In today’s cybersecurity news…
Cyber assistance coming to rural hospitals
Both Microsft and Google announced programs to offer cybersecurity services to these organizations. The Biden administration announced that Google will offer free endpoint security advice to non-profits and rural hospitals, as well as launch a pilot for these hospitals to develop a better package of security security services. Microsoft separately announced a program to provide “non-profit pricing” and discounts on cybersecurity services up to 75%, as well as a free year of access to its security suite, and free Windows 10 security updates. The White House said there are at least 1,800 rural hospitals in the US that would quality.
UK and Canada launch investigation into 23andMe breach
The Privacy Commissioner of Canada and The UK’s Information Commissioner’s Office launched a joint probe into the scope of customer information exfiltrated in the attack on the genetic information company last year. The investigation will also look into if 23andMe implemented adequate security controls. 23andMe discovered a months-long credential stuffing attack in October 2023, prompting users to reset passwords on October 10th and implementing default MFA on November 6th. Threat actors scrapped data on 49% of all 23andMe customers, posting much of it on BreachForums prior to its shutdown.
Mandiant and Snowflake sending out breach notices
Maniant announced it began working with Snowflake to investigate a recent string of data breaches and to notify roughly 165 customers that their data may have been stolen. Snowflake previously said the incidents impacted a “limited number” of customers, with TicketMaster and LendingTree confirming data loss. Mandiant attributed the attacks to the financially-motivated threat actor UNC5537. The Snowflake customer attacks data back to April 14th, Mandiant first saw customers report issues on May 22nd. Mandiant confirmed these breaches don’t come directly from accessed Snowflake systems, but rather from credential stuffing attacks combined with a lack of MFA. Snowflake said it will create a plan to enforce MFA use by customers.
NHS out for blood after cyberattack
The UK’s National Health Service is still suffering the fallout from a cyberattack on the pathology service provider Synnovis. The NHS launched a call for Type O blood donors, as these universal donors can make it faster to match for blood transfusions. Impacted hospitals also requested medical student volunteers to mitigate the biggest impacts to patient care. The Independent’s sources say two of the UK’s largest hospitals canceled over 200 emergency and life-saving operations as a result of the disruption.
And now a word from our sponsor, Vanta
FCC earmarks funds to improve school cybersecurity
The US Federal Communications Commission voted 3-2 to approve a pilot program that will use $200 million from the Universal Service Fund for schools and libraries seeking to upgrade network security equipment. The FCC will collect equipment data usage to inform future cybersecurity initiatives. This program will operate separately from its existing e-rate program for network hardware purchases. Chairwoman Jessica Rosenworcel said school districts can take up to nine months to recover from cyberattacks.
(SC Media)
Japanese video-sharing site offline after cyberattack
The popular Japanese video platform Niconico confirmed that a service outage that started over the weekend came as the result of a cyberattack. The popular service has about 89 million active members and 1.43 million subscribers. Parent company Kadokawa said the attack also took down its website and e-commerce operations. Niconico said no credit card information leaked from the attack. No details on the actors behind the attack, just that it involved “unauthorized external access” to servers.
VSCode Marketplace rife with security issues
A group of Israeli security researchers demonstrated the security failings of Microsoft’s Visual Studio Code Marketplace, creating a fake extension to typosquat on the popular “Dracula Official” theme. The researchers registered a domain for the fake and received a verified publisher designation. Once installed, the extension exfiltrated system information to a remote service and did not trigger EDR tools. The extension saw installations at a large public company, several major security companies, and a national justice court network, although the researchers did not name specific entities. The researchers also put a full disclosure in the extensions Read Me, license, and code. The group subsequently found over 1200 VSCode extensions with known malicious code, installed a total of 229 million times, which they reported to Microsoft.
Cyber attackers forget to ignore Cleveland
Today, Cleveland has joined the sad and worldwide fraternity of cities whose only membership requirement is to suffer the anguish of a municipal cyberattack. City of Cleveland officials announced that it shut down all internal systems and software platforms as it investigates a “cyber incident” impacting some systems. As a result, officials closed City Hall to the public on June 10th. Unlike other municipal cyber attacks we’re seen in recent months, emergency services and utilities remain operational. The city will keep services offline until they fully understand the scope of the issue.