Google & Android Patches | WP Plugin, Ascension & Android Device Targeted | Dell, Ohio, UGA Breaches

·????? LockBit Claims Wichita Ransomware Attack

Wichita, Kansas, had to shut down numerous systems due to a recent ransomware attack, for which the notorious LockBit cybercrime group has taken credit.

·????? Accenture Secures $789M U.S. Navy Cybersecurity Contract

Accenture Federal Services, a subsidiary of Accenture (NYSE: ACN), has secured a $789 million contract from the U.S. Navy to bolster cybersecurity for maritime forces worldwide.

·????? Dell Confirms Data Breach: Customer Names, Addresses

Dell Technologies has issued notifications to millions of customers, cautioning them that data, including full names and physical addresses, was compromised during a security breach.

·????? Google Patches Chrome Zero-Day Vulnerability

Google released Chrome version 124 on Thursday, which includes a patch for a zero-day vulnerability. The internet giant stated that an exploit for this vulnerability is currently active in the wild.

·????? Ascension Hacked; Hospitals Redirect Emergency Services

Ascension, a non-profit organization managing one of the largest healthcare systems in the United States, is working urgently to mitigate a major cyberattack The attack has led to disruptions and the implementation of "downtime procedures" at hospitals across the country.

·????? Ohio Lottery Ransomware Affects 500,000

The cyberattack on the Ohio Lottery conducted by a ransomware group last year has affected over half a million individuals.

·????? Google Enhances Security with AI, Mandiant

Google is unveiling its ambitious enterprise security strategy with its acquisition of Mandiant for $5.6 billion in all-cash.

·????? Akamai Acquires Noname Security for $450 M

Cloud and security giant Akamai revealed its intentions to acquire Noname Security, a company specializing in application programming interface (API) protection.

·????? University System of Georgia Reports MOVEit Hack, 800,000 Affected

The University System of Georgia is reaching out to 800,000 individuals to inform them that their personal and financial information was compromised in the May 2023 MOVEit hack.

·????? Critical Android Vulnerability Patched

This week, Google unveiled a new set of security updates for Android, aiming to resolve 26 vulnerabilities. Among these is a critical-severity flaw identified within the System component.

·????? WP-Automatic Plugin Exploited for Admin Account

Threat actors are currently making active attempts to exploit a critical security vulnerability in the ValvePress Automatic plugin for WordPress. This flaw has the potential to facilitate site takeovers if successfully exploited.

·????? Android Trojan 'Brokewell' Enables Device Takeover

A recently identified Android trojan called Brokewell is capable of stealing sensitive user information and granting attackers control over compromised devices.

·????? TXOne Networks Secures $51M in Series B Extension

ICS and OT security startup TXOne Networks has successfully secured $51 million in a Series B extension, attracting new investors from Taiwan.

·????? Blackwell Secures $13 Million in Funding for Healthcare Cybersecurity

Blackwell Security, a company specializing in cybersecurity solutions tailored for the healthcare sector, revealed that it has raised $13 million in funding.

LockBit Takes Credit for Ransomware Attack on City of Wichita

The cyber incident affected various services such as water utility, municipal court, cultural, and public transportation payments in Wichita. Additionally, the city reported issues with public Wi-Fi at the airport and malfunctioning arrival and departure screens due to the hack. The timeline for restoring these systems remains uncertain.

Wichita is currently probing whether any data was compromised in the cyberattack. Before identifying Khoroshev as LockBitSupp, a threat intelligence firm called Cyberint revealed that LockBit operators had added over 50 companies to a new leak site after the group's takedown.

Accenture Secures $789 Million Contract to Enhance U.S. Navy Cybersecurity

The contract, a component of the SHARKCAGE initiative, is designed to create a unified and persistent security perimeter for the Navy's networks and systems.

Accenture Federal Services has won a $789 million contract from the U.S. Navy for the SHARKCAGE cybersecurity initiative. The agreement outlines close collaboration between Accenture and the Navy's Program Executive Office, Command, Control, Communications, Computers, and Intelligence Program Manager, as well as the Warfare Cybersecurity teams.

