SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Data allegedly stolen from Stanford University in ransomware attack
The Akira ransomware group claims to have stolen 430 Gb of internal data from Stanford University systems. The university has confirmed suffering a cybersecurity incident, but its investigation so far suggests that the breach was limited to its Department of Public Safety.
632,000 DoJ and Pentagon email addresses compromised in MOVEit hack
Roughly 632,000 email addresses associated with the US Justice Department and the Defense Department were compromised as part of the massive MOVEit hack, which to date has been found to directly and indirectly impact over 2,500 organizations and 67 million individuals. The exposed email addresses are not considered highly sensitive and the Russian cybercrime gang that took credit for the attack claimed it deleted data related to government and military organizations.
BlackCat ransomware group takes credit for Henry Schein attack
The BlackCat/Alphv ransomware group has taken credit for the recently disclosed cyberattack targeting healthcare solutions giant Henry Schein. The hackers claim to have encrypted files on the company’s systems and stolen 35 Tb of sensitive data.
Prolific Puma link shortening service used by cybercriminals
A ‘shadowy’ link shortening service named Prolific Puma has been analyzed by Infoblox. The company discovered the underground service based on DNS analytics and found that it has facilitated malicious activities for 18 months without getting detected.
Two Russians charged over JFK airport taxi hacking scheme
Two Russian nationals, Aleksandr Derebenetc and Kirill Shipulin, have been charged in the US over their alleged role in a hacking scheme targeting the taxi dispatch system at John F. Kennedy International Airport. Two men that were arrested last year for their alleged role in the scheme, both living in the US, have pleaded guilty. As part of the scheme, the group hacked into the dispatch system at JFK to make modifications so that certain taxi drivers would be sent to the front of the line. Derebenetc and Shipulin remain at large.
New York City announces vulnerability disclosure program
New York City’s Cyber Command has announced the launch of a vulnerability disclosure program whose goal is to make the city’s systems more resilient to cyberattacks by making it easier for developers and security researchers to report vulnerabilities. The program was launched in partnership with Synack. Note that it’s not a bug bounty program — no rewards are being offered for reporting vulnerabilities.
40 countries will pledge not to pay ransom to cybercriminals
An alliance of 40 countries led by the United States will vow not to pay ransoms to cybercriminals, a White House representative said. This is part of an anti-ransomware initiative that includes information sharing and other efforts.
FTC to require non-banking financial institutions to report data breaches
The FTC has announced a Safeguards Rule amendment that will require non-banking financial institutions to report data breaches that impact 500 or more people. The notification must be made as soon as possible, but no later than 30 days after the incident was discovered.
Mandiant and Google Cloud release 2023 Threat Horizons Report
Mandiant and Google Cloud have released the 2023 Threat Horizons Report to provide intelligence, research, and security recommendations, with a focus on the healthcare industry. The report found that healthcare organizations in North America, Asia and Western Europe are primarily targeted by cybercriminals, who often intentionally disrupt patient safety and life-saving medical care to get victims to pay a ransom.
UK guidance on post-quantum cryptography
The UK’s National Cyber Security Centre has published new guidance on how private, public sector, and critical national infrastructure organizations can prepare for the migration to post-quantum cryptography, to harden their defenses against attacks from cryptographically-relevant quantum computers.
CISA requests public comment on software identification ecosystem analysis paper
The US cybersecurity agency CISA has requested public comment on a newly published Software Identification Ecosystem Option Analysis paper, which presents potential ways of addressing challenges to building a robust software identification ecosystem that can be used across industry. Public commenting closes on December 11, 2023.
MFA enabled by default in Oracle cloud
Oracle is trying to further reduce the attack surface of Oracle Cloud Infrastructure (OCI) by enabling multi-factor authentication (MFA) by default. New tenancies are created with MFA enabled by default, and existing tenancies have been seeded with a default policy that enforces the use of MFA.
Related: In Other News: Ex-NSA Employee Spying for Russia, EU Threat Landscape, Cyber Education Funding
