Insights

Cybersecurity Weekly: New hacking group, exploitable bugs in medical devices and Microsoft fixes security issues

 

Cybersecurity Weekly: New hacking group, exploitable bugs in medical devices and Microsoft fixes security issues

Nov 20, 2019

Each week, Wipfli’s cybersecurity professionals review the latest breaches, vulnerabilities, patches and updates.

Breaches

  • A newly-discovered hacking group is using an array of sophisticated spoofing and social engineering techniques to imitate government agencies, including the U.S. Postal Service, in an effort to plant malware in victims' devices and networks via phishing campaigns.
  • Select Health Network and Solara Medical Supplies disclosed data incidents caused by breaches of their employees' email accounts that lead to exposure of both personally identifiable information (PII) and protected health information (PHI). In both cases, the number of individuals who had their information exposed was not disclosed, however current and former members, patients, and, in some cases, employees are known to be affected.
  • Utah based technology company InfoTrax Systems detected a breach only after it received an alert that its servers had reached maximum storage capacity due to a data archive file created by the hacker. The breach reportedly occurred in May 2014 when the hacker exploited vulnerabilities in InfoTrax's server and its client's website to gain remote control over its server, allowing him to gain access to sensitive personal information for 1 million consumers.

Vulnerabilities

  • US-CERT has issued an advisory warning of security flaws in Medtronic Valleylab FT10 and FX8 Energy Platforms as well as Valleylab Exchange Client. The security issues include hardcoded credentials, a reversible one-way hash, and improper input validation. Medtronic has made fixes available for the FT10 Platform; fixes for the FX8 platform are expected to be available early next year.
  • A vulnerability in McAfee antivirus software could allow an attacker to evade self-defense mechanisms and achieve persistence. The security flaw could be abused to load unsigned DLLs into multiple services that run as NT AUTHORITY\SYSTEM. The exploitation, however, requires for the attacker to have admin privileges.
  • US-CERT Vulnerability Summary for the week of November 11, 2019.

Patches & Updates

  • On Tuesday, November 12, Microsoft released fixes for 4 security issues in Windows and related software. One of the flaws, a scripting engine memory corruption vulnerability in Internet Explorer, is being actively exploited.
  • Adobe Systems is warning Illustrator 2019 users that two critical memory-corruption vulnerabilities could allow for an attacker to remotely connect to a Windows machine, execute code and gain control of the targeted system. The create-suite behemoth also warned that its Windows and macOS versions of its Adobe Media Encoder also have a critical vulnerability tied to an out-of-bounds write flaw. Adobe said none of the critical bugs, nor an additional eight vulnerabilities rated important, have been exploited in the wild.
  • A critical security bug in the Intel Converged Security and Manageability Engine (CSME) could allow escalation of privilege, denial of service or information disclosure. The details are included in a bug advisory that in total covers 77 vulnerabilities, 67 of which were found by internal Intel staff. The silicon giant has rolled out firmware updates and software patches to address these, which range in severity from the one critical flaw to a low-severity local privilege-escalation issue.

WipfliSecurity Weekly in your inbox.

Want to get WipfliSecurity Weekly a day earlier, delivered right to your inbox? Sign up.

Video: Managed Detection and Response Solution

Cyber threats are growing and becoming more sophisticated. Organizations need strong detection and response capabilities to quickly identify threats and act before they turn into breaches. Learn more about Wipfli’s managed detection and response solution.