Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development Meta Changes AI Content Labeling; YouTube Updates Privacy Guidelines Rashmi Ramesh (rashmiramesh_) • July 2, 2024     Image: Shutterstock Meta and YouTube updated their artificial intelligence policies to address the altered content appearing on their platforms. See Also: […]

La entrada Meta and YouTube Update Their AI Content Policies – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The ransomware attack that crippled Synnovis, a key pathology provider for southeast London's NHS Trusts, continues to disrupt critical services nearly a month after the initial attack. While some progress has been made, the slow recovery highlights the fragility of healthcare infrastructure and the potential for wider patient data breaches.

Technical Hurdles Plague Restoration Efforts

The attack that took place on June 3 knocked out most of Synnovis' IT systems, impacting everything from lab analysis equipment to results transmission. With electronic workflows crippled, the lab reverted to manual processes, significantly hindering processing capacity and turnaround times.

The daily blood sampling count in major London hospitals plunged from 10,000 to merely 400 per day after the cyberattack. The biggest challenge that Synnovis is facing is that all its automated end-to-end laboratory processes are offline, since all IT systems have been locked down in response to the ransomware attack.

The ongoing recovery prioritizes critical systems first. New middleware deployed at partner hospitals aims to streamline result reporting, but full restoration remains a distant prospect. Synnovis is collaborating its parent company, SYNLAB, and NHS to ensure a secure and phased recovery.

Mutual Aid Boosts Capacity, But Data Breach Looms Large

To address the backlog of critical tests, Synnovis implemented a "Mutual Aid" program across southeast London boroughs, leveraging partner labs within the NHS network. Additionally, SYNLAB is diverting resources from its wider UK and international network to bolster processing capacity.

However, a more concerning development emerged on June 20. A Russian ransomware group called Qilin claimed responsibility for the attack and leaked data online. Synnovis later confirmed the published data was stolen from its administrative drives.

"This drive held information which supported our corporate and business support activities. Synnovis personnel files and payroll information were not published, but more needs to be done to review other data that has been published relating to our employees." - Synnovis

While a full analysis is ongoing, initial findings suggest the data may contain patient information like full names, NHS numbers, and test codes.

Uncertainties for Synnovis Remain as Investigation Continues

The stolen data appears partial and in a complex format, making analysis and identification of impacted individuals challenging. Synnovis, with assistance from the NCSC and NHS cybersecurity specialists, is investigating the attack's scope and potential data breach. Law enforcement and the Information Commissioner are also kept informed.

Mark Dollar, CEO of Synnovis, acknowledged the disruption and expressed regret for the inconvenience caused.

“We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry. While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated.” - Mark Dollar, CEO of Synnovis

However, the timeline for full system restoration and the extent of the potential data breach remain unclear.

The Synnovis attack highlights a broader trend within healthcare IT systems and the potential consequences of third-party cyberattacks. SYNLAB, the parent company of Synnovis, has been targeted by cybercriminals multiple times in the last year. Similar attacks hit their subsidiaries in Italy in April 2024 and a year earlier in France. These incidents underline a concerning rise in third-party vulnerabilities within the healthcare industry.

As Synnovis grapples with recovery, the cybersecurity community awaits further details on the data breach and its potential impact on patients.

Apple has taken steps to enhance the security of its popular AirPods lineup by addressing a critical Bluetooth vulnerability through a new firmware update. This AirPods firmware update,  identified as Firmware 6A326 and 6F8, is aimed at several models including AirPods, AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. The AirPods vulnerability tracked as CVE-2024-27867 and discovered by Jonas Dreßler, posed a potential risk where attackers within Bluetooth range could spoof a user's device and gain unauthorized access to their AirPods. This issue highlights the importance of timely updates to protect Apple devices from cyberattacks. 

