The digital landscape continues to be a battleground, with cyber threats evolving and attackers targeting an ever-wider range of victims. This week's TCE Cyberwatch roundup highlights a surge in attacks against governments and national security infrastructure, alongside various other cybersecurity incidents.
From a critical vulnerability in firewalls to a data breach impacting the United Nations, this week serves as a reminder of the constant vigilance required in the face of cyberattacks. Let's delve into the details to learn more about these incidents.
TCE Cyberwatch: Weekly Round-Up
Palo Alto Warns: Critical Firewall Flaw Could Lead to Cyberattacks
A new vulnerability named "Kaby Lake" was found in Palo Alto, a cybersecurity firm, Networks' firewall devices potentially exposing them to cyber threats, specifically devices running PAN-OS, the operating system produced for and used by Palo Alto Networks' firewalls.
The vulnerability, which allows attackers to execute arbitrary code on affected devices, seems to have no patch released to address the issue and customers are currently being provided temporary fixes. Users are advised to stay informed about security updates from Palo Alto Networks and take necessary precautions to mitigate the risks. Read More
HTW Halts Work to Recover From Data Breach
Herron Todd White (HTW), an Australian valuation firm is currently dealing with the aftermath of an alleged data breach, causing a pause in new work. Major banks that work with HTW regarding property-related assessments have taken precautionary measures as well.
National Australia Bank and Commonwealth Bank have taken action to suspend HTW from any further commercial and agricultural valuation work due to this breach but allow for residential valuations unaffected by it. The motive behind the attack, whether malicious or a security lapse within HTW’s infrastructure, remains uncertain.
Australia has become vigilant against cyberattacks due to past reoccurring incidences and now requires organizations to make a report to the Australian Cyber Security Centre (ACSC) within 12 hours of the attack. Read More
Cyberattack Disrupts French Municipal Governments, Investigation Underway
Multiple French municipal governments recently experienced a
cyberattack, disrupting their operations. Attributed to a group identified as the "Shadow Kill Hackers,” the attack targeted numerous municipalities throughout France.
Exploiting
vulnerabilities in the computer systems of these municipalities, the attackers gained unauthorized access and disrupted essential services, including emails and administrative functions.
The motive behind the attack remains unclear, prompting French authorities, including the National Agency for the Security of Information Systems (ANSSI), to launch an investigation and initiate efforts to restore the affected systems.
Read More
Cisco Duo Data Breach Exposes User Information
Recently, Cisco's Duo security product encountered a breach that exposed information related to multi-factor authentication (MFA). The breach, facilitated by a phishing attack through SMS and VOIP, targeted employee details and impacted Duo's MFA service. As a result, usernames, email addresses, and MFA device information were potentially compromised.
However, Cisco has reassured users that sensitive information such as passwords or authentication methods remained secure.
In response to the incident, Cisco promptly notified affected users and implemented necessary security measures to prevent future breaches. Nevertheless, users are advised to remain vigilant and monitor their accounts for any signs of suspicious activity.
Read More
Ransomware Attack Targets UNDP, Stealing HR Data
The United Nations Development Programme (UNDP) recently experienced a
cyberattack resulting in the breach of human resources (HR) data. The attack compromised the personal information of current and former employees at a branch in Denmark, including staff contracts and internal documents.
UNDP issued a notice acknowledging that they had received a threat intelligence notification indicating that a data extortion actor had stolen certain human resources and procurement information.
Taking swift action, UNDP promptly implemented necessary precautions and is currently conducting a comprehensive assessment to determine the nature and extent of the cyberattack.
Read More
UnitedHealth Takes $1.6 Billion Hit from Change Healthcare Cyberattack
UnitedHealth Group, one of the largest healthcare companies in the U.S., recently issued a warning about a cyberattack that resulted in a potential financial impact of $1.6 billion. The attack, targeting Change, led to disruptions in payments to doctors and healthcare facilities nationwide, as well as adversely affecting community health centers serving over 30 million impoverished and uninsured patients for a month.
UnitedHealth estimates that the hack will reduce profits by $1.15 to $1.35 per share this year but emphasizes that the impact is not as severe as initially anticipated. While the company has not yet disclosed the extent of the personal data breached in the attack, federal law mandates that they do so within 60 days.
Read More
Cyberattack Cripples Ukrainian Media Giant 1+1 Media
1+1 Media, a prominent media conglomerate in Ukraine, recently experienced a severe cyberattack targeting its satellite TV channels. In a statement released on Wednesday addressing the cyber assault, the media giant disclosed that 39 channels, including some of its flagship networks, became inaccessible, dealing a significant blow to the country's media infrastructure.
Officials stated that the cyberattack on 1+1 Media coincided with escalated tensions in the region, notably the "cynical attack" on the peaceful city of Chernihiv. The attack involved deliberate efforts to disrupt satellite communications on the Astra 4A 11766 H transponder.
Read More
Trust Wallet Warns of $2 Million iMessage Exploit
Trust Wallet, a prominent provider of cryptocurrency wallets, has issued a cautionary notice to Apple users concerning a potential vulnerability in iMessage. The alert arises from reliable information suggesting the existence of a zero-day exploit within the iOS iMessage platform, which is reportedly being sold on the dark web for an exorbitant $2 million.
As per Trust Wallet, this zero-day exploit in iMessage poses a significant risk as it enables hackers to take control of iPhones without any interaction from the device user.
Unlike conventional exploits that necessitate clicking on malicious links or downloading infected files, this exploit operates seamlessly, posing a particularly serious threat to high-profile targets.
Read More
BreachForums Breached! Rival Hackers Claim User Data
The primary website of the infamous BreachForums, a forum known for data leaks and hacking activities, has been shut down by competing threat actors. The group of threat actors known as R00TK1T, in collaboration with the pro-Russian Cyber Army of Russia, declared that they had breached user data subsequent to the takedown of BreachForums.
Additionally, the hackers behind the BreachForums attack asserted their intention to release a roster containing user details, IP addresses, and email addresses from the forum. Despite the assault, the TOR version of the website remains functional.
Read More
Benjamin Ambrose Appointed as CISO at NPCI
Benjamin Ambrose has been appointed as the Chief Information Security Officer (CISO) at the National Payments Corporation of India (NPCI), marking a strategic move aimed at bolstering cybersecurity measures in India's rapidly evolving digital payments sector.
Bringing with him extensive experience gained from notable roles at AWS and Citi, Ambrose offers a seasoned perspective to NPCI's cybersecurity initiatives.
Read More
Wrap Up
This week's TCE Cyberwatch roundup paints a sobering picture of the ever-evolving cyber threat landscape. From critical infrastructure vulnerabilities to attacks on international organizations and healthcare providers, no entity seems immune.
However, amidst this complexity, there's a crucial takeaway: vigilance is key. By staying informed about the latest threats, implementing robust security practices, and fostering a culture of cybersecurity awareness, we can all play a vital role in mitigating these risks.
TCE remains committed to keeping you informed about the latest developments in the cybersecurity world. We encourage you to stay tuned for future updates and actively participate in building a more secure digital future.