In today’s cybersecurity news…
Nissan North America breach impacts over 53,000 employees
The car manufacturer has disclosed that a breach discovered last November has exposed personal data of more than 53,000 current and former employees of the company. This breach occurred during a hit on its external VPN by a threat actor who then demanded a ransom. The company states that none of its systems was encrypted during the attack. The employee data accessed included names and Social Security numbers but not financial details. This attack is different from that of Nissan Oceania, which occurred at roughly the same time.
VMware fixes workstation flaws, thanks Pwn2Own hackers
The fixes apply to four flaws in its Workstation and Fusion desktop hypervisors, three of which had been demonstrated at Pwn2Own Vancouver 2024. In an advisory published Wednesday, which describes the workaround and fixes for the four flaws, VMware thanked the Pwn2Own participants by name, as well as the companies they worked for, StarLabs and Theori. A link to the advisory is available in the show notes to this episode.
Security flaws discovered in GE Ultrasound machines
Researchers from Nozomi Networks have discovered 11 flaws in the Vivid T9 Ultrasound series of products, including its pre-installed Common Service Desktop web application. These flaws could result in the installation of malware, manipulation of patient data, and could also affect a software program called EchoPAC, installed on a doctor’s Windows workstation to access the ultrasound images. According to Nozomi, successful exploitation of these flaws does require prior access to the hospital environment through stolen VPN credentials or physical insertion of an infected USB device. Advisories from GE state that existing mitigations and controls reduce the risks posed by these flaws to acceptable levels, and “in the unlikely event a malicious actor with physical access could render the device unusable, there would be clear indicators of this to the intended user of the device.” it noted,”the vulnerability can only be exploited by someone with direct, physical access to the device.”
(The Hacker News and GE advisory)
Spanish bank Santander suffers third-party data breach
This breach, which affected the bank’s customers in Chile, and Uruguay as well as Spain, was due to “unauthorized access to a Santander database hosted by a third-party provider.” The data exposed contained information on current and former employees, but no transactional data, online banking details, passwords, or other data that would allow someone to conduct transactions. No further details have been released.
Huge thanks to this week’s episode sponsor, Vanta
Palo Alto Networks partners up with IBM
The announcement, made Wednesday, means that IBM will expand its internal use of Palo Alto Networks security platforms internally, and will make it its preferred partner for network, cloud, and SOC offerings. The two companies will work closely on DevSecOps and threat management. Palo Alto Networks will make IBM Consulting a preferred MSSP for its customers and has agreed to acquire IBM’s QRadar SaaS assets–technology. This union is expected to be complete by the end of September. Financial terms have not been disclosed.
Wichita hack stole sensitive law enforcement information
Following up on a story we have been covering these past two weeks, the hack on the city of Wichita that has been claimed by LockBit likely resulted in the theft of “sensitive law enforcement incident and traffic information, which includes names, Social Security numbers, driver’s license or state identification card numbers, and payment card information.” The city is still trying to recover from the attack, with police services and other departments reverting to pen and paper for transactions and record keeping. Although LockBit claims to have already sold the data, Brett Callow, analyst at Emsisoft, said it is unlikely the data was sold, calling it “nothing more than an attempt by a dying ransomware operation to save face over its failure to monetize an attack.”
April was an outlier month for ransomware, says GuidePoint
GRIT, the ransomware report published by GuidePoint Security, has some interesting observations about the month of April, which it calls an outlier after two years of reporting. It looks at the exit scam performed by ALPHV/BlackCat, as well as the fall of LockBit, which has allowed the less theatrical Play group to fill some of the void. It also acknowledges some newer kids on the block including RansomHub, Ra Group, Dark Vault, and Inc Ransom, and looks at the increased use of “lower-quality malware, [and] exploitation of historical vulnerabilities for smash and grab data extortion. Manufacturing, technology, and healthcare verticals suffered the greatest number of attacks, and the U.S., Canada, and the UK were the most attacked countries in terms of ransomware. A link to the report is available in the show notes to this episode.
Crypto heist by MIT grads nets $25M in 12 seconds, shakes the foundations of blockchain
This has all the makings of a classic heist movie: two brothers who were educated in mathematics and computer science at MIT, then plotted for months to steal $25 million in Ethereum cryptocurrency, which they did in just 12 seconds. They achieved this by “by fraudulently gaining access to pending private transactions and then altering the transactions to obtain their victims’ cryptocurrency.” This is now being referred to as “The Exploit” by prosecutors and others at the Department of Justice and the IRS. U.S. Attorney Damian Williams said in a statement on Wednesday, “the defendants’ scheme calls the very integrity of the blockchain into question.”
(BBC News)