The US Cybersecurity and Infrastructure Security Agency (CISA) reports that SAP Commerce, Gpac framework, and D-Link DIR-820 routers are being exploited using old vulnerabilities. The oldest flaw, tracked as CVE-2019-0344 with a CVSS score of 9.8, enables attackers to execute arbitrary code on a vulnerable system with Hybris user rights. It is an unsafe deserialization issue in SAP Commerce Cloud's "virtualjdbc" extension. Hybris is a Customer Relationship Management (CRM) tool deeply integrated into the SAP cloud ecosystem.

The group, known as "Storm-0501," targets schools, hospitals, and other vulnerable organizations for financial gain. Microsoft Threat Intelligence reports that Storm-0501 has been affiliated with various Ransomware-as-a-Service (RaaS) strains such as "BlackCat/ALPHV," "LockBit," and "Embargo." The ransomware group has now changed tactics as it now exploits hybrid cloud environments with weak passwords and overprivileged accounts instead of just buying initial access from brokers.

Over the past year, more than 140,000 phishing websites have been linked to the "Sniper Dz" Phishing-as-a-Service (PhaaS) platform. According to Palo Alto Networks' Unit 42 researchers, Sniper Dz has an online admin panel with phishing pages. Phishers can host these pages on Sniper Dz's infrastructure or download templates to host on their own servers. This article continues to discuss findings regarding the Sniper Dz PhaaS.

Texas healthcare provider UMC Health System diverted patients for several days after taking IT systems offline following a ransomware attack.  UMC disclosed the incident on September 27, when it announced that emergency and non-emergency patients via ambulance were being diverted to nearby hospitals.  On Monday, the hospital announced that sustained efforts over the weekend allowed it to restore some of the affected services and that only a select number of patients were being diverted.

T-Mobile has recently agreed to a $15.75m settlement with the US Federal Communications Commission (FCC) for multiple cybersecurity incidents that led to millions of customers’ data being breached.  The settlement relates to a series of data breaches that occurred in 2021, 2022, and 2023, which have all been subject to FCC investigations.  T-Mobile also agreed to invest the same amount to improve its cybersecurity posture.

NSA is always recruiting bright determined individuals to help protect our country! Are you up to the challenge?
Nation-State Advanced Persistent Threats (APTs) are targeting our Defense Industrial Base (DIB) contractors.
Stop them from infiltrating and sabotaging U.S. military operations.

Searchlight Cyber further highlighted that the availability of any data related to an organization on the dark web increases its vulnerability to cyberattacks. The Marsh McLennan Cyber Risk Intelligence Center analyzed a dark web dataset against a sample of 9,410 organizations with an overall breach rate of 3.7 percent from 2020 to 2023. They wanted to see if there was a correlation between data breaches and dark web findings in the year prior to the incident. This article continues to discuss dark web exposure being highly correlated with cyberattack risk.

Recently, legislation that mandated safety requirements for major artificial intelligence model developers in California was vetoed by Gov. Gavin Newsom.  Newsom said that the bill lacks consideration of the environments where the models are deployed, the data used by such models, and their purpose.  Newsome said the bill applies stringent standards to even the most basic functions so long as a large system deploys it.  Newsome said that he did not believe this was the best approach to protecting the public from real threats posed by the technology.

Patelco Credit Union has recently informed authorities that information about more than 1 million individuals was stolen in a ransomware attack this summer.  The cyberattack was identified on June 29 and resulted in Patelco taking some of its day-to-day banking systems offline.  The company said it led to an outage affecting the union’s online banking services, mobile application, and call center.  The credit union noted that the attackers had access to its systems starting May 23 and that they stole a database containing personal information.

The Community Clinic of Maui in Hawaii recently informed authorities that a cyberattack suffered earlier this year has resulted in a data breach impacting over 120,000 individuals.  The company says it detected a cybersecurity incident on May 7 and later determined that the attackers may have stolen personal data between May 4 and May 7.