In today’s cybersecurity news…
Major worldwide outage hits Windows
A worldwide blue screen of death is affecting many Microsoft based activities and organizations this morning, including airlines, banks, and healthcare facilities. The outage appears to be caused by a recent CrowdStrike Falcon sensor update, but other sources point to an unrelated cloud service outage. This is a developing story.(SecurityWeek)
FIN7 sells security evasion tool to others via darknet
The customized tool, called AvNeutralizer, is used for bypassing threat detection systems, and has been used exclusively for six months by the hacker group, Black Basta. Cybersecurity firm SentinelOne is now saying that multiple ransomware groups are now using it, and has produced evidence in the form of advertisements on a number of underground forums. AvNeutralizer has been used to help deploy ransomware strains such as AvosLocker, MedusaLocker, BlackCat, Trigona, and LockBit. The upgraded version has a new obfuscation method that uses a built-in Windows driver called “ProcLaunchMon.sys” along with the Process Explorer driver to interfere with security systems and avoid being detected.
UK national blood stocks suffer the effects of ransomware
An example of the knock-on effects of ransomware, in this case, the attack on British hospital services provider Synnovis, can be seen in the severe shortage of blood stocks, which is forcing hospitals to restrict access to transfusions. This is itself resulting in postponement of surgeries and cancer treatments. We reported on this attack, conducted by the Qiliin group in early June, and now spokespeople for NHS London are suggesting the disruptions and shortages could continue to into September.
Security flaws in SAP AI Core cloud-based platform
Researchers at Wiz have found five security flaws which they have named collectively and somewhat awkwardly as SAPwned. The flaws are located in the SAP AI Core cloud-based platform, and could allow an attacker to obtain access tokens and customer data. “SAP AI Core, developed by SAP, is a cloud-based platform providing the essential infrastructure and tools for constructing, managing, and deploying predictive AI workflows.” In discovering the flaws, the Wiz researchers focused on “the security risks associated with AI training services requiring access to sensitive customer data.” They found that by executing legitimate AI training procedures and arbitrary code, they could gain extensive access to customers’ private data and credentials across various cloud services including modifying Docker images and gaining administrator privileges on SAP’s Kubernetes cluster.
Windows 11 23H2 now available for all eligible devices
Microsoft has announced that that Windows 11 2023 update is now in broad deployment and is available to all who need it for their eligible systems. Also known as Windows 11 23H2, its new features include “Microsoft’s new AI-powered digital assistant as well as the Windows Copilot AI-powered digital assistant, a revamped File Explorer, Dynamic Lighting support, an improved volume mixer, a revamped Windows Spotlight experience, a new in-depth energy report, and many other features and improvements.”
And now a word from our sponsor, Conveyor
As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they’re in, so you don’t feel like you’re getting crushed by the wave of unfinished work.
Learn why we’re the software your infosec friends love at www.conveyor.com
SolarWinds fixes eight critical bugs in access rights audit software
These vulnerabilities existed in its Access Rights Manager (ARM) software, and six of them allowed attackers to gain remote code execution (RCE) on vulnerable devices. Each had a CVSS rating of 9.6. These along with numerous other flaws were patched this past Wednesday. A link to the full listing is available in the show notes for this episode.
Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures
District Court Judge Paul Engelmayer yesterday dismissed most of a lawsuit filed by the Securities and Exchange Commission against SolarWinds and a company official. The suit dealt with allegations that SolarWinds misled investors about the security of its Orion software, which was exploited by Russian hackers and became one of the most infamous cyberattack campaigns in history, and included claims that SolarWinds didn’t adequately disclose the Sunburst attack that began in 2019 and was discovered in 2020. Judge Engelmayer stated, “these do not plausibly plead actionable deficiencies in the company’s reporting of the cybersecurity hack,” and “they impermissibly rely on hindsight and speculation.”
MarineMax data breach impacted over 123,000 individuals
Following up on the March data breach affecting luxury yacht seller MarineMax, it has now been disclosed that more than 123,000 individuals were affected. This corresponds to postings that the Rhysida gang added to its leak site which included drivers’ licenses and passports.
APT41 infiltrates global shipping and tech sectors
Researchers at Mandiant are warning of an uptick in malware attacks launched by Chinese nation state threat actor APT41, against organizations in shipping, logistics, technology, and automotive sectors in Europe and Asia. Most of the compromised organizations are based in the United Kingdom, Italy, Spain, Turkey, Taiwan, and Thailand, with Mandiant stating APT41 has been present in these organizations since at least 2023.