Three Zero-Day Vulnerabilities in SonicWall Email Security are Being Actively Exploited
Three zero-day vulnerabilities have been identified in SonicWall Email Security products that are being actively exploited in the wild by at least one threat actor. The vulnerabilities can be chained to gain administrative access to enterprise networks and achieve code execution. SonicWall Email Security solutions are deployed as a physical appliance, virtual appliance, software installation, or as a hosted SaaS solution and provide protection from phishing, spear phishing, malware, ransomware, and BEC attacks. The solutions do not need to be Internet facing, but hundreds are exposed to the Internet and are vulnerable to attack. In one instance, a threat actor with intimate knowledge of the SonicWall application exploited the vulnerabilities to gain administrative access to the application and installed a backdoor that provided persistent access. The threat actor was able to access files and emails, harvest credentials from memory, and then used those credentials to move laterally within the victim’s network. The three vulnerabilities were identified by the Mandiant Managed Defense...
Pulse Connect Secure Vulnerabilities Being Actively Exploited, Including New Zero-Day Flaw
At least one threat group is exploiting vulnerabilities in Ivanti’s Pulse Connect Secure products, according to a recent alert from the DHS’ Cybersecurity and Infrastructure Security Agency (CISA). While there has not been an official attribution, the threat actor has been linked to China by some security researchers and targets have included government, defense, financial, and critical infrastructure organizations. FireEye has been tracking the malicious activity and reports that at least 12 malware families have been involved in cyberattacks exploiting the vulnerabilities since August 2020. These attacks have involved the harvesting of credentials to allow lateral movement within victim networks and the use of scripts and the replacement of files to achieve persistence. Several entities have now confirmed that they have been attacked after they identified malicious activity using the Pulse Connect Secure Integrity Tool. Access has been gained to Pulse Connect Secure appliance by exploiting multiple vulnerabilities including three vulnerabilities that were disclosed in 2019 and...
Data Breaches Reported by VEP Healthcare and the American College of Emergency Physicians
The American College of Emergency Physicians (ACEP) has started alerting certain members that some of their personal information was stored on a server that was accessed by unauthorized individuals. In addition to providing professional organizational services to its members, management services are provided by ACEP to organizations such as the Emergency Medicine Foundation (EMF), Society for Emergency Medicine Physician Assistants (SEMPA), and the Emergency Medicine Residents’ Association (EMRA). The breach concerns data related to those organizations. Affected individuals had made a purchase from or donated to EMF, SEMPA, or EMRA. A breach was detected on September 7, 2020 when unusual activity was identified in its systems. A server had been compromised that contained the login details for its SQL database servers, and those databases contained members’ information. While no evidence was found to indicate the credentials were used to access the databases, it was not possible to rule out unauthorized access. The information exposed was for the dates April 8, 2020 to September 21,...
HSCC Publishes Guidance on Securing the Telehealth and Telemedicine Ecosystem
Healthcare providers are increasingly leveraging health information technology to provide virtual healthcare services to patients. Telehealth services allow patients living in rural areas and the elderly to gain access to essential medical services, and the pandemic has seen a major expansion in telehealth to provide virtual healthcare services to patients to reduce the spread of COVID-19. According to FAIR Health, the number of telehealth claims to private insurers has increased by 4,347% in the past year, with virtual care such as telehealth now one of the fastest growing areas of healthcare. The Centers for Medicare and Medicaid Services has committed to providing long term support for virtual healthcare services and Frost & Sullivan predicts there will be a seven-fold increase in telehealth by 2025. The major expansion of healthcare services has happened quickly and at a time when the healthcare industry is being targeted by cybercriminals more than ever before. Hackers have been exploiting vulnerabilities with ease to gain access to sensitive healthcare data and disrupt...
March 2021 Healthcare Data Breach Report
There was a 38.8% increase in reported healthcare data breaches in March. 62 breaches of 500 or more records reported to the HHS’ Office for Civil Rights, with hacking incidents dominating the breach reports. The high number of reported breaches is largely due to an increase in data breaches at business associates. The number of breached records also increased sharply with 2,913,084 healthcare records exposed or impermissibly disclosed across those 62 incidents; an increase of 135.89% from February. Largest Healthcare Data Breaches Reported in March 2021 The table below shows the 25 largest healthcare data breaches to be reported in March, all of which were hacking/IT incidents. 76% involved compromised network servers with the remaining 24% involving breaches of email accounts. 60% of these breaches involved business associates. Name of Covered Entity Covered Entity Type Individuals Affected Type of Breach Location of Breached Information Health Net Community Solutions Health Plan 686,556 Hacking/IT Incident Network Server Health Net of California Health Plan 523,709 Hacking/IT...



