Cyber exec admits hacking hospital as a sales tactic
Former network security firm executive, Vikas Singla, has pleaded guilty to compromising two Gwinnett Medical Center (GMC) locations in Georgia. Singla hacked into more than 300 of GMC’s patient records and crashed the medical center’s phone system, including those used to make emergency calls. Singla then proceeded to send a message stating, “WE OWN YOU” to more than 200 network printers. Following the attack, Singla used Twitter to generate publicity for the compromise and tried to solicit potential clients for security services by citing the GMC breach. Singla will likely avoid jail time due to his admission of responsibility. However, he will need to make deportation and restitution payments totaling more than $800,000.
‘Citrix Bleed’ vulnerability targeted by nation-state hackers
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and cybersecurity officials in Australia, published an advisory about nation-state threat actors including the LockBit ransomware gang exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966). The issue affects NetScaler ADC and NetScaler Gateway appliances and allows threat actors to bypass password requirements and multifactor authentication (MFA) hijack legitimate user sessions. Thousands of organizations remain vulnerable and more than 300 entities have been warned about their exposure through CISA’s Ransomware Vulnerability Warning Program. Boeing is one of the major companies targeted in these attacks and voluntarily shared their attack info, which is detailed in the advisory along with indicators of compromise.
(The Record and Bleeping Computer)
Binance CEO steps down in $4 billion settlement
On Tuesday, the DoJ reported that Changpeng “CZ” Zhao stepped down as CEO of Binance as part of an historic $4 billion settlement between US agencies and the crypto exchange he founded. Zhao pleaded guilty to anti-money laundering and sanctions from several other agencies. The Treasury Department said it took “unprecedented action” against Binance for willfully allowing money to flow to cybercriminals, child abusers, and terrorists including Al Qaeda and ISIS. Zhao will be allowed to remain Binance’s majority shareholder and act as an advisor to the business. Back in June, the SEC brought 13 charges against Binance and Zhao for operating an unregistered exchange and misleading investors.
(Forbes)
Exploit for critical Windows Defender flaw goes public
A proof-of-concept exploit (PoC) has become available for a critical zero-day vulnerability in Windows Defender SmartScreen (CVE-2023-36025). The flaw gives attackers a way to sneak malicious code past Windows Defender SmartScreen checks without triggering any alerts. Microsoft issued a patch in its November Patch Tuesday security update, but the zero-day bug was already under active exploitation at the time. The release of the PoC further heightens the need for organizations to address the bug, if they haven’t done so already.
Huge thanks to our sponsor, Egress
Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score.
Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today.
Crypto firm says $26 million was stolen in cyberattack
On Saturday, crypto trading and investment firm Kronos Research, said some of its application programming interface (API) keys experienced “unauthorized access,” forcing the company to pause trading. Large exchanges leverage APIs to allow traders to access market data in real time and execute trades from third party services. Researchers said 12,800 ETH was stolen from Kronos and distributed to six different wallets. The company confirmed its losses reached $26 million but said anyone who lost funds would be compensated. Cyber experts said more than half of the crypto theft in 2023 has involved private key compromises.
New malware emerge as Qakbot’s successors
Back in August, an international operation led by the FBI, disrupted the Qakbot infrastructure. New phishing campaigns have since emerged using the same infection tactics as QakBot but delivering two new malware families, known as DarkGate and PikaBot. The DarkGate campaign commenced in September and has evolved to use evasive tactics and anti-analysis techniques to continue distributing DarkGate and, more recently, PikaBot. DarkGate allows attackers to remotely control systems, comes with a crypto miner and can also steal info such as passwords, credit card numbers and personal documents. PikaBot can also be remotely controlled and is classified as a loader. It uses evasive techniques to avoid sandboxes, virtual machines and other debugging techniques. Pikabot has been observed avoiding infecting member countries of the former Soviet Union (known as the Commonwealth of Independent States (CIS)).
(Infosecurity Magazine and Bleeping Computer)
Hacktivists steal employee data from US nuclear research lab
On Monday, the hacktivist group known as ‘SiegedSec’ announced it gained access to data belonging to Idaho National Laboratory (INL), a nuclear research center run by the US Department of Energy. SiegedSec leaked the stolen data on its hacker forums and its Telegram channel without bothering to negotiate with INL or demand ransoms. Leaked data includes INL employee and user names, birthdates, email and physical addresses, Social Security Numbers (SSN) and employment information. INL confirmed the breach affected its Oracle Human Resources applications but SiegedSec has neither accessed nor disclosed any data on nuclear research.
Phishing attacks expected to spike this holiday season
According to a recent report from Lookout, phishing attacks across enterprise and personal devices are expected to more than double the week of Thanksgiving. More than three in five employees (63%) admit that they are more distracted during Thanksgiving week as they balance work with holiday festivities. Nearly 90% of employees surveyed plan to capitalize on Black Friday and Cyber Monday sales with more than half (57%) admitting they are more likely to click on unfamiliar links in search of good deals.