Updated: May 19, 2021
In the Spotlight This Week
Singtel breached through a hack on third-party file-sharing vendor
Microsoft patch fixes 56 bugs, including Windows zero-day
Anti-malware firm Emsisoft exposes internal database
French insurance company hit by RansomExx attack
75% of apps in the healthcare industry have security vulnerabilities
CD Projekt Red Hit By Cyber Attack
In a statement released yesterday, Singaporean telco operator Singtel stated that a third-party file-sharing system has been hacked, and customer information may have been compromised. The file-sharing system that was hacked is called FTA and is provided by cloud-sharing company Accellion, which informed Singtel of the hack on Dec 23 last year. The FTA system is used to share information internally within Singtel and externally to other stakeholders. Singtel said the breach was an isolated incident involving the third-party system, and that its core operations remain "unaffected and sound". An impact assessment on the extent of the data breach is ongoing.
On what is known as “Patch Tuesday”, Microsoft released its monthly batch of security updates. This month, the OS maker has fixed 56 security vulnerabilities, including a Windows bug that was exploited in the wild before today's patches. The Windows zero-day is an elevation of privilege bug in Win32k, a core component of the Windows operating system. The bug was exploited after attackers gained access to a Windows system in order to obtain SYSTEM-level access. According to a report from Chinese security firm DBAPPSecurity, the zero-day was employed by an advanced threat actor known as Bitter, with a long history of attacks targeting Pakistani and Chinese organizations and users.
Anti-malware solutions provider Emsisoft disclosed a data breach last week, noting that a third-party had accessed a publicly exposed database containing technical logs. The incident was caused by a misconfiguration of a database used in a test environment that was exposed to the Internet. The misconfigured system was used to evaluate and benchmark possible solutions for the storage and the management of the log data generated by Emsisoft products and services.
The analysis of the exposed database revealed that the logs stored in the archive contained 14 customer email addresses of 7 different organizations. Emsisoft experts believe that the attack was automated and was not the result of a targeted campaign.
French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company's operations. This attack has caused their websites and telephone platform to become unavailable. An independent security researcher shared a Tor web page associated with RansomExx that acts as a ransom negotiation page for the MNH attack. The threat actors advised MNH to use a protonmail account when negotiating and not contacting the police, or the police will seize their bank accounts.
The global pandemic has accelerated the adoption of telemedicine. With this comes new security threats with cyber attackers targeting patient data. According to the latest State of Software Security (SOSS) report, 75% of applications in the healthcare industry have a security vulnerability and 26% have high-severity security vulnerabilities. It is crucial that healthcare organizations move quickly to address security flaws to keep security debt from rising exponentially.
CD Projekt Red is the latest game company to be hit by a cyber attack. The company released a statement on Twitter saying an “unidentified actor” has hacked some of its systems, and included a screenshot of the ransom note. Accessed data includes source code for some of the studio’s games, alongside internal company data. The hacker’s note threatened to release source code for Cyberpunk 2077, The Witcher 3 (including an unreleased version), and Gwent, as well as company documents “relating to accounting, administration, legal, HR, investor relations, and more.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.