01-May-24: In Security News Today

Change Healthcare Hacked Using Stolen Citrix Accounts With no MFA

Change Healthcare was breached by the BlackCat ransomware gang who used stolen Citrix credentials without multi-factor authentication. The ransomware attack led to severe operational disruptions and financial damages. Remediation efforts included swift containment, replacing laptops, and rebuilding the data center network.

Panda Restaurants Discloses Data Breach After Corporate Systems Hack

Panda Restaurant Group, the parent company of Panda Express, disclosed a data breach after attackers compromised its corporate systems in March, affecting an unknown number of associates. The breach did not impact guest data, and the company is working with cybersecurity experts and law enforcement to investigate the incident. Personal information such as names, driver’s license numbers, and non-driver identification card numbers were accessed, but the total number of affected individuals remains undisclosed.

French Hospital CHC-SV Refuses to Pay LockBit Extortion Demand

The Hôpital de Cannes – Simone Veil (CHC-SV) in France experienced a cyberattack by the LockBit 3.0 ransomware gang, leading to operational disruptions and a ransom demand. Despite the threat of data leakage, the hospital has refused to pay the ransom and is working to restore affected systems. The incident highlights LockBit’s lack of concern for healthcare services and the ongoing challenges faced by organizations in dealing with ransomware attacks.

Canadian Drug Chain in Temporary Lockdown Mode After Cyber Incident

London Drugs, a Canadian pharmacy chain, has temporarily closed its stores in British Columbia, Alberta, and Saskatchewan due to a cybersecurity incident. The company has not disclosed the nature of the incident, but they are working with third-party experts to investigate. London Drugs reassures that no customer or employee data was compromised, and they are uncertain when the stores will resume normal operations.

Qantas App Exposed Sensitive Traveler Details to Random Users

Qantas Airways confirmed a misconfiguration in its app exposed sensitive information and boarding passes to random users, affecting some customers. The incident was caused by internal configuration changes, not a cyberattack, and only impacted the app. Qantas advised users to log out, stay vigilant for scams, and assured that no personal or financial information was shared.

New Cuttlefish Malware Infects Routers to Monitor Traffic for Credentials

Cuttlefish malware infects routers to monitor and steal authentication information, creating a proxy or VPN tunnel to exfiltrate data discreetly. It can perform DNS and HTTP hijacking, impacting internal communications. To protect against Cuttlefish, organizations should eliminate weak credentials, monitor for unusual logins, secure traffic with TLS/SSL, inspect devices for abnormalities, and use certificate pinning for remote connections.

1 in 5 US Ransomware Attacks Triggers Lawsuit

Comparitech’s analysis reveals that 18% of ransomware incidents in the US led to lawsuits in 2023, with a total of 123 filed so far. Data breaches are the primary reason for these lawsuits, impacting 283.3 million records across 355 attacks since 2018. Healthcare and finance sectors saw the highest number of filed lawsuits, with out-of-court settlements averaging $2.2 million.

To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware

Hackers are increasingly using USBs to breach air-gapped OT networks, leveraging old malware and vulnerabilities to disrupt or destroy systems. The shift towards USB attacks has been observed in industrial sectors, with attackers opting for living-off-the-land tactics post-infiltration. Defenders can combat these threats by implementing strict USB policies, utilizing technology for scanning removable media, and enhancing overall security measures.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *