Insights

Cybersecurity Weekly: Freedom Healthcare Staffing, BitPaymer ransomware & Microsoft patches

 

Cybersecurity Weekly: Freedom Healthcare Staffing, BitPaymer ransomware & Microsoft patches

Oct 15, 2019

Each week, Wipfli’s cybersecurity professionals review the latest breaches, vulnerabilities, patches and updates.

Breaches

  • A non-password protected cloud database has been discovered exposing 957,000 records from Freedom Healthcare Staffing in Aurora, Colorado. Included was “intimate” details on employees, various internal communications, job seeker and recruiter data, IP addresses, ports, pathways and storage data that cybercriminals could exploit to move deeper into the network. The database was set to be publicly accessible, and anyone could edit, download or delete data without administrative credentials.
  • Community-based healthcare system Methodist Hospitals from Gary, Indiana, disclosed that sensitive personal and medical information for 68,039 individuals may have been exposed following a successful phishing attack against two of its employees.
  • The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections.

Vulnerabilities

  • The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection. The security flaw resides in the Bonjour updater that comes packaged with iTunes for Windows and allows attackers to abuse an unquoted path to not only evade detection from antivirus software, but also to maintain persistence on the targeted machine.
  • The U.S. National Security Agency (NSA) is warning admins to patch a set of months-old security bugs that have recently come under active attack. These vulnerabilities allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways. Other vulnerabilities in the series allow for interception or hijacking of encrypted traffic sessions.
  • US-CERT Vulnerability Summary for the week of October 8, 2019.

Patches & Updates

  • Microsoft released patches for nine critical vulnerabilities as part of its October Patch Tuesday security update, including one for a Remote Desktop bug that could allow a remote attacker to execute code on victims’ machines. Overall, Microsoft issued fixes for 59 vulnerabilities – including nine critical, 49 important and one moderate in severity.
  • Google announced an update for Chrome 77 that addresses 8 security vulnerabilities in the application, including 5 reported by external researchers. The new browser update arrives only a couple of weeks after Google patched four security flaws with the release of Chrome 77.0.3865.90, including two vulnerabilities that, combined with another type of weakness, could result in a sandbox escape.
  • The most popular terminal emulator for macOS, iTerm2, has been updated to fix a critical security issue that survived undisclosed for at least seven years. Attackers can achieve remote command execution on systems with a vulnerable iTerm2 version when the application is used to connect to a malicious source.

WipfliSecurity Weekly in your inbox.

Want to get WipfliSecurity Weekly a day earlier, delivered right to your inbox? Sign up.