Health-ISAC Helps Healthcare Organizations Prepare for Supply Chain Cyberattacks
Health-ISAC, in conjunction with the American Hospital Association (AHA), has published guidance for healthcare information security teams to help them improve resilience against supply chain cyberattacks such as the recent SolarWinds Orion incident. The white paper – Strategic Threat Intelligence: Preparing for the Next “SolarWinds” Event – provides insights into the cyberattack and explores the characteristics that made such an attack possible. The document provides technical recommendations for senior business leaders, C-suite executives, and IT and information security teams to help them prevent and mitigate similar attacks. Solutions such as SolarWinds Orion have privileged access to the assets they are used to manage, and those supply chain dependencies and inherent trust models were exploited in the SolarWinds Orion attack. The attackers exploited a software update mechanism to inject a backdoor into the network monitoring platform. The update was downloaded and applied by around 18,000 customers and selected companies were then targeted in more in-depth compromises,...
NSA/CISA/FBI: Patch Now to Stop Russian Government Hackers Exploiting These 5 Vulnerabilities
Tension is growing between Russia and the United States over the continuous cyberattacks on the U.S. government and public and private sector organizations by Russian government hackers. Yesterday, a joint alert was issued by the National Security Agency (NSA), DHS’ Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), warning of the continued exploitation of software vulnerabilities by the Russian Foreign Intelligence Service (SVR). The attacks have been attributed to the Cozy Bear Advanced Persistent Threat (APT) Group – aka APT29/The Dukes – which is part of the SVR. The APT group is conducting widespread scanning and exploitation of software flaws in vulnerable systems to gain access to credentials that allow them to gain further access to devices and networks for espionage activities. The NSA, CISA, and the FBI have shared details of five software vulnerabilities that continue to be successfully exploited by the SVR to gain access to devices and networks. The NSA, CISA, and the FBI have previously shared mitigations that can be...
COVID-19 Vaccine Cold Chain Continues to Be Targeted by Threat Groups
The global COVID-19 vaccine cold chain continues to be targeted advanced persistent threat groups, according to an updated report from IBM Security X-Force. X-Force researchers previously published a report in December 2020 warning that cyber adversaries were targeting the COVID-19 cold chain to gain access to vaccine data and attacks continue to pose a major threat to vaccine distribution and storage. There are currently more than 350 logistics partners that are part of the cold chain and are involved in the delivery and storage of vaccines at low temperatures. Since the initial report was published on cold chain phishing attacks, IBM X-Force researchers have identified a further 50 email message files tied to spear phishing campaigns, which have targeted 44 companies in 14 countries throughout Europe, the Americas, Africa, and Asia. The companies being targeted underpin the transport, warehousing, storage, and distribution of COVID-19 vaccines, with the most targeted organizations involved in transportation, IT and electronics, and healthcare such companies in biomedical...
Montefiore Medical Center Fires Employee for Unauthorized Record Access
Montefiore Medical Center has discovered another employee has accessed patient information with no legitimate work reason for doing so. The New York hospital announced in February 2020 that an employee had been discovered to have accessed medical records without authorization for 5 months in 2020, and another employee was found to have obtained the PHI of approximately 4,000 patients between January 2018 and July 2020. The latest discovery involved an employee accessing the records of patients without authorization for more than a year. The breach was identified by Montefiore’s FairWarning software, which monitors records for inappropriate access. When unauthorized medical record access was discovered, the employee was suspended pending an investigation. A review of record access confirmed that the employee had accessed records with no legitimate work reason for doing so between January 2020 and February 2021. The types of information accessed varied from patient to patient and included first and last names, medical record numbers, addresses, emails, dates of birth, and the last...
Immediate Patching Required for 4 New Critical Microsoft Exchange Server Vulnerabilities
The U.S. National Security Agency (NSA) has identified four zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 which are used for on-premises Microsoft Exchange Servers. Immediate patching is required as the flaws are likely to be targeted by threat actors. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to patch all vulnerable on-premises Exchange Servers by 12.01 AM on Friday April 16, 2021 due to the high risk of exploitation of the flaws. At the time of issuing the patches there have been no known cases of exploitation of the flaws in the wild, but it is likely that now the flaws have been publicly disclosed, the patches could be reverse engineered and working exploits developed. All four of the vulnerabilities could lead to remote execution of arbitrary code and would allow threat actors to take full control of vulnerable Exchange Servers as well as persistent access and control of enterprise networks. Two of the vulnerabilities can be exploited remotely by unauthenticated attackers with no user...



