AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/06/2022

Pediatric EMR Vendor Hack Affects 2.2 Million

A hacking incident at a cloud-based electronic health records and practice management software vendor affects dozens of the company’s pediatric practice clients and more than 2.2 million of their patients and other individuals. Pennsylvania-based Connexin Software Inc., which does business as Office Practicum, reported the hack to the U.S. Department of Health and Human Services on Nov. 11 and said it involved a network server. Connexin in its breach notification statement lists about 120 pediatric practices affected by the incident.

 

Samsung’s Android app-signing key has leaked, is being used to sign malware

A developer’s cryptographic signing key is one of the major linchpins of Android security. Any time Android updates an app, the signing key of the old app on your phone needs to match the key of the update you’re installing. The matching keys ensure the update actually comes from the company that originally made your app and isn’t some malicious hijacking plot. If a developer’s signing key got leaked, anyone could distribute malicious app updates and Android would happily install them, thinking they are legit. 

 

Tractors vs. threat actors: How to hack a farm

While I was in the UK police force and part of the National Cyber Crime Unit in 2018, I was asked to give a talk on cybersecurity at a National Farmers’ Union (NFU) meeting in southern England. Right after I started my talk, one farmer immediately raised his hand and told me that his cows had recently “been hacked”. Baffled and amused, I was instantly hooked and wanted to know more about his story. He went on to tell me that his farm was relatively high tech and that his cows were hooked up to an online milking machine. Once, when he had clicked on a malicious email attachment, his computer network went down and he realized that without the network he had no way of knowing which cow had been milked or which cow needed milking next, causing major panic and stress – and quite possibly not just for him.

 

Sneaky hackers reverse defense mitigations when detected

A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. The campaign was spotted by Crowdstrike, who says the attacks started in June 2022 and are still ongoing, with the security researchers able to identify five distinct intrusions. The attacks have been attributed with low confidence to hackers tracked as ‘Scattered Spider,’ who demonstrate persistence in maintaining access, reversing mitigations, evading detection, and pivoting to other valid targets if thwarted.

 

Wiper, Disguised as Fake Ransomware, Targets Russian Orgs

Companies infected with purported ransomware may no longer have an option to pay a ransom. A new malicious program acts exactly like crypto-ransomware — overwriting and renaming files, then dropping a text file with a ransom note and a Bitcoin address for payment — but the program instead deletes the contents of a victim’s files. The program, CryWiper, currently targets Russian organizations but could easily be used against companies and organizations in other nations, according to cybersecurity firm Kaspersky, which analyzed the program.

 

Security Expert Warns ‘Update Google Chrome Now’ As CISA 0Day Deadline Revealed

Google has confirmed yet another zero-day vulnerability impacting the Chrome web browser client, the ninth this year. In a posting to the official Chrome releases blog, Google states that users of Chrome on the Windows, Mac, and Linux platforms as well as Android, are impacted by the high-severity CVE-2022-4262 0day security vulnerability. An urgent update has started rolling out across all platforms, and Google is withholding the technical details of the zero-day until a majority of Chrome users have updated.

Related Posts