In today’s cybersecurity news…
U.S. sanctions China’s Integrity Technology for role in Flax Typhoon attacks
Following up on a story we covered last September, U.S. officials are now confirming that the Beijing-based Integrity Technology Group provided China’s Ministry of State Security and several Chinese state-backed hacking groups “with infrastructure that allows them to attack multiple victims based in the U.S.” “China-based hackers working for Integrity Tech, known to the private sector as Flax Typhoon, successfully targeted universities, government agencies, telecommunications providers and media organizations in the U.S. and elsewhere,” State Department spokesperson Matthew Miller said on Friday. “The sanctions freeze all U.S. assets of the company and limit the amount of interaction financial institutions can have with it.”
French military contractor Atos dismisses ransomware attack claims
Following up on a story we covered last April, the France-based company that secures communications for France’s military and intelligence services, “on Friday dismissed as unfounded a ransomware group’s claims to have compromised an internal company database.” The group, called Space Bears, has promised to publish the stolen data on January 8. Atos, employs around 90,000 people, and is “in negotiations to sell off its advanced computing division to the French State as the company attempts to restructure and avoid financial collapse.”
German airports hit by IT outage
As reported in Reuters, “German airports were hit by a nationwide IT outage affecting police systems at border control on Friday, causing disruption and longer immigration queues for passengers from outside the European Union’s Schengen travel zone. The Schengen zone consists of 29 European countries that have officially abolished border controls at their mutual borders and placed them under single jurisdiction. The cause of the IT outage is not yet known but major airports including Berlin, Frankfurt, and Dusseldorf report longer waiting times at immigration for non-Schengen passengers.
(Reuters)
Huge thanks to our sponsor, Nudge Security
More than 3 million unencrypted mail servers potentially exposed to sniffing attacks
The security threat monitoring platform Shadowserver is notifying mail server operators that about 3.3 million hosts are running POP3/IMAP email services without TLS encryption enabled, which can expose usernames and passwords in plain text when transmitted over the Internet. “This means that passwords used for mail access may be intercepted by a network sniffer. Additionally, service exposure may enable password guessing attacks against the server,” the company said. Most large-scale operators like Microsoft, Google, Apple, and Mozilla have been using TLS for more than 20 years, but it seems some email operators have not got on board with TLS encryption. However, Shadowserver also announced on Friday that it is suspending their reporting on this issue due to a large number of potential false positives.
Vulnerability discovered in Nuclei vulnerability scanner
A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, “a widely used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code.” Nuclei is designed to “probe modern applications, infrastructure, cloud platforms, and networks to identify security flaws.” According to cloud security firm Wiz, which made the discovery the vulnerability is “rooted in the template signature verification process, which is used to ensure the integrity of the templates made available in the official templates repository.”
Richmond University Medical Center confirms a May 2023 ransomware attack that affected 670,000 individuals
The ransomware on the medical center based in Staten Island, New York, and which provides a range of medical services, including inpatient and outpatient care, emergency services, and specialty care, caused a multi-week disruption and forced staff to revert to manual data entry and individual patient monitoring. No details about the attack have been released and no ransomware group has claimed responsibility. The hospital was able to maintain full patient services during the attack. A notice released recently, which refers to a manual review process that released its findings on December 1, 2024 says that PII and information including financial account information, credit or debit card information, and/or health insurance policy information for over 67,000 individuals was stolen.
Apple to pay Siri users $20 per device in settlement over privacy violations
The outcome of a class action suit against Apple sees the company agreeing to pay $95 million to settle accusations that the iPhone maker invaded users’ privacy through its Siri assistant. According to Reuters, the settlement applies “to U.S.-based individuals [who are] current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the assistant “obtained by Apple and/or were shared with third-parties as a result of an unintended Siri activation” between September 17, 2014, and December 31, 2024. Eligible individuals can submit claims for up to five Siri devices. Valid claims can receive $20 per device.