AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/17/2024

Ascension hacked after employee downloaded malicious file

Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. Ascension says this was likely an “honest mistake” as the employee thought they were downloading a legitimate file. The attack impacted the MyChart electronic health records system, phones, and systems used to order tests, procedures, and medications, prompting the healthcare giant to take some devices offline on May 8 to contain what it described at the time as a “cyber security event,” This forced employees to keep track of procedures and medications on paper, as they could no longer access patient records electronically.

 

Here’s how Apple’s AI model tries to keep your data private

At WWDC on Monday, Apple revealed Apple Intelligence, a suite of features bringing generative AI tools like rewriting an email draft, summarizing notifications, and creating custom emoji to the iPhone, iPad, and Mac. Apple spent a significant portion of its keynote explaining how useful the tools will be — and an almost equal portion of time assuring customers how private the new AI system keeps your data.

 

New Linux malware is controlled through emojis sent from Discord

A newly discovered Linux malware dubbed ‘DISGOMOJI’ uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India. The malware was discovered by cybersecurity firm Volexity, which believes it is linked to a Pakistan-based threat actor known as ‘UTA0137.’ “In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137,” explains Volexity.

 

AWS is pushing ahead with MFA for privileged accounts. What that means for you …

Heads up: Amazon Web Services is pushing ahead with making multi-factor authentication (MFA) mandatory for certain users, and we love to see it. The cloud giant in October said it would start requiring MFA for its customers’ most privileged users in 2024. Indeed, we understand that since May this year, AWS has been gradually requiring MFA for management account root users in AWS Organizations, and this change is still rolling out. And as stated during its annual re:Inforce security conference this month, AWS will from July begin requiring MFA for standalone account root users – those outside of AWS Organizations – when signing in to the AWS Management Console. Again, this will be a gradual roll-out, and other root user types are due to start facing this security requirement later this year. 

 

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. “According to Palma police, at one point he controlled Bitcoins worth $27 million.”

 

Related Posts