This week
Ransomware attack on blood test lab leads to cancelled treatments at London hospitals
- Hospitals in London had to cancel some operations this week because of a cyberattack on a part of their supply chain. St Thomas’ and King’s College hospitals postponed cancel procedures because blood transfusions would not have been available.
- The supplier, Synnovis, which provides testing, diagnostics, and other hospital services to facilities in six London boroughs, reportedly experienced a “major IT incident.” NHS London described the incident as a “ransomware cyber attack.” Synnovis has notified law enforcement and the National Cyber Security Centre. A critical incident was declared as hospitals sought to redirect patients to unaffected locations for emergency care and cancelled appointments for others.
- The Qilin ransomware gang is suspected to be behind the attack. Suspiciously or coincidentally, the group’s darknet site has been offline since Wednesday this week. It’s unclear what the cause is.
- LINK, MORE, QILIN
Microsoft recalls Recall; makes it open-in
- Microsoft’s controversial forthcoming Recall feature will be opt-in by default, following a backlash from security and privacy advocates. The feature stored data in plain text and was accessible to anyone with access to the computer. Researchers called it the “dumbest cybersecurity move in a decade.”
- Additional protections will be in place before the 18th June release date, including using Windows Hello to encrypt and authenticate access to Recall data. These are reasonable steps, though you might ask why these —let’s face it, trivially basic— protections weren’t baked into the product before its announcement.
- Reminder: In 2021, Microsoft made a big song-and-dance announcing a $20 billion investment over five years (4x its previous level) in cyber security during a Presidential cyber security summit attended by CEO Satya Nadella.
- LINK, DUMB, $20BN
Interesting stats
7,000 decryption keys for LockBit ransomware victims are now in the hands of the FBI after they seized infrastructure belonging to the cybercriminals earlier this year. LINK
Other newsy bits / in brief
⚠️ Incidents:
- Google accidentally published internal documentation that showed how the company’s search engine works on GitHub. SEO experts are obviously over the moon as it shows some of the ingredients that Google considers when ranking pages. However, it stops short of providing a full algorithm or weighting of how the over 14,000(!) attributes relate. LINK
- Security researchers have shared a massive trove of 361 million username and password combinations they have collected from cybercrime Telegram channels. The data has been shared with the Have I Been Pwnd breach notification service; Troy Hunt says that 151 million credential pairs were not in the database. The creds are believed to have come from info stealer malware infections. LINK
- High-profile TikTok accounts belonging to CNN, Sony and Paris Hilton have been compromised. The Chinese social media giant has acknowledged, though not confirmed the nature of, an exploit they say has now been addressed. TAKEOVERS, ACKNOWLEDGEMENT
- Two senior officers in Bangladesh’s anti-terror police have allegedly been selling citizen’s sensitive personal information on Telegram. LINK
- Frontier Communications says the names and Social Security numbers of 751,895 US residents were stolen during a cyberattack in April this year. LINK
🏴☠️ Ransomware:
- RansomHub ransomware-as-a-service linked to the defunct Knight ransomware group. LINK
- Fog ransomware is a new group targeting US education organisations using stolen VPN credentials. LINK
🪲 Vulnerabilities:
- Zyxel has released an emergency patch for an end-of-life NAS product containing three critical vulnerabilities. LINK, ADVISORY
- Critical vulnerabilities in Apache HugeGraph: CVE-2024-27348 (9.8/10) allows attackers to bypass authentication and execute remote code. LINK, ADVISORY
- Progress Software has patched authentication bypass and remote code execution (RCE) vulnerabilities in its Telerik Report Server product. CVE-2024-4358 (9.8/10) and CVE-2024-1800 (8.8) cover the issues for which a proof of concept is now available. LINK, ADVISORY
- An Oracle WebLogic bug, patched seven years ago, has been added to CISA’s Known Exploited Vulnerability (KEV) list. CVE-2017-3506 (7.4/10) was fixed in April 2017, however a financially motivated Chinese cybercrime group is targeting unpatched WebLogic servers to deploy cryptocurrency mining malware. LINK
- PHP for Windows has an argument injection vulnerability, CVE-2024-4577 (9.8/10). LINK, ADVISORY
🛠️ Security engineering:
- Microsoft has deprecated the ‘NTLM’ Windows authentication protocol. NTLM — New Technology LAN Manager (my emphasis) — was originally introduced in Windows NT 3.1 in 1993. Microsoft says NTLM is no longer under active development, and admins should move to alternatives like Kerberos or Negotiate. LINK
🧿 Privacy:
- Privacy-focussed search engine DuckDuckGo has released a new AI Chat service that allows users to access four large language models (LLM) chatbots, including OpenAI’s ChatGPT, while preserving their anonymity. LINK
📜 Policy & Regulation:
- Poland will invest 3 billion zł (£590M, $760M) in strengthening its national cyber defences. The country’s ‘Cyber Shield’ programme is a response to Russian cyber attacks and a desire to improve CNI cyber resilience. LINK
- California state bill proposes AI firms implement a ‘kill switch’ that would allow their models to be turned off. AI firms and Big Tech aren’t happy. LINK
👮 Law Enforcement:
- Twenty-two Chinese nationals pleaded guilty to involvement in a “sophisticated internet fraud syndicate” in Zambia this week. They’re part of 77 arrests made in April when law enforcement also seized 13,000 SIM cards. Zambian authorities charge the individuals with cybercrime offences and misleading locals into working in scam call centres in the country’s capital, Lusaka. LINK
💰 Investments, mergers and acquisitions:
- Tenable has announced its acquisition of data security posture management (DSPM) startup Eureka for an undisclosed sum. LINK