F5 Networks warns of new Big-IP vulnerabilities
The vulnerabilities, numbered CVE-2024-26026 and CVE-2024-21793, exist in the BIG-IP Next Central Manager (NCM), a single-pane-of-glass management and orchestration solution provided by F5. Discovered by a researcher at Eclypsium, the vulnerabilities can lead to device takeover via SQL injection and OData injection respectively. F5 suggests “restricting the management access to the impacted products to only trusted users and devices over a secure network.”
UK armed forces’ personal data hacked in MoD breach
The personal information of UK military personnel has been stolen according to United Kingdom Ministry of Defence. An attack, which is being blamed on unnamed external threat actors, focused on a third-party payroll system used by the MoD, which includes names and bank details of current and past members of the armed forces. The attack was discovered several days ago, according to the The Guardian, and affected service personnel have been alerted and offered specialist advice.
BetterHelp sends refund notices regarding data sharing lawsuit
Following up on a story we covered almost a year ago, the online counseling and therapy company BetterHelp is now sending out notices of refund eligibility to customers following allegations that it shared sensitive data with advertisers. The settlement, which amounts to $7.8 million “will go to those who signed up and paid for services from a BetterHelp website, which also covers offerings on platforms including MyTherapist, Faithful Counseling and Price Counseling, between August 2017 and December 2020.” BetterHelp emphasizes that the settlement is not an admission of guilt. Each eligible customer will receive a payment of $10 via PayPal or check.
CopyCop network uses LLM to push fake political news
Security researchers at Recorded Future warn of a new Russian disinformation campaign that uses generative AI to rewrite content from major news organizations, adding political bias tailored for specific audiences in Western countries. The campaign named CopyCop by Recorded Future, says the network uses LLM-powered GenAI to copy content from organizations including Al-Jazeera, Fox News, the BBC, La Croix and TV5Monde which are then placed on spoofed sites with typosquatted domains, or on fictitious news sites. The rewritten news copy is intended to sow division over issues such as the Israel-Hamas conflict, the Ukraine war, and between governments of countries such as the U.S. and the UK.
And now a word from our sponsor, Vanta
Cancer patient data exposed for 5 years gets copied by unidentified third parties
California-based Guardant Health is now busy alerting patients that “information related to samples collected in late 2019 and 2020 was inadvertently exposed online to the general public after an employee mistakenly uploaded it.” The information included PII and test results. Affected people may never have been aware of Guardant’s existence let alone the breach, because it is a supplier of testing services to physicians and hospitals. The data was accessible from October 5, 2020, to February 29, 2024 – before being noticed by the company. Guardant confirms, “the file containing the sensitive data was copied by unidentified third parties between September 8, 2023, and February 28, 2024.
Gift card fraud ring targets retailers’ employees
A warning from the FBI regarding Storm-0539, a financially motivated hacking group that targets the mobile devices of retail department staff using a phishing kit that enables them to bypass multi-factor authentication. After stealing the login credentials of gift card department personnel, the group seeks out SSH passwords and keys, which along with employee PII can be sold online. They then use compromised employee accounts to generate fraudulent gift cards.
Canadian province networks hit by cybersecurity incidents
The Premier of Canada’s westernmost province, British Columbia, David Eby, states that “sophisticated cybersecurity incidents” involving government networks had occurred recently. No exact date was given, but a statement from the Premier’s office says, “there is no evidence at this time that sensitive information has been compromised.”
(The Office of the Premier of British Columbia)
Microsoft’s April Windows Server updates also cause crashes, reboots
In addition to the VPN problems we described on Monday, it appears the April Windows Server security updates may also be causing domain controller reboots following a crash of the Local Security Authority Subsystem Service (LSASS), which handles security policies, user logins, access token creation, and password changes. Microsoft states in an update posted on the Windows release health dashboard that it is working on a fix.
(BleepingComputer and Microsoft)