A hole in the GoAnywhere file transfer utility is exploited, ransomware attacks in the U.S. and Israel, and more.
Welcome to Cyber Security Today. It’s Monday, February 13th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
The Clop ransomware gang is back. According to Bleeping Computer, the gang says it recently stole data from over 130 organizations that use the GoAnywhere MFT file transfer utility. At risk are IT environments that exposed the tool’s administrative console to the internet, allowing a vulnerability to be exploited. The news report says Clop claims they didn’t encrypt data, only stole files. The claims couldn’t be verified. Forta, the company that develops GoAnywhere MFT, issued an emergency security update last Tuesday for on-premise versions of the utility, and one on Thursday for those using the cloud version.
That vulnerability has been added to the Known Exploited Vulnerabilities Catalog kept by the U.S. Cybersecurity and Infrastructure Security Agency. Also just added to the catalog is a hole in Intet’s Ethernet Diagnostics Driver for Windows, and a vulnerability in TerraMaster’s OS operating system for its data storage solutions. Patches for these holes are available.
The city of Oakland, California is recovering from a ransomware attack last week. While its website is now up the city took affected systems offline. Core functions including 911 service, fire and emergency resources and municipal financial data were not affected. However, non-emergency systems including voicemail may be impacted.
The Israel Institute of Technology — more commonly known as the Technion — was the victim of a ransomware attack over the weekend. According to the Jerusalem Post a hacker or hackers are demanding 80 bitcoin, worth about $2 million, to unscramble stolen data. The news site DataBreaches.net says the ransom note claims all of the Technion’s data is encrypted. That hasn’t been verified. No one knows anything about the group claiming responsibility, which calls itself DarkBit. The ransom note says someone should pay for occupation and crimes against humanity. But it also talks about the firing of high-skilled experts. The Jerusalem Post quotes the Israel National Cyber Directorate saying last year there were 53 cyber attacks last year on higher education institutions in the country.
In California, more than three million patients of four medical groups that suffered ransomware attacks late last year are receiving data breach notification letters. According to The Register, the four are Regal Medical Group, Lakeside Medical Organization, ADOC Medical Group and Greater Covinia Medical. All are associated with the Heritage Provider Network. Some of the stolen data might have included patients’ names, dates of birth, Social Security numbers and medical records.
A now-closed Virginia university is notifying more than 78,000 students and employees of a data breach last August. At the time the REvil ransomware gang was one of three groups claiming responsibility for attacking Stratford University. According to a copy of the letter being sent to those affected, an attacker obtained some school data, including information from the student database.
A North Carolina software company that provides solutions to the healthcare sector is notifying more than 11,000 patients of a data breach. Intelligent Business Solutions says in November it detected its network had been infected with malware that prevented access to data on certain IT systems. Data copied included patient names, Social Security numbers, dates of birth and medical information.
Canadian bookstore chain Indigo is still dealing with last week’s cyber attack. On Sunday, when this podcast was recorded, the company’s website was still offline. Stores were open. At first, purchasers were only able to pay for items in cash. Now they can use credit and debit cards. However, customers still can’t use gift cards or return purchases. Shoppers are urged not to log into any site that claims to be Indigo Books.
Finally, don’t forget not only is tomorrow Valentine’s Day, it’s also Patch Tuesday, when Microsoft and many major companies release security updates. However, those with SonicWall devices using Capture Client might want to hold off installing Windows 11 updates. That’s because on February 17th SonicWall will release a fix to solve a clash between Capture Client and Win11. A commentator at the SANS Institute says administrators should think about first installing the SonicWall patch before updating Windows.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon