Welcome back, it’s Threat Thursday once again, and we have a few developing stories on the forefront.
FIRST, Threat Intelligence Email Blasts This Week
HHS Issues Urgent Alert to IT Helpdesks Serving Healthcare Organizations The Health and Human Services Department has issued an urgent alert to IT helpdesks across the nation, specifically those serving healthcare organizations, related to tailored social engineering attacks on helpdesk engineers. It’s officially time to go shields up and brief your helpdesk team today about the risks!
Developing Supply Chain Attack through Sisense Analytics Platform – CISA has issued an urgent alert over the last 24 hours to call attention to the breach of a major Data Analytics platform embedded in thousands of companies across the US. Because the platform integrates with numerous other platforms to source its data for analysis, this is being seen as a major supply chain attack. While we still don’t know the breadth of the breach, we do know customer information was compromised. Please immediately follow these CISA recommendations.
- Reset credentials and secrets potentially exposed to, or used to access, Sisense services.
- Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed to, or used to access, Sisense services.
Other Items in the Landscape
Over 90,000 D-Link NAS devices under attack due to a built-in backdoor – This is a high priority threat intelligence item. Over 90,000 Internet exposed DLINK NAS devices are vulnerable to exploit that would give an attacker full remote control. The solution is phasing out end-of-life NAS devices in your environment.
LG TV Vulnerabilities Expose Over 91,000 smart devices – The software powering LG TVs, Web OS, versions 4 – 7 has been reported to be vulnerable to an authorization bypass exploit. Although LG TVs are only intended to be accessible on your local network, bad network configuration has made close to 100,000 TVs into a prime target for attackers. Updates to all LG TVs are recommended as well as an infrastructure audit for shadow devices such as smart TVs that may have gone unnoticed.
New SharePoint Technique Allows Attackers to Steal Data Without Showing Up on Logs – A technique has been discovered that would allow an attacker to exfiltrate data from SharePoint environments without showing up in logs, and therefore, not triggering alerts in many security products that monitor SharePoint. As far as mitigation, Microsoft has stated that security vendors should be building products that can detect this. As a result, they are not recommending any updates to SharePoint environments, but rather, advocating the use of better security products.
Change HealthCare Ransomed Again – This time Change HealthCare has fallen prey to another ransomware gang, apparently one whose affiliates had some cooperation with BlackCat. The well-known ransom group RansomHub is threatening to release the previously stolen Change HealthCare data if a second ransom is not paid. While this may not result in as much of a service disruption as the original attack, it speaks to the uncertainty of paying a ransom in the first place.
Historic Patch Tuesday Release Features 149 flaws including 2 zero-days – In one of the most severe Patch Tuesday updates to date, Microsoft has acknowledged a whopping 149 flaws. Some of these flaws have been observed in the wild and others have a tag of “exploitation more likely”. In addition, Patch Tuesday came with serious updates for Adobe software, Android devices, Cisco, Dell, Fortinet, Google Chrome, and a host of others. Please review this article for more detailed information and continue to update your Microsoft systems regularly as hackers are watching these Tuesday updates for fresh opportunities.
As always, please stay vigilant!