In today’s cybersecurity news…
New York Blood Center suffers ransomware attack
New York Blood Center Enterprises, one of the largest independent blood centers in the U.S., serving over 75 million people, discovered suspicious activity on its IT system on Sunday, and this was later confirmed as a ransomware incident by third-party cybersecurity experts. This has forced officials and staff to reschedule blood drives and implement other workarounds. No ransomware gang has yet taken credit for the attack, and the blood center itself, says it is still accepting blood donations.
(The Record and New York Blood Center Enterprises)
DeepSeek’s exposed database leaks sensitive data
Researchers from cloud security firm Wiz uncovered an exposed database belonging to China’s new AI tool DeepSeek, which has been leaking sensitive data including chat histories, API keys and backend operational details. The exposed database was in ClickHouse, “a column-oriented database management system designed for online analytical processing when handling large volumes of data.” It is intended to be accessible only internally by the firm using it. DeepSeek has since secured the exposure.
CISA’s future unclear under new administration
At the conclusion of the second week of the new administration, there has been no one named to lead the Cybersecurity and Infrastructure Security Agency, also known as CISA, and “there are no plans for anyone in its leadership to address the annual gathering of the nation’s secretaries of state, which begins Thursday in Washington.” Homeland Security Secretary Kristi Noem had stated prior to her confirmation that the agency had strayed “far off mission.” A conservative blueprint for the Republican administration “recommended that CISA be moved to the Transportation Department and focused solely on protecting government networks and coordinating the security of critical infrastructure.”
Major GitHub outage affects pull requests and other services
“We are investigating reports of degraded availability for Issues and Pull Requests,” says an incident report published on GitHub’s its official status page, continuing, “we have identified an issue with our caching infrastructure and are working to mitigate the issue.” Users logged by DownDetector are experiencing problems with the website, server connection, and the Actions feature. As of this recording, the company has said, “”we will be failing over one of our primary caching hosts to complete our mitigation of the problem. Users will experience some temporary service disruptions until that event is complete.”
Huge thanks to our sponsor, Conveyor
What are you going to do? Here’s a better question: what would Sue do?
Sue is Conveyor’s new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request from sales, completing every questionnaire or executing every communications and coordination task in-between.
No more manual work. Just a quick review when she’s done.
Ready to let Sue take the reins? Learn more at www.conveyor.com.
New Syncjacking attack hijacks devices using Chrome extensions
According to researchers at SquareX, this new attack technique involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover. It is described as “stealthy, and requires minimal permissions, and almost no victim interaction other than to install what appears to be a legitimate Chrome extension.” The process includes social engineering, fake Google workspace domains, a fake browser extension, and a fake Zoom update. A more thorough description is available at BleepingComputer. Just follow the link in the show notes.
House bill aims to better protect financial institutions from ransomware attacks
This bipartisan legislation, named The Public and Private Sector Ransomware Response Coordination Act, would “direct the Treasury secretary to deliver a report on existing collaboration between federal agencies and private financial companies, examining how those partnerships can be improved to better protect the industry from cyberattacks.” The report would also probe “whether relevant federal agencies are receiving timely access to reports on ransomware attacks on financial institutions, analyze reporting requirements, and assess whether additional legislation is needed,” as well as asking Treasury secretary to provide feedback and potential policy solutions.
TeamViewer fixes vulnerability in Windows client and host applications
TeamViewer has released security patches for a high-severity elevation of privilege vulnerability, in its remote access solutions for Windows. The vulnerability affects TeamViewer Full Client and TeamViewer Host versions in versions from 11.x through to 15.x. “An attacker with local access could exploit the flaw to achieve local privilege escalation on a Windows system.” The company says it is not aware of attacks in the wild exploiting this vulnerability, which was discovered by an anonymous researcher from the Trend Micro Zero Day Initiative.
DARPA seeks to create firmware that can respond and recover from cyberattacks
Red-C, is a new project from the Defense Advanced Research Projects Agency, which is seeking to give networks the ability to repair themselves after a cyberattack. As described in Cyberscoop, “the forensic sensors in your device’s firmware spring to life. They begin healing your network, restoring locked files, and communicating with other systems to collect forensic data. The firmware then analyzes the data to identify how the attackers entered and exploited system weaknesses, then blocks those vulnerabilities to prevent future breaches through the same entry points. The project “seeks to build new defenses into bus-based computer systems, which are firmware-level systems used in everything from personal computers to weapons systems to vehicles.” A more complete description of the project is available in the show notes to this episode.