Biden’s budget seeks increase in cybersecurity spending
A budget proposal for fiscal year 2023 put forth by the Biden administration seeks “wide-ranging investments to boost the cybersecurity resilience of the U.S. government and to implement his recently released cyber strategy.” This requires a unilateral approach across the government. In this plan, CISA would receive a $145 million boost for a total of $3.1 billion, including funds to deploy the Cyber Incident Reporting for Critical Infrastructure Act and $425 million to improve internal cybersecurity and analytical capabilities. Given the Republican control of the House of Representatives, the budget has little chance of being passed into law, but instead sets the stage for ongoing negotiations over government spending levels.
AT&T alerts 9 million customers of data breach
Exposed in the breach was “Customer Proprietary Network Information from some wireless accounts, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer, but did not contain credit card information, Social Security numbers, account passwords or other sensitive personal information. “The company added that its systems were not compromised in the vendor security incident and that the exposed data is mostly associated with device upgrade eligibility.”
GitHub makes 2FA mandatory next week for active developers
The gradual 2FA rollout will start next week with GitHub connecting with smaller groups of administrators and developers via email. It is expected that the process will pick up speed over the year to help with smooth onboarding. Once completed, it is expected that the 2FA enrollment requirement will “help secure the accounts of more than 100 million users.”
Ransomware attack against Barcelona hospital disrupts operations
The attack targeted Hospital Clinic de Barcelona one of the city’s leading hospitals, shutting down its computer system and forcing the cancellation of 150 non-urgent operations and up to 3000 patient checkups. The attack was attributed to the threat actors known as RansomHouse, and originated outside of Spain. Avishai Avivi, CISO of security company SafeBreach, noted that the attack spread laterally through the hospital, shutting down laboratories, emergency rooms, pharmacies, and several external clinics. He suggests that the hospital’s networks were not properly segmented and segregated from each other. He also challenged the attribution of the attack, clarifying that RansomHouse typically does not encrypt data but instead focuses on data exfiltration. “This indicates that shutting down the computers was done to prevent further data exfiltration and further suggests that the hospital does not have good egress security controls to prevent data leakage, a conjecture further supported by the fact that the hospital has indicated it will not pay the ransom,” leading Avivi to believe that it still has access to the data.
Thanks to this week’s episode sponsor, Packetlabs
New critical flaw in FortiOS and FortiProxy could give hackers remote access
Fortinet has released fixes for 15 security flaws that affect FortiOS and FortiProxy. One of these flaws is rated as critical – tracked as CVE-2023-25610 and rated 9.3 out of 10. The flaws were discovered by Fortinet’s own security teams. They are described as underflow bugs, or buffer underruns, which occur when input data is shorter than the space reserved for it, causing unpredictable behavior or leakage of sensitive data from memory. Fortinet said it is not aware of any malicious exploitation attempts against the flaw and urges users to apply the patches promptly.
Recently discovered IceFire Ransomware targets Linux systems
SentinelLabs researchers have discovered new Linux versions of the IceFire ransomware that had been deployed in attacks against media and entertainment organizations worldwide. The ransomware, which initially targeted Windows-based systems, was first detected in March 2022 by researchers from the MalwareHunterTeam. Most IceFire infections have been reported in Turkey, Iran, Pakistan, and the United Arab Emirates, countries not typically a focus for organized ransomware operations.
WhatsApp: Rather be blocked in UK than weaken security
The chief of WhatsApp, Will Cathcart, has stated his company would “refuse to comply if asked to weaken the privacy of encrypted messages” under the country’s Online Safety Bill. This parallels the Signal app, which previously said it “could stop providing services in the UK if the bill required it to scan messages.” The government counters that it is possible to “have both privacy and child safety.” According to British communication regulator Ofcom, WhatsApp is the most popular messaging platform in the UK, used by more than seventy percent of who are online.
(BBC News)
DC healthcare exchange breach leaked sensitive data of Congress members
The breached data includes sensitive information of Congress members and staff, who were enrollees on the DC Health Link website. On Monday, a purported hacker on the forum Breached said they obtained a database and claimed it included names, ID numbers, policy IDs, Social Security numbers, plan names, employers, addresses, and much more. The hacker asked for payment in the Monero, and by Wednesday the post was updated to say the database had been sold.