This Week in Cybersecurity: 18th March to 22nd March, CISA Hacked!

This Week in Cybersecurity: 18th March to 22nd March, CISA Hacked!
Table of Contents
    Add a header to begin generating the table of contents

    CISA Hacked, IMF Breached, AT&T Data Leaked, United Healthcare Pays $2B


    CISA Hacked, Key Systems Forced Offline

    Unknown hackers have breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA), forcing the agency to take its key systems offline. The attack exploited vulnerabilities in Ivanti products used by CISA. The compromised systems include the Infrastructure Protection Gateway and the Chemical Security Assessment Tool, both containing sensitive information. The responsible parties have not been identified, but there are indications of a sophisticated and espionage-motivated cyber campaign. Read more

    IMF Investigates Cybersecurity Breach that Compromised its Email Accounts

    The International Monetary Fund (IMF) is currently conducting an investigation into a cybersecurity breach that led to the compromise of several internal email accounts. The breach was initially discovered on February 16th and the IMF, in collaboration with independent cybersecurity experts, has taken remediation measures. The investigation revealed that 11 IMF email accounts were compromised, but there is no indication of further compromise beyond these accounts. Read more

    AT&T Data Leaked Impacting 70 Million but AT&T Denies Despite Strong Evidence

    AT&T denies that leaked data impacting 70 million users came from their systems, claiming it is from a previous 2021 cybersecurity breach. However, evidence suggests the leaked data contains personal information, including names, addresses, phone numbers, and encrypted birth dates and social security numbers. AT&T advises customers to be cautious of targeted attacks and refrain from sharing personal information. Read more

    Fujitsu Hacked with Malware, Company Warns of Data Breach

    Fujitsu has detected malware on its computers, potentially leading to a cybersecurity data breach. The company has isolated affected computers and enhanced monitoring. An investigation is underway to assess the extent of unauthorized access and data extraction. Fujitsu has notified affected individuals, reported the incident to regulatory authorities, and found no evidence of data misuse. Read more

    Enhanced OSINT with DarkGPT, An AI Tool to Detect Leaked Databases

    DarkGPT leverages the power of natural language processing to assist with queries about databases that may have been compromised. Built using Anthropic’s Constitutional AI technique on GPT-4, DarkGPT can understand plain English questions and provide contextual responses to cybersecurity professionals so they can focus more on high level OSIN. Read more

    United Healthcare Pays $2B After Change Healthcare Cyber Attack, Health Insurers Split Over the Relief

    United Healthcare has paid $2 billion in expenses following the Change Healthcare cyber attack. Health insurers are divided over relief efforts. Insurers have handled 95% of affected claims, and efforts are being made to assist small medical practices. Patient care remains unaffected, and government health programs won’t face additional expenses. UnitedHealth is making progress in restoring systems followin the cybersecurity incident and has provided advance payments to affected providers. Smaller providers relying on Change Healthcare may face credit profile impacts. Insurers have processed claims through alternative networks. Read more

    Chinese APT ‘Earth Krahang’ Breaches 70 Organizations Across 45 Countries

    The Chinese APT group known as ‘Earth Krahang’ has breached 70 organizations across 45 countries, according to a report by Trend Micro. The group targets government agencies and uses vulnerability exploits and spearphishing emails to gain initial access. Once inside, they conduct internal reconnaissance and utilize sophisticated tools to establish persistent backdoors. Earth Krahang’s global reach and connections to other Chinese APTs highlight the substantial risks posed by this threat actor. Increased international response is necessary to counter this advanced threat. Read more

    Hackers Breaching US Water Systems, White House and EPA Issues Warning

    U.S. National Security Advisor Jake Sullivan and EPA Administrator Michael Regan have issued a joint letter to governors, warning about the increasing number of cyberattacks targeting water infrastructure in the United States. The letter emphasizes the need for stronger cybersecurity defenses and recovery plans for state water systems. The EPA and NSC are inviting governors to a virtual meeting to discuss collaboration and the establishment of a Water Sector Cybersecurity Task Force. Read more

    Iranian Hackers Claimed Breach at Dimona Nuclear Facility in Israel

    A group of Iranian hackers has claimed to hve successfully breached the networks of Israel’s Dimona nuclear facility in the Negev desert. The Israeli government is currently investigating the legitimacy of the leaked documents associated with the cybersecurity incident. Due to the sensitive nature of the content, the specifics of the documents have been censored by the Israeli government. Cybersecurity experts have expressed doubt about the hackers’ claims and believe that the potential risk posed by the leaked documents is minimal. Read more

    CISA Shares Advisory on Defending Critical Infrastructure Against Volt Typhoon

    CISA, along with NSA, FBI, and other agencies, has issued an advisory to protect critical infrastructure against the Chinese hacking group Volt Typhoon. The advisory provides defense tips and emphasizes empowering cybersecurity teams. Volt Typhoon targets Operational Technology assets and may disrupt critical infrastructure during conflicts. CISA and the FBI urge manufacturers to enhance SOHO router security against their attacks. Read more

    Mintlify Data Breached Through Compromised GitHub Tokens

    Software vendor Mintlify suffered a data breach exposing 91 customer GitHub tokens after a vulnerability allowed unauthorized access to private API endpoints and admin tokens. They immediately revoked all GitHub access and patched the flaw. An investigation found one customer’s repository was accessed. Mintlify is enhancing security measures like API monitoring and launching a bug bounty program. They advise customers to update passwords, enable two-factor authentication, and monitor accounts for unusual activity. Read more

    Related Posts