OSF Healthcare notifies patients of ransomware incident, Pfizer leaks customer prescriptions, and more

Originally published at: https://cloudsek.com/threatintel/osf-healthcare-notifies-patients-of-ransomware-incident-pfizer-leaks-customer-prescriptions-and-more/

Round Up of Major Breaches and Scams

OSF Healthcare notifying patients of the Blackbaud incident

OSF HealthCare System (“OSF”) is mailing letters to its patients advising them of the Blackbaud ransomware incident that has already impacted more than 10 million other patients. On August 20, 2020, OSF’s investigation and review of the Blackbaud database involved in the incident determined that it contained some patient information, including names, addresses, phone numbers, email addresses, dates of birth, treatment facilities, treating physicians, departments of service, room numbers and/or medical record numbers.

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud. Pharma giant Pfizer has leaked the private medical data of prescription-drug users in the U.S. for months or even years, thanks to an unprotected Google Cloud storage bucket. The exposed data includes phone-call transcripts and personally-identifiable information (PII), according to vpnMentor’s cybersecurity research team.

Adblockers installed 300,000 times are malicious and should be removed now

Adblocking extensions with more than 300,000 active users have been surreptitiously uploading user browsing data and tampering with users’ social media accounts thanks to malware its new owner introduced a few weeks ago, according to technical analyses and posts on Github. Hugo Xu, developer of the Nano Adblocker and Nano Defender extensions, said 17 days ago that he no longer had the time to maintain the project and had sold the rights to the versions available in Google’s Chrome Web Store.

Round Up of Major Malware and Ransomware Incidents

Barnes & Noble hit by Egregor ransomware, strange data leaked

The Egregor ransomware gang is claiming responsibility for the cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th, 2020. The attackers state that they stole unencrypted files as part of the attack. Barnes & Noble is the largest brick-and-mortar bookseller in the United States, with over 600 bookstores in fifty states. The bookseller also operated the Nook Digital, which is their eBook and e-Reader platform.

Microsoft says it took down 94% of TrickBot’s command and control servers

Last week, a coalition of cyber-security firms led by Microsoft orchestrated a global takedown against TrickBot, one of today’s largest malware botnets and cybercrime operations. Even if Microsoft brought down TrickBot infrastructure in the first few days, the botnet survived, and TrickBot operators brought new command and control (C&C) servers online in the hopes of continuing their cybercrime spree.

Montreal’s STM public transport system hit by ransomware attack

Montreal’s Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems. On October 19th, STM suffered an outage that affected its IT systems, website, and customer support. While these outages did not affect the operation of buses or metro systems, people with disabilities who rely on STM’s door-to-door paratransit service are affected as it uses an online registration system.

MI: Dickinson County Healthcare System responding to malware attack

The Dickinson County Healthcare System is in the process of a confidential investigation and recovery after the hospital had a ransomware attack on Saturday. A written statement provided to TV6, from the hospital says, ‘DCHS is in the process of responding to a recent security incident involving malicious software (commonly known in the industry as ransomware) that has disrupted access to computer systems at our hospital and clinics. Upon discovery of unauthorized access to our IT system on the morning of Saturday, October 17, we took the utmost precautions to shut down the system to isolate the threat.

Mobile Browser Bugs Open Safari, Opera Users to Malware

A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns. The bugs, reported by Rapid7 and independent researcher Rafay Baloch, affect six browsers, ranging from the common. They allow an attacker to present a fake address for a web page – which is a problem in the mobile world, where a URL is often the only verification of legitimacy that users have before navigating to a website.

Round Up of Major Vulnerabilities and Patches

NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers. The US National Security Agency (NSA) today published a list of the top 25 publicly known vulnerabilities most often scanned for and targeted by state-sponsored attackers out of China. Chinese state-sponsored cyber activity is “one of the greatest threats” to US National Security Systems, the US Defense Industrial Base, and Department of Defense information networks, the NSA writes in its advisory.

VMware patches, among other things, ESXi flaw that can be abused by miscreants on the network to hijack hosts

Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software. In an advisory published this morning, VMware revealed six vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and NSX-T products. CVE-2020-3992, which tops the list with a 9.8 out of 10 CVSS severity rating, is a use-after-free vuln in the ESXi hypervisor that can be exploited via the network to run malicious code on the target host.

Google releases Chrome security update to patch actively exploited zero-day

Google has released Chrome version 86.0.4240.111 earlier today to deploy security fixes, including a patch for an actively exploited zero-day vulnerability. The zero-day is tracked as CVE-2020-15999 and is described as a memory corruption bug in the FreeType font rendering library that’s included with standard Chrome distributions. In-the-wild attacks leveraging this FreeType bug were discovered by security researchers from Project Zero, one of Google’s internal security teams.

Cisco warns of attacks targeting high severity router vulnerability

Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. The vulnerability impacts third-party white box routers and the following Cisco products if they run vulnerable Cisco IOS XR Software versions.

Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio

Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest. There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user. They affect Adobe Illustrator, Adobe Animate, Adobe After Effects, Adobe Photoshop, Adobe Premiere Pro, Adobe Media Encoder, Adobe InDesign and the Adobe Creative Cloud Desktop Application.

Seven mobile browsers vulnerable to address bar spoofing attacks

An “address bar spoofing” vulnerability refers to a bug in a web browser that allows a malicious website to modify its real URL and show a fake one instead — usually one for a legitimate site. Address bar spoofing vulnerabilities have been around since the early days of the web, but they have never been so dangerous as they are today. While on desktop browsers there are various signs and security features that could be used to detect when malicious code alters the address bar to display a bogus URL.