McLaren Health Care is a fully integrated healthcare delivery system headquartered in Grand Blanc, Michigan, which includes 15 hospitals and employs 28,000 people.
They have started notifying roughly 2.2 million individuals that their personal information was compromised in a data breach earlier this year identified on August 22 and plugged the next day. The threat actor stole names, dates of birth, Social Security numbers, health insurance information, and medical information, including diagnosis, medical record number and more sensitive information.
Through an investigation conducted by 3rd party forensic specialists, it was determined that there was unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023.
In October, the Alphv/BlackCat ransomware gang added McLaren Health Care to its leak website, claiming to have stolen “the confidential data of 2.5 million people” and threatening to auction it. The group published screenshots depicting allegedly stolen files from the healthcare provider, claiming to have been in contact with an organization representative regarding the incident.
https://www.securityweek.com/morgan-stanley-ordered-to-pay-6-5-million-for-exposing-customer-information/
Morgan Stanley has agreed to a $6.5 million settlement over insecurely disposing of hardware containing unencrypted personal information.
Morgan Stanley, a multinational investment bank and financial services company, has agreed to pay a $6.5 million settlement due to negligent internal data security practices. The company failed to securely dispose of hardware containing unencrypted personal information, potentially exposing the personal data of millions of customers.
The issue was discovered during an investigation by the Florida Attorney General’s Office. The investigation found that Morgan Stanley needed to properly erase unencrypted personal information stored on devices being decommissioned. The company hired a moving company with no experience in data-destruction services to decommission thousands of hard drives containing sensitive consumer information and failed to monitor its actions. The moving company sold the computer equipment at internet auctions without Morgan Stanley’s knowledge. A downstream purchaser found the data and contacted Morgan Stanley.
In another instance, Morgan Stanley discovered 42 missing servers potentially containing unencrypted customer information during decommissioning. The investigation attributed this issue to a manufacturer flaw in the encryption software.
The investigation also found that Morgan Stanley failed to implement proper vendor controls and asset inventories, which could have prevented the data exposure. Morgan Stanley must pay $6.5 million as part of the settlement agreement.
In summary, the article highlights instances where Morgan Stanley’s lapses in data security, including improper disposal practices, inadequate monitoring of third-party services, and flaws in encryption software, resulted in the potential exposure of customer information. The settlement reflects the financial consequences of these shortcomings, and it emphasizes the importance for financial institutions to prioritize robust data security measures.
https://www.securityweek.com/windows-hello-fingerprint-authentication-bypassed-on-popular-laptops/
Researchers from Blackwing Intelligence and Microsoft’s Offensive Research and Security Engineering team successfully bypassed Windows Hello fingerprint authentication on three popular laptops: Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X. The vulnerability, which required physical access, involved either connecting a hacking device or spoofing fingerprint sensors integrated in these laptops. This finding, which highlights potential security flaws in biometric authentication systems, was detailed in a blog post by Blackwing and demonstrated in a video at Microsoft’s BlueHat conference.
In this article, it talks about how agencies within 18 countries endorsed UK developed guidelines on cybersecurity AI. The intentions of these guidelines are to ensure that cybersecurity AI is designed developed and deployed securely. These were developed by NCSC, a UK organization. These guidelines help developers make sure that cybersecurity is essential of AI safety and crucial to the development process. These are broken into four parts: Secure Design, Secure Development, Secure Deployment, and, Secure Operation and Maintenance.
“Hackers Can Exploit ‘Forced Authentication’ to Steal Windows NTLM Tokens”
Cybersecurity researchers have identified a security vulnerability termed “forced authentication,” which exploits a feature in Microsoft Access to potentially leak a Windows user’s NT LAN Manager (NTLM) tokens. The attack involves embedding a specially crafted Access file within common Office file types, such as .accdb or .mdb, tricking victims into opening them. By abusing the linked table feature in Access, attackers can automatically leak NTLM tokens to a server under their control. This manipulation enables a relay attack, exploiting the authentication process with a targeted NTLM server. Although Microsoft has released mitigations for the issue in the Office/Access version, 0patch has provided unofficial fixes for various Office versions. The discovery coincides with Microsoft’s decision to phase out NTLM in Windows 11 in favor of Kerberos for enhanced security.
URL: https://thehackernews.com/2023/11/hackers-can-exploit-forced.html
Hackers attacked the control system of a water booster station in Aliquippa, Pennsylvania. The water supply and drinking water were not affected. The hacking group, Cyber Av3ngers, linked to Iran and targeting an Israeli company’s system, claimed responsibility. The utility quickly detected and stopped the breach. These types of attacks are common in the water sector, leading to increased cybersecurity measures by U.S. authorities.
https://www.infosecurity-magazine.com/news/cyber-criminals-hesitant/
Sophos’ research on dark-web forums found that cybercriminals are currently hesitant to utilize generative AI for attacks. Discussions on large language models (LLMs) were limited, with minimal interest shown by threat actors, who expressed concerns about the risks involved.
Most LLM-related forum posts focused on compromised ChatGPT accounts for sale and ways to bypass LLM protections, rather than developing attack tools. Cybercriminals displayed skepticism towards ChatGPT derivatives, suspecting potential scams.
Attempts to create malware using LLMs were rudimentary and often met with skepticism. Some users inadvertently revealed personal information while showcasing ChatGPT capabilities.
Despite cybercriminals’ reluctance, separate Sophos research demonstrated the potential for LLMs to conduct large-scale fraud. Using tools like GPT-4, Sophos built functional e-commerce websites with AI-generated content, capable of stealing user data.
Sophos emphasized the need to prepare for AI-based threats, highlighting the ease with which LLMs could automate threats and conduct fraudulent activities.
Law enforcement agencies dismantle a significant ransomware operation based in Ukraine. On November 21, locations were searched in Ukraine, leading to the arrest of a 32-year-old alleged ringleader and four accomplices. . The cybercriminals targeted entities across 71 countries, to disrupt large corporations. The suspects had diverse roles, including hacking networks and laundering ransom payments. The criminals employed various techniques such as SQL injections, phishing emails, and brute force attacks, using tools like TrickBot, Cobalt Strike, and PowerShell Empire to access networks. The encryption of over 250 servers belonging to major organizations resulted in losses totaling hundreds of millions of dollars.
https://www.securityweek.com/police-dismantle-major-ukrainian-ransomware-operation/
Law enforcement agencies teamed up in several countries to shut down a major Ukraine-based ransomware operation. The law enforcement agencies teamed up with Europol and Eurojust to arrest a 32-year-old ring leader as well as four key accomplices. The operation targeted thousands of entities across 71 countries disrupting large corporations and their operations. The criminals used SQL injection, phishing emails, and brute force attacks to gain access to corporations’ networks. Over 250 servers that belonged to major organizations were encrypted which caused the organizations to lose millions and millions of dollars. To do this they deployed malware such as Trickbot and tools such as Cobalt Strike and powershell empire to gain access to other systems.
https://www.securityweek.com/los-angeles-sim-swapper-sentenced-to-8-years-in-prison/
Amir Hossein Golshan was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes. He caused about 740,000 dollars worth of loss to hundreds of victims and he had many schemes that he was accounted for like impersonating apple support. He also engaged in a zelle payment fraud scheme. He took over peoples accounts, used a technique called sim swapping and he would then target the persons friends into tricking them to send them money. With all the schemes he did when he impersonated apple support he gained access to victims icloud accounts to steal NFTS, cryptocurrency and other digital property. In total he defrauded five individuals between 2,000 dollars and 389,000 dollars each.
Michigan-based McLaren health care delivery system notifies 2.2 million people of data breach
https://www.securityweek.com/2-2-million-impacted-by-data-breach-at-mclaren-health-care/
McLaren Health Care is a fully integrated healthcare delivery system headquartered in Grand Blanc, Michigan, which includes 15 hospitals and employs 28,000 people.
They have started notifying roughly 2.2 million individuals that their personal information was compromised in a data breach earlier this year identified on August 22 and plugged the next day. The threat actor stole names, dates of birth, Social Security numbers, health insurance information, and medical information, including diagnosis, medical record number and more sensitive information.
Through an investigation conducted by 3rd party forensic specialists, it was determined that there was unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023.
In October, the Alphv/BlackCat ransomware gang added McLaren Health Care to its leak website, claiming to have stolen “the confidential data of 2.5 million people” and threatening to auction it. The group published screenshots depicting allegedly stolen files from the healthcare provider, claiming to have been in contact with an organization representative regarding the incident.
https://www.securityweek.com/morgan-stanley-ordered-to-pay-6-5-million-for-exposing-customer-information/
Morgan Stanley has agreed to a $6.5 million settlement over insecurely disposing of hardware containing unencrypted personal information.
Morgan Stanley, a multinational investment bank and financial services company, has agreed to pay a $6.5 million settlement due to negligent internal data security practices. The company failed to securely dispose of hardware containing unencrypted personal information, potentially exposing the personal data of millions of customers.
The issue was discovered during an investigation by the Florida Attorney General’s Office. The investigation found that Morgan Stanley needed to properly erase unencrypted personal information stored on devices being decommissioned. The company hired a moving company with no experience in data-destruction services to decommission thousands of hard drives containing sensitive consumer information and failed to monitor its actions. The moving company sold the computer equipment at internet auctions without Morgan Stanley’s knowledge. A downstream purchaser found the data and contacted Morgan Stanley.
In another instance, Morgan Stanley discovered 42 missing servers potentially containing unencrypted customer information during decommissioning. The investigation attributed this issue to a manufacturer flaw in the encryption software.
The investigation also found that Morgan Stanley failed to implement proper vendor controls and asset inventories, which could have prevented the data exposure. Morgan Stanley must pay $6.5 million as part of the settlement agreement.
In summary, the article highlights instances where Morgan Stanley’s lapses in data security, including improper disposal practices, inadequate monitoring of third-party services, and flaws in encryption software, resulted in the potential exposure of customer information. The settlement reflects the financial consequences of these shortcomings, and it emphasizes the importance for financial institutions to prioritize robust data security measures.
https://www.securityweek.com/windows-hello-fingerprint-authentication-bypassed-on-popular-laptops/
Researchers from Blackwing Intelligence and Microsoft’s Offensive Research and Security Engineering team successfully bypassed Windows Hello fingerprint authentication on three popular laptops: Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X. The vulnerability, which required physical access, involved either connecting a hacking device or spoofing fingerprint sensors integrated in these laptops. This finding, which highlights potential security flaws in biometric authentication systems, was detailed in a blog post by Blackwing and demonstrated in a video at Microsoft’s BlueHat conference.
https://www.ncsc.gov.uk/news/uk-develops-new-global-guidelines-ai-security
In this article, it talks about how agencies within 18 countries endorsed UK developed guidelines on cybersecurity AI. The intentions of these guidelines are to ensure that cybersecurity AI is designed developed and deployed securely. These were developed by NCSC, a UK organization. These guidelines help developers make sure that cybersecurity is essential of AI safety and crucial to the development process. These are broken into four parts: Secure Design, Secure Development, Secure Deployment, and, Secure Operation and Maintenance.
“Hackers Can Exploit ‘Forced Authentication’ to Steal Windows NTLM Tokens”
Cybersecurity researchers have identified a security vulnerability termed “forced authentication,” which exploits a feature in Microsoft Access to potentially leak a Windows user’s NT LAN Manager (NTLM) tokens. The attack involves embedding a specially crafted Access file within common Office file types, such as .accdb or .mdb, tricking victims into opening them. By abusing the linked table feature in Access, attackers can automatically leak NTLM tokens to a server under their control. This manipulation enables a relay attack, exploiting the authentication process with a targeted NTLM server. Although Microsoft has released mitigations for the issue in the Office/Access version, 0patch has provided unofficial fixes for various Office versions. The discovery coincides with Microsoft’s decision to phase out NTLM in Windows 11 in favor of Kerberos for enhanced security.
