Cybercrime
,
Fraud Management & Cybercrime
,
Governance & Risk Management
Also: Navy IT Manager Sentenced to 5 Years in Prison for Accessing Database
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Citrix’s update was insufficient, a Navy IT manager was sentenced to prison for accessing a database, a Moldovan man pleaded not guilty to running a credentials marketplace, new details emerged on health data breaches, and a television advertising giant suffered a ransomware attack.
See Also: Navigating the Regulatory Landscape: Rising GRC Trends and Data Breach Risks
Citrix Update Not Sufficient
Patching isn’t sufficient to mitigate a critical vulnerability in Citrix NetScaler products, said security researchers at Mandiant. Citrix released patches on Oct 10 for the flaw, tracked as CVE-2023-4966.
Hackers could exploit the vulnerability to hijack authenticated sessions, allowing them to bypass multifactor authentication, warned Mandiant CTO Charles Carmakal. Even after the patch, attackers could use stolen session data to gain access, since authentication sessions persist even through an update, he wrote on LinkedIn.
Mandiant said it had observed hackers exploiting the zero-day beginning in late August. Hackers are anticipating patches by stealing session data and returning after the patch, the threat intel company said. It has seen hackers use the exploit to target professional services, technology and government organizations.
“The most critical thing is that organizations need to do more than just apply the patch – they should also terminate all active sessions,” Carmakal wrote.
Moldovan Pleads Not Guilty to Running Credentials Marketplace
A Moldovan man pleaded not guilty Monday in U.S. federal court to charges that he was co-administrator of an illicit online marketplace selling access to hacked computers and servers.
Sandu Boris Diaconu, 31, faces three counts of conspiracy and charges of access device fraud and computer fraud after British authorities extradited the Moldovan national. Federal prosecutors said Diaconu, along with an unnamed co-defendant, operated the now-defunct E-Root Marketplace.
E-Root, which prosecutors said authorities seized in 2020 in an international law enforcement operation, specialized in selling remote desktop protocol and secure socket shell credentials. Diaconu – aka “WinD3str0y,” “utmsandu,” “sandushell” and “rootarhive” – and his co-conspirator allegedly established the English-speaking forum in January 2015.
British authorities arrested Diaconu when he attempted to leave the United Kingdom in May 2021. He fought extradition to the United States until September, the U.S. Department of Justice said. Diaconu faces a maximum penalty of 20 years in federal prison.
Another MOVEit Breach
Arietis Health, a Florida-based provider of revenue cycle management to medical practices, said the May mass hack of MOVEit file transfer software affected almost 2 million patients of client practices.
The breach, disclosed through a report to the U.S. Department of Health and Human Services, involved a MOVEit instance whose hacking ultimately affected 55 healthcare providers, including NorthStar Anesthesia in Texas. Arietis Health, which used MOVEit file transfer software in billing services for NorthStar, posted a breach notice on its website (see: Firm Notifies Patients of 55 Health Practice of MOVEit Hack).
Emsisoft’s tally of MOVEit victims currently stands at 66 million and 2,553 organizations.
Television Advertising Giant Suffers Ransomware Attack
Television advertising giant Ampersand – jointly owned by Comcast, Charter and Cox – fell prey to a ransomware attack that briefly disrupted operations. The company, a key player in the advertising industry for over four decades, confirmed the incident without specifying the breach date or whether a ransom would be paid. Ampersand, which provides advertisers with TV viewership data across 165 networks, said it has restored most operations and is collaborating with law enforcement and advisors. The Black Basta ransomware group claimed responsibility. The extent of data theft remains undisclosed. All three of the co-owning companies have faced cybersecurity incidents in recent years, highlighting the pervasive threats in the industry.
US and UAE Sign Financial Cybersecurity Cooperation Agreement
The United States and the United Arab Emirates solidified a memorandum of understanding on cybersecurity cooperation for the financial sector. The agreement, signed by the U.S. Department of Treasury and the UAE’s Cyber Security Council, emphasizes increased information sharing on digital threats, staff training, visits and joint online exercises. The agreement aligns with the upcoming International Counter Ransomware Initiative summit set to be hosted by the White House on Oct. 31.
Other Coverage From Last Week:
With reporting by Information Security Media Group’s Marianne Kolbasuk McGee in Plymouth County, Massachusetts, and David Perera in Washington, D.C.