Exploit Released for ‘PrintNightmare’ Zero-Day Windows Print Spooler RCE Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert following the publication of a proof of concept (PoC) exploit for a zero-day vulnerability in the Windows Print Spooler service. The vulnerability has been dubbed PrintNightmare and is tracked as CVE-2021-34527. The flaw is due to the Windows Print Spooler service improperly performing privileged file operations. Microsoft says the flaw can be exploited by an authenticated user calling RpcAddPrinterDriverEx(). If exploited, an attacker would gain SYSTEM privileges and could execute arbitrary code and could install programs; view, change, or delete data; or create new accounts with full user rights. The PoC exploit for the vulnerability was published by the Chinese security firm Sangfor. Typically, exploits for unpatched vulnerabilities are not released publicly until software developers have been notified about a flaw and sufficient time has been allowed for a patch to be released and applied by users. In this case an error was made. Sangfor researchers published the PoC exploit in late June, as...
Northwestern Memorial HealthCare and Renown Health Affected by Elekta Cyberattack
Chicago, IL-based Northwestern Memorial HealthCare and Reno, NV-based Renown Health have been affected by a cyberattack on one of their business associates. The data breach was discovered by Stockholm-based Elekta, which provides a software platform used for clinical radiotherapy treatment for cancer and brain disorders. Elekta issued a statement confirming its first-generation cloud-based storage system was accessed by unauthorized individuals, which affected a subset of customers in North America. Elekta has been working with law enforcement and third-party cybersecurity experts to determine exactly how the breach occurred and the nature and scope of the attack. Elekta started notifying affected healthcare providers in April 2021. Elekta’s investigation revealed its systems were compromised between April 2, 2021 and April 20, 2021. During that time the attackers accessed and exfiltrated a copy of a database that contained the information of oncology patients. The breach was confined to Elekta’s systems. The systems of its healthcare provider clients were not accessed at any...
University Medical Center of Southern Nevada Suffers REvil Ransomware Attack
University Medical Center of Southern Nevada (UMC) has suffered a ransomware attack in which patient data was stolen. The medical center confirmed it identified suspicious activity within the hospital network in mid-June and took immediate action to contain the threat and restrict access to its servers. The investigation into the cyberattack is continuing and law enforcement has been notified. At this stage it appears that the attackers targeted a server that was used to store patient data. The investigation is still in the early stages, but UMC said it appears that clinical systems were not affected. UBM said it is working with the Las Vegas Metropolitan Police Department, the FBI, and third-party cybersecurity experts to determine the exact origin and scope of the breach. Any cyberattack that causes disruption to hospital operations has potential to result in considerable harm to patients. This is especially true for an attack on UMC, which runs the only Level 1 trauma center in Nevada. UMC said the fast action of its IT department helped to contain the breach, but that response...
CISA Publishes Catalog of Cybersecurity Bad Practices That Must Be Eradicated
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has published a new resource that lists cybersecurity bad practices that are exceptionally dangerous and significantly increase risk to critical infrastructure. There are many published resources that provide information about cybersecurity best practices that should be adopted to improve security, but CISA felt an additional perspective was required as it is equally, if not more, important to ensure that bad cybersecurity practices are eliminated. “Ending the most egregious risks requires organizations to make a concerted effort to stop bad practices,” explained CISA. CISA is urging leaders of all organizations to engage in urgent conversations to address technology bad practices, especially organizations that support national critical functions. One of the foundational elements of risk management is “focus on the critical few”, explained CISA Executive Assistant Director Eric Goldstein in a blog post announcing the launch of the new website resource. Organizations may have limited resources to identify and mitigate...
OIG Survey Reveals Lack of Oversight of Cybersecurity of Networked Medical Devices in Hospitals
The HHS’ Office of Inspector General (OIG) has conducted a review to determine the extent to which the Centers for Medicare and Medicaid Services (CMS) and Medicare Accreditation Organizations (AOs) require hospitals to have implemented a cybersecurity plan for networked devices and the methods used to assess the cybersecurity of networked medical devices. Cybersecurity controls are required to protect medical devices that are connected to the Internet, other medical devices, or internal hospital networks. Without those controls, the devices could be accessed by unauthorized individuals and patients could be at risk of harm. Networked medical devices include MRIs, computed tomography, ultrasound, nuclear medicine, and endoscopy systems, as well as systems that communicate with clinical laboratory analyzers such as laboratory information systems. OIG cited an estimate that a large hospital may have around 85,000 medical devices connected to its network. These devices are usually separated from other systems, they may connect to the same network as the electronic health record (EHR)...



