Cyware Daily Threat Intelligence
Daily Threat Briefing • Dec 27, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Dec 27, 2023
As we head into the final few days of a momentous year, cybercriminals continue to cause havoc across numerous sectors. National Amusements, a major player in the media and entertainment sectors, revealed an intrusion impacting the personal information of over 82,000 people. Meanwhile, the healthcare sector saw breaches affecting the Southeast Michigan-based Corewell Health and the Oklahoma-based non-profit health network, Integris Health. Hundreds of thousands of patients' data may be at risk.
On the malware front, developers of the Mallox ransomware have come up with an upgraded PowerShell script to bypass anti-virus AMSI detection, making it a stealthier threat. Barracuda Networks has, once again, patched zero-day bugs in its Email Security Gateway (ESG) devices to prevent arbitrary code execution attacks.
Media and entertainment giant breached
National Amusements, the holding entity for Paramount and CBS, has acknowledged a cybersecurity incident resulting in the unauthorized access of personal data belonging to 82,128 individuals. This security lapse transpired in December 2022, but its discovery was delayed until August 2023. The exact nature of the compromised information remains uncertain, though it could encompass financial details.
Data theft at parking app operator
Europe’s largest parking app operator has reported itself to authorities in the EU and UK after hackers stole customer data. EasyPark Group, the owner of brands including RingGo and ParkMobile, said customer names, phone numbers, addresses, email addresses, and parts of credit card numbers were impacted but said parking data had not been compromised in the cyberattack.
1.3 million affected by FNF subsidiary breach
LoanCare, a subsidiary of Fidelity National Financial (FNF), has reported a data breach to state regulators following a cyberattack in November. The breach, claimed by the ALPHV/Blackcat ransomware gang, resulted in unauthorized access to FNF’s IT network. The hackers were able to obtain personal information, including names, addresses, social security numbers, and loan numbers of 1,316,938 individuals.
Another Corewell Health data breach reported
Over one million patients of Corewell Health in Southeast Michigan were hit by a data breach that exposed their medical information. The breach occurred at HealthEC, a population health management platform that provides services to Corewell Health. The exposed information includes names, addresses, dates of birth, Social Security numbers, medical record numbers, diagnoses, and other medical information.
Integris Health patients face extortion threat
Oklahoma-based non-profit health network, Integris Health, has confirmed a cyberattack in November that resulted in the theft of patient data. Extortion emails were sent to patients on December 24, 2023, claiming that their personal data, including Social Security Numbers, addresses, and insurance information, had been stolen. The hackers threatened to sell the data unless an extortion demand was paid by the victims. The extortion emails resemble tactics used by the Hunters International ransomware gang.
Hospital in Jordan gets targeted
The hacking collective known as Rhysida has taken credit for the cyberattack on Abdali Hospital in Jordan. The ransomware group has demonstrated evidence of the breach by releasing stolen documents and is currently offering the confidential data for sale, demanding a payment of 10 Bitcoin.
Mallox ransomware upgraded
The Mallox ransomware group has updated their PowerShell script to bypass anti-virus AMSI detection component, allowing them to execute malicious code without being detected. The script uses a technique developed by a researcher in 2022, which involves patching the Windows Defender registered DLL for AMSI with a shellcode to overwrite the function that scans PowerShell scripts.
Zero-day flaws in Barracuda ESG
Barracuda Networks discovered two zero-day vulnerabilities in its Email Security Gateway Appliance (ESG) devices, which were exploited by the China Nexus actor UNC4841. The two vulnerabilities, tracked as CVE-2023-7102 and CVE-2023-7101, exist in the Spreadsheet::ParseExcel third-party library. Barracuda has issued patches for these flaws to prevent an arbitrary code execution threat.