AirPods Firmware Update Fixes Major Bluetooth Vulnerability

Initially, Apple's AirPods firmware update patch notes appeared routine, mentioning "bug fixes and other improvements." However, further details on Apple's security website revealed the update's critical nature, specifically addressing an authentication issue with improved state management related to Bluetooth connections. For affected users, the AirPods firmware update will be applied automatically when AirPods are paired with an iPhone or another compatible device. To verify the update, users can check the firmware version by navigating to Settings > Bluetooth on iOS devices or System Settings > Bluetooth on Macs. This proactive approach highlights the regular updates required by devices regardless of operation systems. By promptly addressing vulnerabilities such as the AirPods vulnerability, Apple aims to create a safer digital environment for its users worldwide.

Fixing Several Apple Product Vulnerabilities

Beyond addressing the AirPods vulnerability, the firmware update also includes general bug fixes and performance improvements. This comprehensive approach ensures not only enhanced security but also a smoother user experience across the AirPods ecosystem. Users are encouraged to stay vigilant and keep their devices updated to the latest firmware version. This practice is crucial for safeguarding against potential security risks and maintaining the integrity of personal data. Apple's dedication to security is further demonstrated through its adherence to industry-standard practices, including not disclosing specific security issues until patches or releases are available and thoroughly tested. This approach ensures that users can trust Apple products to protect their privacy and security effectively. For more detailed information about the update and additional security-related matters, users can visit Apple's official security updates page and review the comprehensive product security documentation available.

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.)

The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

Or junk it if EOL: Two nasty vulnerabilities need an update—pronto.

The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.

The City of Wichita has made significant progress in recovering from a cyberattack that disrupted many city services early last month. More than a month later, the City of Wichita cyberattack update has come up stating that most public-facing systems are back online, although some services are still being restored. The city reports that water metering, billing, and payment processing systems are gradually coming back online.

City of Wichita Cyberattack Update

Water Services Restored Customers can expect to receive updated statements this week. Auto-payments have resumed normal operations, and customers now have full access to their utility accounts online. Bills can be paid by credit card, cash, check, and money order at City Hall, online at City's payment portal, by calling (316) 265-1300, or through the mail. Due to the cyberattack on City of Wichita, some June bills may cover more than 60 days of service. Customers needing help with these bills are encouraged to contact a representative at (316) 265-1300 to arrange a payment plan. Library Services Update The Wichita Public Library has also seen progress, though some services remain affected. Public Wi-Fi is available at all locations, and patrons can access Libby for eBooks, audiobooks, and digital magazines. Additionally, materials can be checked in and out manually. However, hold requests and renewals, customer account information, the online catalog, the automated materials handler at the Advanced Learning Library, and online databases like Kanopy and LinkedIn Learning are still unavailable. Airport and Court Systems At the Wichita Dwight D. Eisenhower National Airport, public flight and gate display information is not yet available online but is expected to be restored soon. The Municipal Court has made strides in recovery, with most systems operational. The public search of warrants is anticipated to be online by Monday, June 10. The City’s Information Technology team is working to fix the remaining system outages. The city appreciates residents' patience as there may be occasional service interruptions during ongoing recovery efforts.

What Happened During the City of Wichita Cyberattack

The Cyber Express reported that the cyberattack occurred on May 5, leading to the shutdown of several online city services, including water bill payments, some city-building Wi-Fi, and electronic payments. LockBit, a known ransomware group, claimed responsibility for the cyberattack. This followed an earlier notification from the City of Wichita regarding a ransomware incident, although the responsible group was not initially disclosed. The ransomware attack has shown the vulnerabilities in the city's IT systems and the importance of strong cybersecurity measures. Despite the challenges, the city has worked hard to restore essential services to its residents. The City of Wichita urges residents to stay informed through official updates and to reach out to the provided contact points for help. The city remains committed to being transparent and providing the necessary support to its residents during this recovery period.

