Cyber Security Headlines: Ransomware hammers hospitals, Citrix servers not applying patches, Log4Shell at 1-year old

Ransomware continues to hammer hospitals

The Lake Charles Memorial Health System began notifying patients of a data breach impacting almost 270,000 that received treatment at one of its medical centers. The hospital experience an attack on October 21st, with attackers gaining access to patient names, addresses, medical records, payment information and some social security numbers. The Hive ransomware group took credit for the attack, hosting files on its leak site. This concurs with a recent HHS Health Sector Cybersecurity Coordination Center report, which found Hive particularly active targeting healthcare organizations. In October, an FBI report found that among all cyberattacks against critical infrastructure, attacks on the healthcare sector accounted for 25% of all ransomware complaints. 

(Bleeping Computer, Dark Reading)

Citrix servers found vulnerable despite patches

Over the past two months, Citrix issued patches for two critical flaws in ADC and Gateway deployments. One involved an authentication bypass, another involved remote code execution and actively being exploited. Researchers at NCC Group’s Fox IT team found 28,000 Citrix servers online, and used MD5 hash-like parameters included in HTTP responses to match them to product versions. They found about 16%, roughly 4500 servers, ran software still potentially vulnerable to one of the flaws.  The researchers found servers in China, the UK, and France the slowest to update to patched versions. 

(Bleeping Computer)

Log4Shell celebrates an anniversary 

It’s been about a year since researchers disclosed the zero-day vulnerability in the Log4j Java library. While patches quickly arrived for what was dubbed Log4Shell, it still remains a persistent security problem for many projects and software components. A new report from Cisco Talos reiterates this, saying the libraries wide usage and deeply embedded nature make it difficult to inventory for organizations. It further said it anticipates Log4Shell to be an exploitation threat through 2023 and beyond. While the Conti ransomware group began exploit Log4Shell soon after disclosure, Talos notes APT, ransomware and cryptomining groups continue to use the exploit.  

(CSO Online)

US continues to expand TikTok block

The US House of Representatives administrative arm issued new rules banning the app TIkTok on House-managed devices. The House isn’t alone in this action. It follows legislation from 19 states that have at least partially blocked the app on state-managed devices. The recently passed omnibus spending bill also bans TikTok on federally managed hardware. That bill still awaits President Biden’s signature, but the broader ban is expected to go into effect soon. 

(Reuters)

And now a word from our sponsor, Tines 

If you’re overwhelmed by your workload, Tines is the solution you’ve been looking for. Tines no-code automation checks boxes legacy SOAR tools can only dream of. Break the silos between tools and teams, focus on meaningful work, and eliminate manual errors while improving your response times. Visit Tines.com to stay ahead of the curve without breaking a sweat!

North Korean attackers pose as VC firms

Security researchers at Kaspersky published a report detailing a North Korea-affiliated group known as BlueNoroff. Over the past year, the group registered domains mimicking sites of real venture capital firms based out of Japan and Taiwan. The group appears to target employees at startups, in an attempt to get them to click through to further phishing sites. Kaspersky believes the group operates as part of the Lazarus Group, the well known financial and cyber espionage hacking group. The report also details how the group began experiments with new file types for phishing lures in attempts to evade detection, particularly focusing on ISO image files. 

(SC Magazine)

Kraken exchange closes in Japan

Payward Asia operates Kraken services in the country. It announced it will shut down its exchange business there as of January 31st. The company will ask clients to transfer holdings to different digital wallets or exchange them out for fiat currency. This follows significant cuts at Kraken, which cut 30% of its global workforce earlier this month, impacting 1,100 people. While a significant withdrawal, the exchange believes it can continue to operate in the ongoing crypto winter, fueled by the fall of several notable exchanges and tokens, most notably the collapse of FTX. 

(Bloomberg)

US investigating conveniently timed FTX hack

Speaking of FTX, Bloomberg’s sources say the Department of Justice;s National Cryptocurrency Enforcement Team launched a criminal investigation into an alleged cybercrime that stole $370 million from FTX hours after the exchange filed for bankruptcy. So far, most of the legal proceedings related to FTX have centered around alleged fraud from founder Sam Bankman-Fried. In interviews prior to his arrest, SBF suggested the infiltration represented an inside job, but its unclear who orchestrated the breach. Sources say the US government managed to freeze some of the funds. 

(Bloomberg)

Mastodon rebuffs funding overtures

Mastodon founder Eugen Rochko told the Financial Times it rejected more than five investment offers worth “hundreds of thousands of dollars” from venture capital firms in recent months. Rochko also called Mastodon’s non-profit status “untouchable,” saying the independence and moderation choices across servers were part of its appeal. This isn’t to say Mastodon isn’t without any income. Mastodon development is currently funded by donations through Patreon, with over 8500 donors on Patreon currently paying over £25,000 a month. Many individual federated servers also accept donations to pay expenses. 

(Ars Technica)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.