Accenture's responsibilities encompass designing, architecting, testing, producing, delivering, installing, and providing logistics support for these integrated military systems.

Dell Confirms Customer Names and Addresses Stolen in Database Breach

The tech giant has informed millions of customers that their full names and physical mailing addresses were compromised in a security breach.

Additionally, the stolen data included order service tags, item descriptions, dates of orders, and customer warranty information. Importantly, the breached information does not include financial or payment details, email addresses, telephone numbers, or any highly sensitive customer data.

Google Patches Exploited Chrome Zero-Day Vulnerability

The latest Chrome 124 update addresses the second zero-day vulnerability discovered and exploited in 2024. Known as CVE-2024-4671, Google identifies it as a high-severity use-after-free bug within the Visuals component. Credit for discovering this vulnerability goes to an anonymous researcher.

Versions Chrome 124.0.6367.201/.202 for Mac and Windows, and Chrome 124.0.6367.201 for Linux, include the patch for CVE-2024-4671. This marks the second Chrome vulnerability of the year to be exploited maliciously, following CVE-2024-0519, which Google patched in January.

Furthermore, Google has addressed three additional zero-day vulnerabilities disclosed during the Pwn2Own hacking contest held in Vancouver in March.

·????? CVE-2024-2886?- Use-after-free in WebCodecs

·????? CVE-2024-2887?- Type confusion in WebAssembly

·????? CVE-2024-3159?- Out-of-bounds memory access in V8

Ascension, Healthcare Giant, Hacked; Hospitals Redirect Emergency Services

One of the largest healthcare systems in the United States is currently grappling with a hack that has resulted in disruptions and the implementation of "downtime procedures" at hospitals nationwide. The affected computer systems include electronic health records, the MyChart patient communication portal, specific phone systems, and systems utilized for ordering tests, procedures, and medications.

Ascension, the St. Louis healthcare giant, employs around 142,000 individuals managing hundreds of hospitals and 40 senior living facilities throughout the United States.

The news of the Ascension hack breach has emerged just 24 hours after Dell Technologies sent notifications to millions of customers, warning them that data, including full names and physical addresses, was stolen during a security incident.

Ohio Lottery Ransomware Attack Affects 500,000 Individuals

The DragonForce ransomware group's cyberattack on the Ohio Lottery has affected over 500,000 individuals. The breach was revealed in late December 2023 when the Ohio Lottery announced the shutdown of some systems to contain the incident. Around the same time, the newly emerged ransomware group DragonForce claimed responsibility for the attack.

The hackers have released over 90 GB of files (in .bak backup format) allegedly stolen from the Ohio Lottery. They assert having acquired more than 1.5 million records containing employee and player information such as names, email and postal addresses, winnings, dates of birth, and social security numbers.

While the organization has no evidence of misuse of the stolen data, it has opted to provide free credit monitoring and identity theft protection services to those affected. The DragonForce leak website presently lists over 40 victims globally.

Google Introduces New Security Offerings, Emphasizing AI and Mandiant Expertise

This includes the introduction of new threat intelligence and security operations products, along with a promise to leverage AI to capitalize on the growing cybersecurity market.

Google is introducing new threat intelligence and security operations products while leveraging AI to capitalize on the growing cybersecurity market. The strategy involves leveraging data and insights from Mandiant’s incident response and threat research teams, combining them with telemetry from Google's extensive user and device footprint. Additionally, Google plans to utilize VirusTotal’s crowdsourced malware database to offer observability and visibility tooling to corporate defenders.

Google boasts protecting 4 billion devices and 1.5 billion email accounts, blocking 100 million phishing attempts daily. Meanwhile, Mandiant's incident responders and security consultants conduct approximately 1,100 breach investigations yearly.

Akamai Announces Acquisition of API Protection Startup Noname Security for $450 M

Akamai's acquisition of Noname Security aims to enhance its API protection capabilities. Noname's expertise will enable Akamai to expand its API Security solution, meeting customer demands and market needs while also scaling sales and marketing efforts. The deal will see all of Noname's 200+ employees, including CEO and co-founder Oz Golan, joining Akamai post-acquisition.