Microsoft has released the June 2024 Patch Tuesday updates, reinforcing security and enhancing functionality for Windows 11 and 10 users alike. Among these updates, the tech giant has also addressed 49 vulnerabilities affecting Microsoft environments and products. “Microsoft patched 49 CVEs in its June 2024 Patch Tuesday release, another sub-60 CVE release for the second month in a row. This month, Microsoft did not patch any zero-day vulnerabilities exploited in the wild. Typically, Microsoft Patch Tuesday releases skew towards being mostly remote code execution vulnerabilities," said Satnam Narang, Senior Staff Research Engineer at Tenable. For those using the Windows 11 operating systems with versions 23H2 and 22H2, the KB5039212 patch awaits in the Windows Update queue. This comprehensive Microsoft Patch Tuesday Update introduces several notable tweaks.

Microsoft Patch Tuesday Update: All the Major Developments and Fixes

With this June Microsoft Patch Tuesday update, the tech giant has introduced a slew of user-friendly updates, including the ability to generate QR codes directly from the Windows Share menu in Microsoft Edge, facilitating seamless sharing of webpages and cloud files. Enhancements to the Windows Share feature now allow users to easily email content to themselves using their linked email address from their Microsoft account, while a subtle but impactful change prevents the abrupt dismissal of the Windows Share window, requiring users to click the designated close button instead. File management is streamlined with the ability to drag files between breadcrumbs within the File Explorer address bar, simplifying the process of relocating files within the same file path. Additionally, a new "Linked devices" page in the Settings menu enables users logged in with a Microsoft account to seamlessly manage their PCs and Xbox consoles, while the Windows Backup app now integrates with Microsoft accounts, offering secure backup options for files, themes, settings, installed apps, and Wi-Fi credentials to the cloud. Microsoft has also addressed underlying issues with this June 2024 Patch Tuesday, including a fix for an issue causing the taskbar to briefly malfunction or become unresponsive, as well as resolving an issue hindering systems from resuming from hibernation post-BitLocker activation. “In 2023, remote code execution flaws accounted for over one-third (35.1%) of all CVEs patched. However, this Patch Tuesday release was dominated by elevation of privilege flaws, accounting for nearly half of the CVEs patched (49%) this month. Microsoft patched CVE-2024-30089, an elevation of privilege flaw in the Microsoft Streaming Service. Like many of the elevation of privilege flaws patched as part of Patch Tuesday, Microsoft labelled this one as “Exploitation More Likely,” said Narang. For Windows 11 users on the original iteration of the OS (21H2), the KB5039213 patch primarily focuses on bug fixes, with the added activation of the SMB over QUIC client certificate authentication feature, providing IT administrators with enhanced control over client access to SMB over QUIC servers.

Addressing 49 Vulnerabilities with Vigilance

With cyber threats looming large, Microsoft's June 2024 Patch Tuesday release stands as a protective measure against hackers and ransomware groups alike, addressing a total of 49 CVEs. Among these, one is rated critical, marking a concerted effort to shore up security defenses. Notably, there have been no reported zero-day or publicly disclosed vulnerabilities, underscoring Microsoft's proactive stance on security. Elevation of Privilege (EoP) vulnerabilities take center stage, constituting 49% of the patched vulnerabilities this month, followed closely by Remote Code Execution (RCE) at 36.7%. Several critical vulnerabilities have been identified, including CVE-2024-30080, a Remote Code Execution flaw in Microsoft Message Queuing (MSMQ) with a CVSSv3 score of 9.8, deemed highly exploitable by Microsoft. Additionally, CVE-2024-30082, CVE-2024-30087, and CVE-2024-30091 highlight the significance of patching critical components like the Win32k driver to prevent potential exploits. Similarly, attention is drawn to Windows Kernel vulnerabilities CVE-2024-30064, CVE-2024-30068, CVE-2024-30088, and CVE-2024-30099, emphasizing the necessity of comprehensive patch management. Moreover, CVE-2024-30085 highlights the varied attack vectors adversaries may exploit, necessitating swift remediation. “These types of flaws are notoriously useful for cybercriminals seeking to elevate privileges on a compromised system. When exploited in the wild as a zero-day, they are typically associated with more advanced persistent threat actors or as part of targeted attacks," said Narang. He added further, "This vulnerability was disclosed to Microsoft by the same security researcher that disclosed CVE-2023-36802, another Microsoft Streaming Service elevation of privilege flaw, which was patched in the September 2023 Patch Tuesday. Curiously, that flaw was disclosed by the researcher, but it was Microsoft themselves that noted it as being exploited in the wild. Another Microsoft Streaming Service flaw was patched this month (CVE-2024-30090), but unlike CVE-2024-30089, this one is labeled as “Exploitation Less Likely.” Concurrently, Microsoft's cessation of security updates for Windows 10 21H2 across several editions stresses the importance of timely upgrades to ensure ongoing protection against online threats.

