SAN MATEO, CA, August 15, 2022 — Cybersecurity news weekly roundup. Stories, news, politics and events impacting the network security industry during the last week. Brought to you by NetworkTigers.
- Healthcare center canceling surgeries after cyberattack
- Conti offshoots use phishing and social engineering tactics
- CISA warns of two new security flaws being exploited
- Cisco attacked by Lapsus$ hacker
- Ski-Doo manufacturer stops operations following cyberattack
- Lazarus hackers target deBridge crypto platform
- Twilio hacked after phishing attack
- DHS warns of security flaw in Emergency Alert System devices
- North Korean hackers phishing crypto workers
Healthcare center canceling surgeries after cyberattack
Ohio’s Memorial Health Systems has suffered a cyberattack that has forced workers to revert to paper documents. Appointments for radiology exams and surgery have also been canceled due to the attack. The hospital is working with the FBI, the DHS and security professionals to restore its systems and IT operations. Read more.
Three offshoots of Russia’s Conti hacker collective have been observed using phishing and social engineering techniques to gain access to victim’s data. Going by the names Silent Ransom, Roy/Zeon and Quantum, the threat actors use a fraudulent email to trick victims into phoning a call center to cancel a subscription. An operator on the line then convinces the victim to allow them remote access to their computer so the hackers can mount an attack. Read more.
CISA warns of two new security flaws being exploited
CISA has added two new flaws to its Known Exploited Vulnerabilities list. One flaw, known as DogWalk, has been a zero-day exploit in the Windows Support Diagnostic Tool for two years. The other bug exists in the UnRAR utility found in Linux and Unix systems. Both vulnerabilities could be used to introduce malicious code into a victim’s system. Read more.
Cisco attacked by Lapsus$ hacker
Silicon Valley firm Cisco was hit with a cyberattack in which a hacker made repeated attempts to access its corporate network. The hacker cracked into an employee’s Google account and then impersonated organizations over the phone to persuade the employee to allow them to access their login credentials. No sensitive data was gained by the hacker, who is believed to be an initial access broker with connections to Lapsus$. Read more.
Ski-Doo manufacturer stops operations following cyberattack
BPR, manufacturer of Ski-Doo jet skis and other recreational vehicles, has been forced to suspend operations following a cyberattack. The company did not elaborate on the nature of the reported “malicious cybersecurity activity,” but did say it took immediate measures to contain it. Transactions with suppliers and buyers are expected to be delayed as a result of the attack. Read more.
Lazarus hackers target deBridge crypto platform
In a phishing attempt, North Korean Lazarus hackers targeted deBridge in order to steal crypto. The threat actors sent out an email claiming to be from the company’s co-founder with important information about salary changes. Most employees reported the email as suspicious, but at least one clicked the embedded link and downloaded malware. Read more.
Twilio hacked after phishing attack
Cloud communications company Twilio has disclosed that it suffered a data breach following a successfully phishing attempt in which multiple employees were tricked into handing login credentials over to a currently unnamed actor. The attack used SMS messages that purported to originate from Twilio’s IT department. Twilio has not disclosed what data was accessed in the breach. Read more.
DHS warns of security flaw in Emergency Alert System devices
According to a warning from the DHS, cybercriminals could potentially exploit security vulnerabilities in unpatched Emergency Alert System devices to then use them to send fake security alerts to radio and tv. A researcher at Cybil discovered the vulnerability and described how they could access the tools and systems needed to create fake warnings and lock out legitimate users. Read more.
North Korean hackers phishing crypto workers
A campaign with suspected ties to North Korean hackers is targeting crypto job seekers by baiting them with a nonexistent role at Coinbase. A .pdf that is alleged to contain information about the job actually harbors malicious code. Based on the tactics being used, researchers feel that hacking collective Lazarus is behind the campaign. Read more.