In today’s cybersecurity news…
Insurance giant Globe Life facing extortion attempts after data theft from subsidiary
The Texas-based company informed regulators through an 8-K form submitted yesterday, October 17, that the extortion threat relates to a breach that occurred in June, and which impacts around 5,000 customers of its subsidiary, American Income Life Insurance Company. The data stolen includes PII of around 5,000 people, along with Social Security numbers, health-related data, and policy information. It does not appear to contain financial information such as credit card data or banking data. Globe Life also says that the cybercriminals behind the attack attempted to extort the company into paying a ransom in exchange for not publishing the stolen data.
(The Record, BleepingComputer, and SEC.gov)
Infamous hacker USDoD possibly arrested in Brazil
Law enforcement officials in Brazil have arrested a hacker, allegedly behind intrusions on their own systems, who may have quite the record of achievement. This may be the person responsible for some recent high-profile cyberattacks including the FBI’s InfraGard platform in December 2022, Airbus in September 2023, the U.S. Environmental Protection Agency in April of this year, and the huge data haul of National Public Data last December. Brazil’s Department of Federal Police has not named the person they have arrested, but has said this person was responsible for the EPA attack, and the individual has separately claimed such achievements. Furthermore, the recent bankruptcy filing by National Public Data that explicitly names USDoD, noted that the hacker “has had a great deal of success breaching other institutions including the FBI, Airbus, and TransUnion.”
Anonymous Sudan masterminds indicted
This past Wednesday, a federal grand jury unsealed an indictment against two Sudanese brothers aged 22 and 27, who are allegedly behind the cybercriminal outfit, which has been active over the past couple of years and has become quite infamous, to the point that the group was suspected of being a front group for the pro-Russia hacktivist collective Killnet. “It is known to have conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft’s services in June 2023.” Authorities also unsealed a criminal complaint and announced they had disabled the group’s powerful tool for conducting attacks. Experts, including Tom Scholl, vice president of Amazon Web Services who were instrumental in the takedown, said his team were “a bit surprised about how brazen they were, and by the ease with which they were impacting high profile targets.”
(Cyberscoop and The Hacker News)
Thanks to today’s episode sponsor, Conveyor
Conveyor’s market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers.
Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents and self-serve answers to their own questions.
End the horror show. Try it for free at www.conveyor.com.
Boston Children’s Health Physicians suffers cyberattack
The BianLian ransomware group is claiming responsibility for a cyberattack on Boston Children’s Health Physicians (BCHP) and is threatening to leak stolen files unless a ransom is paid.“BHCP is a network of over 300 pediatric physicians and specialists operating over 60 locations across New York’s Hudson Valley and Connecticut, offering patient care in clinics, community hospitals, and health centers affiliated with Boston Children’s Hospital.” According to the BCHP website, “a cyberattack compromised its IT vendor on September 6 and a few days later BCHP detected unauthorized activity on its network.” The BCHP also clarified that the attack did not impact its electronic medical record systems, which are hosted on a separate network.
South Korea promises heavier penalties to prevent technology leaks
The South Korean finance minister, speaking yesterday, Thursday, said these penalties are intended to “prevent overseas leaks of business secrets amid intensifying competition for advanced technologies.” This initiative will include a big data system installed at the patent agency, along with new regulations “to ensure stronger punishment for culprits,” although the specifics of the stronger penalties were not made clear. According to the country’s National Intelligence Service, over the past five years there have been 97 attempts to leak business secrets to a foreign country, with 40 of them in the semiconductor industry.
(Reuters)
F5 publishes quarterly security notification, addressing BIG-IP and BIG-IQ vulnerabilities
News about the fixes for these vulnerabilities came in the company’s October edition of its quarterly security notification. The update for BIG-IP, a collection of hardware platforms and software solutions address a high-severity security defect affecting the appliance’s monitor functionality. The update for BIG-IQ, which centralizes management, licensing, monitoring, and analytics for a dispersed BIG-IP infrastructure, is described as “a stored cross-site scripting (XSS) bug in an undisclosed page of the appliance’s user interface.” F5 makes no mention of either of these vulnerabilities being exploited in the wild. Further details are available in the F5 quarterly security notification, a link to which is available in the show notes to this episode.
(F5 Quarterly Security Notification)
Vulnerability warning from Kubernetes and VMWare, plus new KEV catalog entries
Finally, just a quick summary of some vulnerabilities of note this week, a Kubernetes Image Builder vulnerability could allow attackers to gain root access if exploited under specific conditions. This applies only to Kubernetes clusters with nodes using VM images from the Image Builder project and its Proxmox provider. VMware has fixed “a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager,” and CISA has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a Microsoft Windows Kernel TOCTOU race condition vulnerability, a Mozilla Firefox use-after-free vulnerability, and a SolarWinds Web Help Desk hardcoded credential vulnerability. Links to details on these is available in the show notes.