Healthcare platform impacted by MOVEit
The list of victims from the MOVEit breach keeps growing. This time the Virgin Pulse-owned healthcare platform Welltok disclosed a data leak to Maine’s attorney general. This impacted over 1.6 million individuals, leaking names, dates of birth, health information, social security numbers, and Medicaid IDs. An initial investigation by the company found no signs of compromise, but a secondary investigation launched in August found the leaked data. Welltok published its breach notification on its website, but did not have it indexed for search engines.
Threat actors find a use for trigonometry
See, your high school math teacher told you! Security researchers at Outpost24 report tha the Lumma information-stealing malware uses trigonometry to measure mouse movements to determine if it’s running on a real machine or a sandbox as part of a suite of improvements to avoid detection. Lumma looks for a calculated vector angle of less than 45 degrees as a marker of human activity. The malware-as-a-service also added a crypter to further protect its executable from leaking to non-paying customers.
What’s happening with OpenAI
A lot happened with OpenAI over the weekend. Given the company’s close relationship with Microsoft and plans to integrate OpenAI tech into products like Security Copilot, its worth understanding. On Friday OpenAI’s board announced it fired CEO Sam Altman, saying a lack of candid communications led to the board losing confidence in him. OpenAI co-founder Greg Brockman left as a result. The company named CTO Mira Murati as an interim CEO, later naming former Twitch CEO Emmett Shear into the role.
Over the weekend, numerous OpenAI employees either announced leaving the company or showed support for Altman on social media. Altman revisited OpenAI over the weekend with The Verge and others reporting the board sought to bring him back as CEO. Late Sunday, Microsoft announced it hired Altman and Brockman to lead a new AI research team. OpenAI staffers sent a letter to the board saying that Microsoft offered them positions in this new division. Microsoft says it plans to keep partnering with OpenAI. Yeah, it’s a lot.
CISA launches infrastructure pilot
The Cybersecurity and Infrastructure security agency announced a new pilot program for organizations in sectors seeing a high volume of cyber attacks, specifically healthcare, water, and K-12 education. This will see CISA acting “as a managed service provider” offering “cutting-edge cybersecurity shared services.” The first phase will enroll 100 organizations. CISA will stress-test these systems to see if these entities can operate at-scale. CISA will also host information sessions and roundtable discussions regionally to help spread awareness of the need for the initiative.
Huge thanks to our sponsor, Egress
Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score.
Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today.
LitterDrifter worm wanders outside of Ukraine
This worm shows links to the Russia-affiliated threat group Gamaredon. It spreads over USB drives, downloading a configuration file from a C2 server on new machines. LitterDrifer initially appeared focused on Ukrainian targets. However researchers at Check Point report the worm found its way to machines in the US, Chile, Germany, Hong Kong, Poland, and Vietnam. While the researchers note LitterDrifter appears relatively unsophisticated as far as malware goes, it’s infrastructure remains remarkably flexible, with rapidly changing IP addresses to evade blocks.
Google shares roadmap for third-party cookies
As part of its ongoing Privacy Sandbox initiative, Google revealed its initial plans to gradually move away from third-party cookies. In early 2025 it will start testing blocking cookies in Chrome for 1% of users, ramping up blocks through Q3. The company will allow users to make temporary exemptions for sites still requiring cookies. Google plans for advertisers to use its Privacy Sandbox APIs for ads going forward. Chrome remains a bit of a laggard with third-party cookies, Safari and Firefox already block them by default.
Top Ukrainian cyber officials dismissed
Senior government officials confirmed that it dismissed the head of Ukraine’s State Service for Special Communications and Information Protection and a deputy over an investigation into embezzlement. This comes after Ukraine’s National Anti-Corruption Bureau launched an investigation into alleged misconduct with software procurement, with the two suspects reportedly pocketing $1.72 million between 2020 and 2022. The software in the deal was meant to protect the country from cyber threats.
Canadian government hit with data leak
This exposed sensitive information on government employees as a result of two contractors getting breached. These contractors operation relocation services for government employees, including the Royal Canadian Mounted Police and Armed Forces. Lockbit already claimed credit for an attack on one of the contractors, claiming it stole 1.5 terabytes of data and that the contractor refused to pay a ransom. No confirmation from the government. While still assessing the scope of the data breach, the government began proactively rolling out creditor monitoring services and reissuing passports to those potentially impacted.