavailable.

READ MORE

Other sobering news

US Government Offers $10 Million Reward for Conti Ransomware Gang Information – The Hacker News

GitHub Moves to Protect Open Source Against Supply Chain Attacks – Wired

Twitter breach exposes anonymous accounts to nation-state hackers – Cyberscoop

What if responsibility for the safety of medical devices were transferred to manufacturers? – SC Media

Stolen data gives attackers an advantage against text-based 2FA – Dark Reading

Transit sees more cyber threats, many agencies not ready – GovTech

Attackers abuse open redirects in Snapchat and Amex in phishing attacks – Security Cases

Number of ransomware attacks on industrial organizations drops after Conti shutdown – Security Week

Comments are closed.