A month after a cyberattack on Ascension, one of the largest nonprofit healthcare systems in the United States, continues to work expeditiously with industry cybersecurity experts to safely restore systems across its network. Ascension Via Christi has announced an update regarding the Ascension cyberattack that it expects to improve efficiencies and reduce wait times for patients. "Please know our hospitals and facilities remain open and are providing patient care. Ascension continues to make progress in our efforts to safely restore systems across our network. Restoring our Electronic Health Record (EHR) system remains a top priority," stated an official Ascension announcement.

Ascension cyberattack: What All Have Restored?

According to the latest update on the Ascension cyberattack, officials have successfully restored EHR access in Florida, Alabama, Tennessee, Maryland, Central Texas (Ascension Seton and Dell Children's hospitals), and Oklahoma markets. Ascension Via Christi further informed that its hospitals, including St. Francis and St. Joseph hospitals, and Ascension Medical Group clinics in Wichita, have restored the primary technology used for electronic patient documentation in care settings. "This will allow most hospital departments, physician offices, and clinics to use electronic documentation and charting. Patients should see improved efficiencies and shorter wait times. Our team continues to work tirelessly to restore other ancillary technology systems," Ascension Via Christi explained on its website, providing cybersecurity updates for its Kansas facilities. [caption id="attachment_76455" align="aligncenter" width="1024"] Source: Ascension Via Christi Website[/caption] The update for Ascension Via Christi St. Francis followed a national update from Ascension, which reported continued progress in restoring systems across its network. The company aims to have systems fully restored across its ministry by Friday, June 14.

Ascension cyberattack: What Happened?

On May 10, The Cyber Express reported that Ascension faced disruptions in clinical operations due to a cyberattack that prompted the organization to take some of its systems offline. Operating in 19 states and the District of Columbia, Ascension oversees 140 hospitals and 40 senior care facilities. It also boasts a significant workforce of 8,500 providers, 35,000 affiliated providers, and 134,000 associates. In 2023, Ascension’s total revenue amounted to $28.3 billion. Given its substantial revenue and widespread operations, the impact of this cyberattack was significant. The organization detected unusual activity on select technology network systems, prompting an immediate response, investigation initiation, and activation of remediation efforts. Consequently, access to certain systems has been interrupted during the ongoing investigation process. Due to the massive cyberattack, Ascension advised its business partners to temporarily sever connections to its systems as a precautionary measure and stated it would notify partners when it is safe to reconnect. The cyberattack on Ascension disrupted clinical operations, prompting an investigation into the extent and duration of the disruption.

Attention Apache Flink users! The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added an Apache Flink vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting evidence of its active exploitation. Apache Flink is a popular open-source framework for processing large streams of data. It’s widely used in big data analytics and real-time applications. However, like […]

The post CISA Alert: Urgent Update Needed for Apache Flink Vulnerability appeared first on TuxCare.

The post CISA Alert: Urgent Update Needed for Apache Flink Vulnerability appeared first on Security Boulevard.

