InfoSecBulletin Cybersecurity for mankind
While healthcare providers are reassessing the use of third-party tracking tools and the cyber risks associated with them, a medical technology provider became the latest to disclose a privacy breach. In other news, FIN7 is back in the headlines. It is targeting a vulnerability in Veeam instances. The education sector is once again in trouble as a California school district is investigating a potential identity theft incident. Here are the top 10 highlights from the past 24 hours.
01
Diabetic patients using the Medtronic InPen app have been affected by a data breach caused by Google tracking tools. Impacted patients include those who used the Android or iOS app from September 2020.
02
FIN7, the notorious Russian cybercrime group, was found abusing unpatched Veeam Backup & Replication instances to run payloads, including the Diceloader backdoor, in compromised environments.
03
BitSight and Curesec researchers identified a high-severity bug in 670 distinct devices, which could result in DoS amplification attacks on over 2,000 organizations worldwide.
04
Investigation into the November 2021 ransomware attack on Jackson and Hillsdale schools revealed that the Hive ransomware group was responsible, who stole personal information such as SSNs.
05
The Elk Grove Unified School district confirmed investigating tax filing issues for some employees, owing to potential identity theft that occurred two weeks back.
06
Attackers are leveraging Docker containers to generate revenue by driving traffic to specific websites and engaging with ads – reported Trend Micro.
07
Pro-Russian threat group Zarya claimed responsibility for attacking a Canadian gas pipeline. However, no physical damage was observed in the Canadian energy infrastructure.
08
ESET researchers spotted a campaign by the Evasive Panda APT group targeting an international NGO in China, delivering a custom backdoor named MgBot.
09
Privileged access management provider Quickpass Cybersecurity rebranded to CyberQP and raised a fund of $12 million from Arthur Ventures.
10
Firmware security provider NetRise raised $8 million in a venture round led by Squadra Ventures, with participation from Miramar Digital Ventures, Sorenson Ventures, and DNX Ventures.
