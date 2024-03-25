Entertainment
Welcome to Cybersecurity today. It's Monday, March 25, 2024. I'm Howard Solomon, a contributing cybersecurity reporter for ITWorldCanada.com and TechNewsday.com in the United States.
Hundreds of organizations in the United States, Canada, United Kingdom, Australia and other countries, are the target of a threat actor based in China. It is according to Mandiant researchers. Dubbed UNC5174, this threat actor attacks unpatched installations of F5 BIG-IP appliances, ConnectWise ScreenConnect, Atlassian Confluence servers, Zyxel firewalls, and Linux servers. It is suspected that this person was part of a Chinese hacktivist collective and is now selling access to compromised companies that they obtain to China's Ministry of State Security. IT administrators are encouraged to promptly take recommended corrective actions for F5 devices and ScreenConnect software.
More than 100 companies in the United States and Europe have been targeted by malicious actors in the latest phishing message campaign spreading StrelaStealer malware to steal email passwords. Palo Alto Networks Researchers let's say this new campaign started in January. Some messages claim the attachment is an invoice that needs to be paid. High-tech companies are particularly targeted. Employees should be reminded not to click on attachments in an email or text unless they are sure of the origin of the message.
A more powerful variant The Russian AcidRain data eraser that crippled satellite modems across Europe at the start of the Ukraine invasion has been spotted. SentinelOne researchers call this variant AcidPour. While the first version was aimed at devices with MIPS processors, AcidPour can hit those using x86 processors. These include Linux-based networking and IoT devices, RAID arrays, and large storage devices. This new wiper is used against Internet and telecommunications service providers in Ukraine. IT and network administrators in critical industries across countries must keep vital devices up to date to prevent successful attacks on infrastructure.
Microsoft released an emergency Windows Server update to resolve an issue with the March patches released a few weeks ago. The issue causes Windows domain servers to crash. The Bleeping Computer said the updates concern WinServer 2022, 2016 and 2012. A fix for WinServer 2019 will be released shortly.
German authorities seized the darknet market called Nemesis as part of an operation with the United States and Lithuania. Founded in 2021, Nemesis Marketplace sold stolen data, ransomware and phishing services, and drugs. The forensic data collected during the seizure will help investigate more than 150,000 users and 1,100 sellers on the market.
What will it take lead U.S. hospitals and healthcare providers to become stricter on cybersecurity? Being forced to act with laws, says US Senator Mark Warner. He introduced a bill Friday to allow health care providers to get accelerated Medicare payments if they are victims of a cyberattack — but only if they meet minimum cybersecurity standards. The proposed standards have not yet been established. Warner introduced the legislation due to the impact across the United States of a ransomware attack on Change Healthcare, which processes patient payments. According to the Cyberscoop information site, Large American health groups oppose the obligation to respect mandatory minimum standards in cybersecurity.
Mozilla, the group behind the Firefox browser, has abandoned a reputation service called Onerep that it bundled with its Mozilla Plus subscription service. It comes after security reporter Brian Krebs reported that the owner of Onerep also has dozens of services that perform Internet searches on people, including one that sells basic reports on individuals. The owner of Onerep said there was no sharing of information between this company, called Nuwber, and Onerep. But that didn't satisfy Mozilla.
Here is the latest news on data breaches:
Select Education Group, which operates several postsecondary schools in California and Oregon, including the Institute of Technology, Bauman College, Fremont University and the National Holistic Institute, is notifying the personal data of just over 67,000 people was stolen. The incident happened last November. The stolen data included names, social security numbers, billing and payment records, and/or academic records.
Monmouth College of Illinois, which has approximately 750 students, is notifying Just under 45,000 people had their personal data exposed in a ransomware attack last December.
Coincidentally – or not – neighboring Henry County was hit by a ransomware attack last week. According to cybersecurity news service The Record, The Medusa ransomware gang takes credit for this attack.
The city of Jacksonville Beach, Florida, notified approximately 49,000 people that their personal data had been copied in a cyberattack in January. According to a local news sitethe mayor says it was a ransomware attack.
The US division of GardaWorld Cash, a cash management provider for banks and retailersinformed nearly 40,000 people from the theft of personal data contained in administrative files. This happened last fall, but it took until this month to identify and obtain the victims' addresses. The stolen data included names, Social Security numbers, driver's license numbers, dates of birth, and insurance benefits or health information.
Finally, In March, individuals in Canada, the United States, the United Kingdom and other countries prepare to file their income taxes. This is also the time when scammers reveal their latest tax scams via email or text message. Ignore emails that claim to be from a government tax agency with an attachment purporting to help you file your taxes. Also ignore phone messages warning you to call a number because of a tax issue. Usually the government will ask you to log into your tax account to search for a message rather than sending you an email with an attachment. Scammers also send emails promising to help you get large refunds from certain government programs or help you file your taxes. Here is an IRS list common tax scams and a Microsoft report on tax scams.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.
