Biden’s budget seeks increase in cybersecurity spending
President Biden’s budget proposal for fiscal year 2023 calls for wide-ranging investments to boost the cybersecurity resilience of the U.S. government and to implement his recently released cyber strategy, which calls for a whole-of-government approach to boosting U.S. digital defenses. CISA would get a total of $3.1 billion, an increase of $145 million compared to last year. That includes $98 million to implement the Cyber Incident Reporting for Critical Infrastructure Act and $425 million to improve internal cybersecurity and analytical capabilities. With Republicans in control of the House of Representatives, Biden’s budget has no chance of being passed into law. Instead, the proposal released Thursday represents a signaling document ahead of what is likely to be a bitter negotiation between Republicans and Democrats over government spending levels.
AT&T alerts 9 million customers of data breach after vendor hack
Exposed in the breach was Customer Proprietary Network Information from some wireless accounts, such as the number of lines on an account or wireless rate plan, AT&T told BleepingComputer. “The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.” The company added that its systems were not compromised in the vendor security incident and that the exposed data is mostly associated with device upgrade eligibility.
GitHub makes 2FA mandatory next week for active developers
The gradual 2FA rollout will start next week with GitHub reaching out to smaller groups of administrators and developers via email and will speed up as the end of the year approaches, to ensure that onboarding is seamless and users have time to sort out any issues. Once expanded to the company’s entire user base, the 2FA enrollment requirement will help secure the accounts of more than 100 million users.
Ransomware attack against Barcelona hospital disrupts operations
The attack targeted Hospital Clinic de Barcelona one of the city’s leading hospitals, shutting down its computer system and forcing the cancellation of 150 non-urgent operations and up to 3000 patient checkups. The attack was attributed to the threat actors known as RansomHouse, and originated outside of Spain. Avishai Avivi, CISO of security company SafeBreach, noted that the attack spread laterally through the hospital, shutting down laboratories, emergency rooms, pharmacies, and several external clinics. He suggests that the hospital’s networks were not properly segmented and segregated from each other. He also challenged the attribution of the attack, clarifying that RansomHouse typically does not encrypt data but instead focuses on data exfiltration. “This indicates that shutting down the computers was done to prevent further data exfiltration and further suggests that the hospital does not have good egress security controls to prevent data leakage, a conjecture further supported by the fact that the hospital has indicated it will not pay the ransom,” leading Avivi to believe that it still has access to the data.
Thanks to this week’s episode sponsor, Packetlabs
New critical flaw in FortiOS and FortiProxy could give hackers remote access
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. Known as underflow bugs, or buffer underruns, they occur when the input data is shorter than the reserved space, causing unpredictable behavior or leakage of sensitive data from memory. Fortinet said it’s not aware of any malicious exploitation attempts against the flaw, but urges users to move quickly to apply the patches.
Recently discovered IceFire Ransomware now also targets Linux systems
SentinelLabs researchers have discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, and was first detected in March 2022 by researchers from the MalwareHunterTeam, but the group claimed victims via its dark web leak site since August 2022. Most of IceFire infections have been reported in Turkey, Iran, Pakistan, and the United Arab Emirates, countries not typically a focus for organized ransomware operations.
WhatsApp: Rather be blocked in UK than weaken security
Its head, Will Cathcart, said it would refuse to comply if asked to weaken the privacy of encrypted messages under the country’s Online Safety Bill. The app Signal previously said it could stop providing services in the UK if the bill required it to scan messages, but the government said it is possible to have both privacy and child safety. WhatsApp is the most popular messaging platform in the UK, used by more than seven in 10 adults who are online, according to communication regulator Ofcom.
DC healthcare exchange breach leaked sensitive data of Congress members
The breached data includes sensitive information of Congress members and staff, who were enrollees on the DC Health Link website. On Monday, a purported hacker on the forum Breached said they obtained a database and claimed it included names, ID numbers, policy IDs, Social Security numbers, plan names, employers, addresses, and much more. The hacker asked for payment in the Monero, and by Wednesday the post was updated to say the database had been sold.