Daft name, serious risk: Kit from ActionTec and Sagemcom remotely ruined and required replacement.

The post ‘Pumpkin Eclipse’ — 600,000+ Rural ISP Routers Bricked Beyond Repair appeared first on Security Boulevard.

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. Satnam Narang at Tenable said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacker.

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said. “Once exploited, the attacker can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which are security features designed to protect end users from malicious files.”

Kaspersky Lab, one of two companies credited with reporting exploitation of CVE-2024-30051 to Microsoft, has published a fascinating writeup on how they discovered the exploit in a file shared with Virustotal.com.

Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qbot and Pinkslipbot) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.

CVE-2024-30040 is a security feature bypass in MSHTML, a component that is deeply tied to the default Web browser on Windows systems. Microsoft’s advisory on this flaw is fairly sparse, but Kevin Breen from Immersive Labs said this vulnerability also affects Office 365 and Microsoft Office applications.

“Very little information is provided and the short description is painfully obtuse,” Breen said of Microsoft’s advisory on CVE-2024-30040.

The only vulnerability fixed this month that earned Microsoft’s most-dire “critical” rating is CVE-2024-30044, a flaw in Sharepoint that Microsoft said is likely to be exploited. Tenable’s Narang notes that exploitation of this bug requires an attacker to be authenticated to a vulnerable SharePoint Server with Site Owner permissions (or higher) first and to take additional steps in order to exploit this flaw, which makes this flaw less likely to be widely exploited as most attackers follow the path of least resistance.

Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser. Chrome usually auto-downloads any available updates, but it still may require a complete restart of the browser to install them. If you use Chrome and see a “Relaunch to update” message in the upper right corner of the browser, it’s time to restart.

Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches. To ensure your Mac is up-to-date, go to System Settings, General tab, then Software Update and follow any prompts.

Finally, Adobe has critical security patches available for a range of products, including Acrobat, Reader, Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate and Adobe Framemaker.

Regardless of whether you use a Mac or Windows system (or something else), it’s always a good idea to backup your data and or system before applying any security updates. For a closer look at the individual fixes released by Microsoft today, check out the complete list over at the SANS Internet Storm Center. Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on any wonky Windows patches.

Update, May 15, 8:28 a.m.: Corrected misattribution of CVE-2024-30051.

Google has released an update to Chrome which includes seven security fixes. Version 123.0.6312.86/.87 of Chrome for Windows and Mac and 123.0.6312.86 for Linux will roll out over the coming days/weeks.

The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

So, it doesn’t hurt to check now and then. And now would be a good time, given the severity of the vulnerability in this patch. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking Settings > About Chrome.

If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

After the update, the version should be 123.0.6312.86, or later

Technical details

Google never gives out a lot of information about vulnerabilities, for obvious reasons. Access to bug details and links may be kept restricted until a majority of users are updated with a fix.

There is one critical vulnerability that looks like it might be of interest to cybercriminals.

CVE-2024-2883: Use after free (UAF) vulnerability in Angle in Google Chrome prior to 123.0.6312.86 could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Angle is a browser component that deals with WebGL (short for Web Graphics Library) content. WebGL is a JavaScript API for rendering interactive 2D and 3D graphics within any compatible web browser without the use of plug-ins.

UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, when the vulnerability is exploited, it can lead to heap corruption.

Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program. The outcome can be relatively benign and cause a memory leak, or it may be fatal and cause a memory fault, usually in the program that causes the corruption.

Chromium vulnerabilities are considered critical if they “allow an attacker to read or write arbitrary resources (including but not limited to the file system, registry, network, etc.) on the underlying platform, with the user’s full privileges.”

So, to sum this up, in this case an attacker could create a specially crafted HTML page–which can be put online as a website–that exploits the vulnerability, potentially leading to a compromised system.

My suggestion: don’t wait for the update, get it now.

---

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.