Welcome to Cyber Watch for today, July 8, 2023. Our Cyber Intelligence team curates a list of the latest cybersecurity news to keep you informed of stories that matter every week.
This week’s cyber digest is a compilation of stories from 50+ relevant news sources across the web – all ranked according to the risk impact. We encourage you to review these stories and take steps to protect your organization.
According to Infosecurity Magazine, thirty-three US hospitals have been hit by massive ransomware attacks so far this year. This is a significant increase from last year, when there were only 25 incidents impacting US hospitals. The attacks have caused widespread disruption to healthcare services, and have put the personal data of millions of patients at risk.
Repercussions of this magnitude are downright spine-chilling. According to The CyberWire, a ransomware gang identified as ALPHV/BlackCat, claimed the recent attack on London Health Trust. This serves as a haunting reminder of the relentless cyber threats that lurk in the shadows of our healthcare systems. If you are a healthcare organization, you need to take immediate steps to protect yourself from ransomware attacks.
Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million users at risk. The apps, called G Data File Manager and ES File Explorer File Manager, have been downloaded over 15 million times combined.
They were found to be collecting sensitive data from users’ devices, including their contacts, call logs, SMS messages, and location data, and sending these data to malicious servers in China. If you have installed either of these apps, you should uninstall them immediately.
You should also scan your device for malware and change your passwords. This is a serious reminder that even apps from the Google Play Store can be malicious. It is important to be vigilant about the apps you install on your device and to only download apps from trusted sources.
In a shocking turn of events, Japan’s largest port was recently hit by a devastating cyberattack, leaving experts and authorities scrambling to contain the fallout. A ransomware attack has brought container operations at Japan’s Nagoya Port to a screeching halt.
This high-seas cyber assault was allegedly linked to the pro-Russian group popularly known as Lockbit 3.0. This serves as a chilling reminder of the far-reaching impact cyber threats can have on critical infrastructure. According to a recent Security Magazine report, various security experts have shared their views on this major cyberattack.
A Hacker News report revealed another critical unauthenticated SQL injection vulnerability, identified as CVE-2023-36934, in MOVEit Transfer software, a popular file transfer solution used by businesses and organizations around the world.
The vulnerability could allow attackers to gain unauthorized access to sensitive data stored in the MOVEit Transfer database, including passwords, credit card numbers, and social security numbers. If you are using MOVEit Transfer, you should immediately update to the latest version to patch the vulnerability.
Until you have updated, you should consider disabling the file transfer feature of MOVEit Transfer. This is a serious reminder that even popular and well-respected software can contain security vulnerabilities. It is important to keep your software up to date and to be aware of the latest security threats.
Hackrate, an ethical hacking and bug bounty company, has released HackGATE, a new monitoring platform specifically designed for ethical hacking projects. This new platform can help organizations to better manage and oversee security testing and penetration testing initiatives, offering enhanced project control and cybersecurity.
HackGATE’s capabilities allow businesses to access improved transparency, project analysis, and proactive monitoring of ethical hacking activities. This can be helpful in identifying and addressing security vulnerabilities before they can be exploited by malicious actors.
If you are an organization that conducts ethical hacking projects, HackGATE could be a valuable tool for you. It can help you to improve your security posture and protect your organization from cyberattacks.
An unpatched security vulnerability in the Ultimate Member plugin for WordPress could allow attackers to create new admin accounts with full access to affected websites. The flaw, tracked as CVE-2023-3460, has a CVSS score of 9.8, making it critical.
If you are using the Ultimate Member plugin on your WordPress website, you need to update to the latest version immediately. Until you have updated, you should disable the plugin to protect your site.