BU-CERT – Bournemouth University Computer Emergency Response Team

A CYBER ATTACK PARALYZED OPERATIONS AT SYNLAB ITALIA

Posted on 23 April 2024

From securityaffairs.com

Since April 18, Synlab Italia, a major provider of medical diagnosis services, has been experiencing disruptions due to a cyber attack.

The company initially cited technical issues as the cause leading to “temporary interruption of access to computer and telephone systems and related services.” However, a concerning scenario has emerged a few hours later.

The company has released a statement informing customers of the ongoing attack and has “disabled” all company computer systems in Italy as a precautionary measure.

Patients are facing significant disruptions, with many social media users complaining about their inability to access urgently needed diagnostic test results.

The company’s statement announced the suspension of all activities at sampling points, medical centers, and laboratories in Italy until further notice.

Cyber insurance gaps stick firms with millions in uncovered losses

Posted on 23 April 2024

From cybersecuritydive.com

Dive Brief:

The majority of companies, 4 in 5, have suffered a cyberattack that wasn’t fully covered under their cyber insurance policy, according to an analysis by cyber risk quantification firm CYE.
On average, each insurance gap left more than three-quarters of a breach uncovered, CYE said in a report released Wednesday. The research, which analyzed 101 breaches across various sectors, revealed an average of $27.3 million in uncovered losses per incident.

Europol Calls For Tech Giants To Get Lawful Access To End-To-End Encryption

Posted on 23 April 2024

From gbhackers.com

The ongoing tension between privacy rights and public safety, Europol, along with European Police Chiefs, has issued a call for tech giants to provide lawful access to encrypted communications.

This development comes as major social media platforms, including those owned by Meta, begin to implement end-to-end encryption. This technology prevents anyone except the communicating users from accessing the messages.

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

Posted on 23 April 2024

From thehackernews.com

The U.S. Department of State on Monday said it’s taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses.

“These individuals have facilitated or derived financial benefit from the misuse of this technology, which has targeted journalists, academics, human rights defenders, dissidents and other perceived critics, and U.S. Government personnel,” the department said.

Behavioral patterns of ransomware groups are changing

Posted on 23 April 2024

From helpnetsecurity.com

Q1 saw substantial shifts in activity from some of the most prolific Ransomware-as-a-Service (RaaS) groups, according to GuidePoint Security.

RaaS groups attempt to recruit disaffected or displaced affiliates

In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals.

“Overall, we’re seeing an increasingly volatile ransomware ecosystem. Law enforcement disruptions this quarter appear to have temporarily slowed or shifted operational activities of prolific Ransomware-as-a-Service (RaaS) groups, including Alphv and LockBit,” said Drew Schmitt, Practice Lead, GRIT.

Misconfigured cloud server leaked clues of North Korean animation scam

Posted on 23 April 2024

From theregister.com

A misconfigured cloud server that used a North Korean IP address has led to the discovery that film production studios including the BBC, Amazon, and HBO Max could be inadvertently hiring workers from the hermit kingdom for animation projects.

The server – which according to think tank Stimson Center is no longer being utilized – was discovered by the author of NK Internet blog, Nick Roy, in late 2023.

The Stimson Center, together with Roy, analyzed the files that would appear every day on the server’s blog, according to a post on the think tank’s blog, 38 North, penned by Martin Williams.

Many of those files included instructions for animation work and results of that day’s work, uploaded by unknown individuals. Editing comments and instructions were frequently written in Chinese, accompanied by a Korean translation.

Russia’s APT28 Exploited Windows Print Spooler Flaw to Deploy ‘GooseEgg’ Malware

Posted on 23 April 2024

From thehackernews.com

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg.

The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for privilege escalation (CVE-2022-38028, CVSS score: 7.8).

It was addressed by Microsoft as part of updates released in October 2022, with the U.S. National Security Agency (NSA) credited for reporting the flaw at the time.

According to new findings from the tech giant’s threat intelligence team, APT28 – also called Fancy Bear and Forest Blizzard (formerly Strontium) – weaponized the bug in attacks targeting Ukrainian, Western European, and North American government, non-governmental, education, and transportation sector organizations.