London & Zurich, Fidelity National Financial attacks, Royal Family’s hospital, Vanderbilt University Med Center attacks, US Nuclear lab and Gulf Air b
Financial sector: London & Zurich, Fidelity National Financial attacks
A ransomware attack at the direct debit collection company London & Zurich began on November 10, leaving customers in the dark as to whether collections can be made. The firm’s own system status portals show progress being made, but the outage affected a number of large organizations that use the firm for payment collection. Meanwhile, Fidelity National Financial, which provides title insurance and settlement services for the mortgage and real estate industries, shut down some of its services due to a breach which affected real estate agents and homebuyers.
Healthcare sector: Royal Family’s hospital, Vanderbilt University Med Center suffer cybersecurity incidents
The UK government’s Communications Headquarters known as GCHQ is investigating a cyberattack on the King Edward VIII Hospital, a private hospital used by members of the UK Royal Family. The incident is being blamed on a third party with a “small amount of data” including confidential medical information stolen. Just one percent of patients were affected by the breach, none of which include the Royals, whose data is stored on a separate system from the one that was hacked. Meanwhile, in Nashville, the Vanderbilt University Medical Center said, “it is investigating a cybersecurity incident that led to the compromise of a database.” According to The Record, “on Thanksgiving, the hospital system was added to the leak site of the Meow ransomware gang – a relatively new operation that researchers are still examining.”
Aviation sector: Gulf Air exposed to data breach
Gulf Air, the state-owned airline of Bahrain, has stated it suffered a data breach on Friday, which they stated meant “some information from the company’s email system and customers’ database could be compromised.” Emergency plans were deployed to contain the breach, and the airline says, “operations and vital systems were not affected.”
(Reuters)
Security sector: US Nuclear lab, Canadian Military and RCMP
The Idaho National Laboratory, a nuclear research lab, has allegedly been breached by SiegedSec which claims to be in possession of PII belonging to users, employees, and citizens. According to Cyberscoop, “the scientists at INL work on some of the United States’ most sensitive national security programs, including protecting critical infrastructure like the U.S. power grid from cyber and physical attacks. Personal data such as detailed employee and banking information would represent a treasure trove for foreign intelligence agencies looking to penetrate the lab.” Meanwhile, Canada’s Privacy Commissioner is investigating a cyberattack that “compromised data on current and former members of the country’s armed forces and the Royal Canadian Mounted Police (RCMP). The breach involves two companies, Brookfield Global Relocation Services (BGRS) and Sirva Canada LP, which provide relocation services for Canadian federal personnel, and are involved in around 20,000 moves each year. Given that this breach may have included relocations dating back to 1999, up to 480,000 people may have been affected.
Huge thanks to this week’s episode sponsor, SpyCloud
Legal Sector: Potentially hundreds of UK law firms affected by CTS cyberattack
CTS is a managed service provider for law firms in the UK and is investigating a cyber incident that, according to an industry news outlet Estate Agent Today, may be related to the CitrixBleed bug. The incident has disrupted the services of CTS “leaving hundreds of British law firms unable to access their case management systems.”
Atomic stealer malware strikes macOS
Apple computers are being targeted through the “ClearFake” browser update scam which originally started in July. As of November 17, this has spread to iOS through a fake Safari browser update page. Downloading from this page drops an information stealing malware called Atomic, which, according to the researchers at Trellix and Cyble, “attempts to steal passwords, cookies, and credit cards stored in browsers, local files, data from over 50 cryptocurrency extensions, and keychain passwords.”
File sharing software ownCloud warns of critical vulnerabilities
According to the maintainers of the open-source file sharing software, three vulnerabilities exist that could be “exploited to disclose sensitive information and modify files.” ownCloud recommends that users delete a GetPhpInfo.php file and disable the ‘phpinfo’ function, as well as adding hardening measures to the validation code in the oauth2 app. The vulnerabilities are considered critical because they do not require any authentication.
Mirai botnet re-emerges exploiting a zero-day
Researchers at Akamai have discovered a new Mirai-based DDoS botnet, which exploits two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. According to Security Affairs, the Akamai researchers discovered the botnet named InfectedSlurs, in October 2023. Fixes are expected in December. “The bot also targets wireless LAN routers built for hotels and residential applications.”