Home » Security Bloggers Network » Cybersecurity News Round-Up: Week of August 8, 2022

Cybersecurity News Round-Up: Week of August 8, 2022

by Blog Feed on August 12, 2022

Cybersecurity News Round-Up: Week of August 8, 2022

August 12, 2022
Amy Krigman

Welcome back to our blog! It’s been yet another fascinating week in cybersecurity.

We begin in China, where a hacker has claimed to have stolen the personal information of nearly 49 million users of Shanghai’s Covid app. In a post on Wednesday to Breach Forums, a hacker with the alias “XJP” stated “This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” and provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people. Reuters contacted eleven of the 47 people. Only two said their identification numbers were wrong.

In the UK, the National Health System has been dealing with a serious security incident after an attack last Thursday against a key service provider. According to The Guardian “at least nine NHS mental health trusts have been affected by the outage, reducing their access to patients’ records.” The story goes on to say that “The cyber-attack targeted systems used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings, triage, out-of-hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the trust.”

Sponsorships Available

Also in Europe, a massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. As of earlier this week, the DIHK said it was only relying on phone and fax for communications. Michael Bergmann, chief executive of DIHK, defined the attack as serious and massive, it also added that the organization was not able to estimate how long its systems will be down.

On Wednesday, networking giant Cisco released details about a breach that occurred in May. While the cybercriminals responsible for the May 24th incident stole some information, the company says the business wasn’t impacted. According to Dark Reading “[W]e took immediate action to contain and eradicate the bad actors, remediate the impact of the incident, and further harden our IT environment,” a company spokesman said in the statement sent to Dark Reading. “No ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since discovering the incident.”

Talk about painful! Security firm Sophos this week said that an un-named an automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. While dual ransomware attacks are increasingly common, “this is the first incident we’ve seen where three separate ransomware actors used the same point of entry to attack a single organization,” Sophos X-Ops incident responders said in a report published Wednesday.

A group of 18 tech and cyber companies announced they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats. The effort is led by Amazon.com Inc.’s AWS cloud business, cybersecurity company Splunk Inc. and International Business Machines Corp.’s security unit.

Cloudflare revealed a “targeted phishing attack” against at least 76 employees and their family members. The incident was very similar to a recent phishing attack against customer engagement platform Twilio. The attack at Cloudflare came from four phone numbers associated with T-Mobile-issued SIM cards but was ultimately unsuccessful. The text messages pointed to a seemingly legitimate domain containing the keywords “Cloudflare” and “Okta” in an attempt to deceive the employees into handing over their credentials.

That’s all for this week. Stop by our blog next week for the latest in cybersecurity news!

Top Global Security News

Reuters (August 12, 2022) Hacker offers to sell data of 48.5 million users of Shanghai’s COVID app

A hacker has claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub’s data in just over a month.

The hacker with the username as “XJP” posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday.

The hacker provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people.

Security Week (August 11, 2022) Cybercriminals Breached Cisco Systems and Stole Data

Profit-driven cybercriminals breached Cisco systems in May and stole gigabytes of information, but the networking giant says the incident did not impact its business.

Cisco on Wednesday released a security incident notice and a technical blog post detailing the breach. The intrusion was detected on May 24, but the company shared its side of the story now, shortly after the cybercriminals published a list of files allegedly stolen from its systems.

According to Cisco, the attacker targeted one of its employees and only managed to steal files stored in a Box folder associated with that employee’s account, as well as employee authentication data from Active Directory. The company claims the information stored in the Box folder was not sensitive.

The Hacker News (August 10, 2022) Hackers Behind Twilio Breach Also Targeted Cloudflare Employees

Web infrastructure company Cloudflare on Tuesday disclosed at least 76 employees and their family members received text messages on their personal and work phones bearing similar characteristics as that of the sophisticated phishing attack against Twilio.

The attack, which transpired around the same time Twilio was targeted, came from four phone numbers associated with T-Mobile-issued SIM cards and was ultimately unsuccessful.

The text messages pointed to a seemingly legitimate domain containing the keywords “Cloudflare” and “Okta” in an attempt to deceive the employees into handing over their credentials.

Bleeping Computer (August 10, 2022) Automotive supplier breached by 3 ransomware gangs in 2 weeks

An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours.

The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol (RDP) connection.

While dual ransomware attacks are increasingly common, “this is the first incident we’ve seen where three separate ransomware actors used the same point of entry to attack a single organization,” Sophos X-Ops incident responders said in a report published Wednesday.

Wall Street Journal (August 10, 2022) Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts

A group of 18 tech and cyber companies said Wednesday they are building a common data standard for sharing cybersecurity information. They aim to fix a problem for corporate security chiefs who say that cyber products often don’t integrate, making it hard to fully assess hacking threats.

Amazon. com Inc.’s AWS cloud business, cybersecurity company Splunk Inc. and International Business Machines Corp.’s security unit, among others, launched the Open Cybersecurity Schema Framework, or OCSF, Wednesday at the Black Hat USA cybersecurity conference in Las Vegas.

Other companies involved in the initiative are CrowdStrike Holdings Inc., Rapid7 Inc., Palo Alto Networks Inc., Cloudflare Inc., DTEX Systems Inc., IronNet Inc., JupiterOne Inc., Okta Inc., Salesforce Inc., Securonix Inc., Sumo Logic Inc., Tanium Inc., Zscaler Inc. and Trend Micro Inc.