Senators Demand Answers from VA on 46,000-Record Data Breach
On September 14, 2020, the U.S. Department of Veteran Affairs announced it had suffered a data breach that had impacted 46,000 veterans. Several Senate Democrats are now demanding answers from the VA on the breach and the cybersecurity measures the VA has put in place to prevent data breaches. Hackers gained access to an application used by the VA’s Financial Services Center to send payments to community healthcare providers to pay for veterans’ medical care. Six payments intended for community care providers were redirected to bank accounts under the control of the hackers and veterans’ data in the system was exposed and potentially stolen. When the breach was discovered, the application was taken offline and will remain down until a full review has been conducted by the VA’s Office of Information and Technology. Affected veterans have been offered complimentary credit monitoring services and the VA is currently working on compensating the community care providers whose payments were redirected. Officials at the VA Office of Information and Technology told Senate and House...
Hospital Ransomware Attack Results in Patient Death
Ransomware attacks on hospitals pose a risk to patient safety. File encryption results in essential systems crashing, communication systems are often taken out of action, and clinicians can be prevented from accessing patients’ medical records. Highly disruptive attacks may force hospitals to redirect patients to alternate facilities, which recently happened in a ransomware attack on the University Clinic in Düsseldorf, Germany. One patient who required emergency medical treatment for a life threatening condition had to be rerouted to an alternate facility in Wuppertal, approximately 21 miles away. The redirection resulted in a one-hour delay in receiving treatment and the patient later died. The death could have been prevented had treatment been provided sooner. The attack occurred on September 10, 2020 and completely crippled the clinic’s systems. Investigators determined that the attackers exploited a vulnerability in “widely used commercial add-on software” to gain access to the network. As the encryption process ran, hospital systems started to crash and medical records could...
CISA Warns of Public Exploit for Windows Netlogon Remote Protocol Vulnerability
CISA has published information on a critical vulnerability in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) now that a public exploit for the flaw has been released. If exploited, an attacker could gain access to a domain controller with administrator privileges. MS-NRPC is a core component of Active Directory that provides authentication for users and accounts. “The Netlogon Remote Protocol (MS-NRPC) is an RPC interface that is used exclusively by domain-joined devices. MS-NRPC includes an authentication method and a method of establishing a Netlogon secure channel,” explained Microsoft. The vulnerability, tracked as CVE-2020-1472, is an elevation of privilege vulnerability that can be exploited when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. MS-NRPC reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode, which would allow an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and gain domain administrator privileges. Microsoft is addressing the...
Vulnerabilities Identified in Philips Clinical Collaboration Platform
5 low- to medium-severity vulnerabilities have been identified in the Philips Clinical Collaboration Platform (Vue PACS). If successfully exploited, an attacker could convince an authorized user to execute unauthorized actions or could result in the disclosure of information that could be used in further attacks. Philips has not received any reports to indicate exploits for the vulnerabilities have been developed or used in real world attacks, and there have been no reports of incidents from clinical use associated with the vulnerabilities. The vulnerabilities affect versions 12.2.1 and prior and range in severity from low (CVSS v3 base score 3.4) to medium (CVSS v3 base score 6.8). CVE-2020-16200 – Resource exposed to the wrong control sphere – Allows unauthorized access to the resource (CVSS 6.8) CVE-2020-16247 – Algorithm downgrade – A failure to control the allocation and maintenance of a limited resource, potentially leading to exhaustion of available resources. (CVSS 6.5) CVE-2020-16198 – Protection mechanism failure – Failure or insufficient checks to verify the identity...
CISA/FBI Warn of Targeted Attacks by Iranian Hacking Groups
A hacking group with links to the Iranian government has been observed exploiting several vulnerabilities in attacks on U.S. organizations and government agencies, according to a recent joint cybersecurity advisory released by the Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). The alert closely follows a similar cybersecurity advisory warning about hackers linked to the Chinese government conducting attacks exploiting some of the same vulnerabilities. The Iranian hacking group, known as UNC757 and Pioneer Kitten, has been exploiting vulnerabilities in F5 networking solutions, Citrix NetScaler, and Pulse Secure VPNs to gain access to networks. The hacking group has also been observed using open source tools such as Nmap to identify vulnerabilities, such as open ports within vulnerable networks. Exploited Vulnerabilities Two vulnerabilities in Pulse Secure products are being exploited. The first, CVE-2019-11510, affects Pulse Secure Connect enterprise VPN servers and is a file reading vulnerability. The second is an...



