In today’s cybersecurity news…
Google describes APTs using Gemini AI
Researchers at Google’s Threat Intelligence Group say they have detected government-linked APT groups that are using Gemini primarily for what they call “productivity gains” rather than to develop new AI-enabled cyberattacks. As an example, Google says, Gemini can help them shorten the preparation period in “coding tasks for developing tools and scripts, research on publicly disclosed vulnerabilities…finding details on target organizations, and searching for methods to evade detection, escalate privileges, or run internal reconnaissance in a compromised network. Google has identified APT groups from more than 20 countries that are using this technique, with the top four being Iran, China, North Korea and Russia.
India’s Tata Technologies suffers ransomware attack
The subsidiary of Tata Motors, which provides services to automotive and aerospace OEMs as well as industrial machinery companies, confirmed that the ransomware attack impacted “a limited part of its IT infrastructure.” The company has not revealed the name of the ransomware group involved or if data had been stolen.
Meta confirms new zero-click WhatsApp spyware
Representatives from WhatsApp – company owned by Meta, has announced the disruption of another campaign that used spyware to target journalists and other people. The spyware comes from an Israeli company known as Paragon Solutions, and the campaign was stopped by Meta in December. This is another zero-click application. “Paragon is the maker of surveillance software called Graphite that’s offered to government clients in order to combat digital threats. It was acquired by U.S.-based investment group AE Industrial Partners in December in a deal worth $500 million.” Its website claims it provides customers with “ethically based tools” to “disrupt intractable threats,” as well as offer “cyber and forensic capabilities to locate and analyze digital data.”
Barclays Bank outage was not cyberattack, but remains unexplained
An outage that occurred on Friday at the UK’s largest bank, Barclays, is being described as a “technical issue,” and not an attack. According to Downdetector, some outages were still present yesterday (Sunday), and these were impacting both online and in-branch activities. The outages compounded a problem in that Friday is a payday for many UK workers, and last Friday in particular was the deadline for self-assessment tax returns.
(BBC News)
Huge thanks to our sponsor, ThreatLocker
FDA, CISA warn of backdoor in popular patient monitor used by U.S. hospitals
This warning applies to a popular line of patient monitors sold by Chinese company Contec within the firmware of the Contec CMS8000, which is used to display information such as vital signs, including temperature, heartbeat and blood pressure. The backdoor “may allow remote code execution and device modification, with the ability to alter its configuration, introducing risk to patient safety as a malfunctioning patient monitor could lead to an improper response to patient vital signs.” Contec devices are sold widely in the U.S. and the European Union and may also be relabeled under different brands by resellers.
Globe Life to warn thousands of potential data theft
Following up on a story we covered last October, the insurance firm is warning around 850,000 of its customers of a data breach following an extortion attempt by hackers on databases “maintained by a small number of independent agency owners.” The company has not been able to confirm if the threat actor actually acquired data from these databases at the targeted agencies which related to approximately 5,000 individuals originally, and so out of an abundance of caution, it is issuing “voluntary notifications to, and credit monitoring services for, approximately 850,000 additional individuals whose information was also stored in the relevant databases.”
Two regional healthcare systems report data breaches
Connecticut’s Community Health Center Inc. and California’s NorthBay Healthcare Corporation have both filed notifications regarding breaches that occurred last year which exposed large amounts of troves of patient data. Community Health Center, “which runs dozens of facilities and clinics across Connecticut, said just over one million current and former patients had data stolen during a cyberattack discovered on January 2.” The NorthBay attack, which occurred between January and April of last year and which was claimed by the Embargo group in April, had impacted just over half a million people through health-related data theft.
U.S. and Dutch authorities dismantle domains linked to BEC fraud network
The takedown, named Operation Heart Blocker closed 39 websites, “selling phishing toolkits and fraud-enabling tools and was operated by a group known as Saim Raza since at least 2020.” The name for this collective campaign name was HeartSender. Saim Raza also provided YouTube training on how to use the tools. The campaign was based in Pakistan.