URL: https://thehackernews.com/2023/11/hackers-can-exploit-forced.html
Hackers attacked the control system of a water booster station in Aliquippa, Pennsylvania. The water supply and drinking water were not affected. The hacking group, Cyber Av3ngers, linked to Iran and targeting an Israeli company’s system, claimed responsibility. The utility quickly detected and stopped the breach. These types of attacks are common in the water sector, leading to increased cybersecurity measures by U.S. authorities.
https://www.securityweek.com/hackers-hijack-industrial-control-system-at-us-water-utility/
https://www.infosecurity-magazine.com/news/cyber-criminals-hesitant/
Sophos’ research on dark-web forums found that cybercriminals are currently hesitant to utilize generative AI for attacks. Discussions on large language models (LLMs) were limited, with minimal interest shown by threat actors, who expressed concerns about the risks involved.
Most LLM-related forum posts focused on compromised ChatGPT accounts for sale and ways to bypass LLM protections, rather than developing attack tools. Cybercriminals displayed skepticism towards ChatGPT derivatives, suspecting potential scams.
Attempts to create malware using LLMs were rudimentary and often met with skepticism. Some users inadvertently revealed personal information while showcasing ChatGPT capabilities.
Despite cybercriminals’ reluctance, separate Sophos research demonstrated the potential for LLMs to conduct large-scale fraud. Using tools like GPT-4, Sophos built functional e-commerce websites with AI-generated content, capable of stealing user data.
Sophos emphasized the need to prepare for AI-based threats, highlighting the ease with which LLMs could automate threats and conduct fraudulent activities.
https://www.securityweek.com/police-dismantle-major-ukrainian-ransomware-operation/
Law enforcement agencies dismantle a significant ransomware operation based in Ukraine. On November 21, locations were searched in Ukraine, leading to the arrest of a 32-year-old alleged ringleader and four accomplices. . The cybercriminals targeted entities across 71 countries, to disrupt large corporations. The suspects had diverse roles, including hacking networks and laundering ransom payments. The criminals employed various techniques such as SQL injections, phishing emails, and brute force attacks, using tools like TrickBot, Cobalt Strike, and PowerShell Empire to access networks. The encryption of over 250 servers belonging to major organizations resulted in losses totaling hundreds of millions of dollars.
https://www.securityweek.com/police-dismantle-major-ukrainian-ransomware-operation/
Law enforcement agencies teamed up in several countries to shut down a major Ukraine-based ransomware operation. The law enforcement agencies teamed up with Europol and Eurojust to arrest a 32-year-old ring leader as well as four key accomplices. The operation targeted thousands of entities across 71 countries disrupting large corporations and their operations. The criminals used SQL injection, phishing emails, and brute force attacks to gain access to corporations’ networks. Over 250 servers that belonged to major organizations were encrypted which caused the organizations to lose millions and millions of dollars. To do this they deployed malware such as Trickbot and tools such as Cobalt Strike and powershell empire to gain access to other systems.
https://www.securityweek.com/los-angeles-sim-swapper-sentenced-to-8-years-in-prison/
Amir Hossein Golshan was sentenced to 96 months in prison for perpetrating multiple cybercrime schemes. He caused about 740,000 dollars worth of loss to hundreds of victims and he had many schemes that he was accounted for like impersonating apple support. He also engaged in a zelle payment fraud scheme. He took over peoples accounts, used a technique called sim swapping and he would then target the persons friends into tricking them to send them money. With all the schemes he did when he impersonated apple support he gained access to victims icloud accounts to steal NFTS, cryptocurrency and other digital property. In total he defrauded five individuals between 2,000 dollars and 389,000 dollars each.