The integration of Noname with Akamai’s API Security offering promises comprehensive protection for applications, regardless of their location—whether in the cloud, on the edge, on-premise, or across other vendor platforms.

University System of Georgia Reports 800,000 Individuals Affected by MOVEit Hack

The University System of Georgia has confirmed that Social Security numbers and bank account numbers were exposed in the May 2023 MOVEit hack. This incident has affected over 2,000 organizations, including about 900 schools in the United States, with an estimated impact on over 60 million individuals.

Both the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have identified that data was accessed from the MOVEit platform by the cybercriminal group Cl0p. It is anticipated that the files and information obtained by this group will be published on its website.

Critical Vulnerability Patched in Latest Android Update

This week, Google unveiled a new set of security updates for Android, aiming to resolve 26 vulnerabilities. Among these is a critical-severity flaw identified within the System component.

Android's May 2024 security update is aimed at fixing 38 vulnerabilities, among which is a critical bug found in the System component. Tracked as CVE-2024-23706 and impacting Android 14, this bug could potentially allow attackers to escalate their privileges on vulnerable devices.

The update, released as part of the 2024-05-01 security patch level, tackles eight flaws in total. These include four elevations of privilege (EoP) bugs in the Framework component and three EoP issues, along with one information disclosure defect in the System component.

Furthermore, the second part of this month's Android update, labeled as the 2024-05-05 security patch level, includes patches for 18 additional vulnerabilities. These encompass issues in kernel, Arm, MediaTek, and Qualcomm components, and also feature updated kernel LTS versions.

Hackers Exploit WP-Automatic Plugin Bug, Creating Admin Accounts on WordPress Sites

The vulnerability, identified as CVE-2024-27956 and carrying a CVSS score of 9.9 out of 10, affects all versions of the ValvePress Automatic plugin for WordPress before 3.92.0. This issue has been addressed in version 3.92.1, released on February 27, 2024, although the release notes do not mention it.

The vulnerability is a SQL injection (SQLi) flaw, presenting a significant risk as attackers can exploit it to gain unauthorized access to websites. They could create admin-level user accounts, upload malicious files, and potentially take full control of compromised sites.

WordPress security firm Patchstack publicly disclosed CVE-2024-27956 on March 13, 2024. Since then, over 5.5 million attack attempts to exploit this flaw have been detected in the wild.

In addition to this, severe vulnerabilities have been disclosed in other plugins like Email Subscribers by Icegram Express (CVE-2024-2876, CVSS score: 9.8), Forminator (CVE-2024-28890, CVSS score: 9.8), and User Registration (CVE-2024-2417, CVSS score: 8.8). These vulnerabilities could be exploited to extract sensitive data such as password hashes from the database, upload arbitrary files, and grant authenticator user admin privileges.

Android Trojan Brokewell Empowers Attackers with Device Takeover Capability

To extract victims' credentials, the malware overlays fake windows on targeted mobile applications. Additionally, it can pilfer browser cookies by launching its own WebView, loading legitimate sites, and extracting session cookies after users log in.

ThreatFabric's investigation revealed that Brokewell has an accessibility logging feature, allowing it to record device events such as touches, swipes, text input, opened applications, and on-screen information. The malware collects this data and transmits it to a command-and-control (C&C) server, providing threat actors with a cache of stolen information.

TXOne Networks Secures $51M in Series B ExtensionTop of Form

TXOne Networks, a startup focused on developing technology to safeguard industrial control systems (ICS) and operational technology (OT) environments, has secured $51 million in early-stage funding from new investors based in Taiwan.

Blackwell Secures $13 Million in Funding for Healthcare Cybersecurity

Healthcare cybersecurity firm Blackwell Security has recently raised $13 million and appointed Geyer Jones as its inaugural CEO. The funding round, spearheaded by General Catalyst and Rally Ventures, will empower Blackwell to enhance its Managed Healthcare Extended Detection and Response (MHXDR) solution and diversify its offerings in the US market.

Blackwell's MHXDR platform leverages network, cloud, endpoint, email, data, and clinical IoT security technologies from various prominent vendors. This comprehensive approach enables customers to proactively prevent, detect, respond to, and remediate cybersecurity threats effectively.

?