Hello and welcome back to GlobalSign’s weekly cybersecurity news roundup. This is my roundup of some of the world’s top cybersecurity stories.
Just this morning, it was reported that the websites of the Finnish ministries of defense and foreign affairs are down due to a cyber attack. Supposedly, a Denial of Service (DoS) attack is to blame.
Another big hack this week took place at UK retail chain The Works. The discount retailer operates 530 stores in the UK and Ireland, and has an annual revenue of approximately $300 million. The Works was forced to close multiple stores due to a cybersecurity incident involving unauthorized access to its computer systems. According to infosecurity, it is believed that card transactions were not affected as they are processed by a third party. What is unknown is whether the personal information of employees and/or customers has been exfiltrated and whether the attackers are seeking ransom.
There was also an incident this week at the Spanish energy giant, Iberdrola. The attack on Iberdrola, which is the parent company of Scottish Power, led to a data breach that affected more than a million customers. The information leak included details such as customer identification numbers, home and email addresses, and phone numbers. Fortunately, financial information such as bank account details and credit card numbers appear to be secure.
Cloud computing giant VMware is urging its enterprise software customers to install a patch to resolve critical vulnerabilities, including a remote code execution error (RCE) in Workspace ONE Access. in a security notice Released Wednesday, the company warned users about vulnerabilities in VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. In its warning, VMware said it’s possible that malicious actors could “bypass the authentication mechanism and execute any operations due to exposed endpoints in the authentication framework.”
According to washington postIn February, Berkshire Hathaway Energy (BHE) executives met with U.S. energy and homeland security officials to write a playbook to help prepare the power sector to deal with potential cyberattacks from Russia. BHE is one of the largest electric companies in North America. If, for example, Russian hackers successfully infiltrated their systems, officials fear the impact could be substantial.
The US state of Connecticut made a rather surprising discovery when it learned that 44 data breaches at a statewide health insurance exchange went unreported to public auditors and the state comptroller for four years. AN March 2022 State Audit revealed that the breaches on the Connecticut Health Insurance Exchange, also known as Access Health CT, occurred between July 2017 and March 2021. It should be noted that while Access Health CT reported all 44 breaches to the US Department of Health and Human Services ., failure. to comply with statewide breach notification requirements.
Top global security news
YLE (April 8, 2022) Websites of the Finnish Ministry of Foreign Affairs and Defense affected by cyberattacks
Websites of the Finnish Ministry of Foreign Affairs and Defense affected by cyberattacks
The denial-of-service attacks were announced shortly before 1 pm on Friday.
The websites of Finland’s foreign and defense ministries were down on Friday, the ministries announced in separate tweets shortly before 1 p.m.
The Ministry of Defense said that its website was taken down by a denial of service (DoS) attack and that it was investigating the matter.
ZDNet (April 7, 2022) VMware Warns of Critical Remote Code Execution Bug in Workspace ONE Access
VMware urges customers to update their software to resolve critical vulnerabilities, including a Remote Code Execution Error (RCE) in Workspace ONE Access.
On Wednesday, the tech giant published a security advisory warning of vulnerabilities in its business software. Affected products are VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
The first vulnerability is CVE-2022-22954, which affects VMware Workspace ONE Access and Identity Manager. CVE-2022-22954 is described as a server-side template injection RCE and has been issued a CVSS severity score of 9.8. Attackers could exploit the vulnerability as long as they have network access. VMware has also released patches to resolve CVE-2022-22955 and CVE-2022-22956; both issued a CVSS score of 9.8, which weighed on VMware Workspace ONE Access. The vulnerabilities were found in the OAuth2 ACS framework.
According to the vendor, “a malicious actor can bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.”
washington post (April 6, 2022) US government and energy companies close ranks over fear of Russian cyberattacks
In February, as Russian troops massed on the Ukraine border, executives from a major energy company here worked with US energy and homeland security officials to write a playbook and help prepare the power sector to deal with possible cyber attacks from Russia.
Berkshire Hathaway Energy officials were among the small group that drafted the guidelines, which emphasized the importance of quickly sharing information about cyberattacks between industry and government.
With President Biden warning last month of evolving intelligence that Russia is exploring potential cyberattacks against critical American industries, companies like Berkshire Hathaway Energy and the US government are on high alert. After years of what critics saw as hot air, cybersecurity collaboration between the federal government and some critical industries has taken root, officials and industry leaders say, and could be tested when Russian government hackers investigate the defenses of American power plants. banks and telecommunications networks.
computer beep (April 6, 2022) UK retail chain The Works closes stores after cyber attack
British retail chain The Works announced that it was forced to close several stores due to cashier problems caused by a cybersecurity incident related to unauthorized access to its computer systems.
The discount retailer operates 530 stores in the UK and Ireland, selling books, toys, stationery, art and craft supplies, and has an annual revenue of around $300 million.
The announcement doesn’t go into much detail about the nature of the incident, but it appears to have disrupted replenishment deliveries, extended online order fulfillment times and compromised payment security.
The Works has since switched to new third-party credit and debit card payment processors to address this latest issue, which the company claims are secure.
Carrier (April 6, 2022) Authorities Seize Hydra Servers in Raid Against Dark Web Cybercrime Market
The servers have been seized in Germany as part of a takedown operation against the darknet marketplace Hydra Market.
German police have seized the servers powering the infamous Hydra darknet marketplace and seized the equivalent of $25 million in bitcoin as part of a US-led crackdown on cybercrime and money laundering.
The Russian-language darknet forum offered a venue for the trade in illicit goods and services, including illegal drugs, stolen financial information, fraudulent identification documents (passports and driving licences), and money laundering and mixing services.
The latter, so-called “cash withdrawal” services, made the cybercrime market a particularly useful resource for ransomware peddlers.
Numerous vendors also sold hacking tools and malicious hacking services through Hydra. The online marketplace made money by charging a commission on sales.
Health IT Security (April 5, 2022) CT Health Insurance Exchange failed to report 44 violations, audit results
A state audit found that the Connecticut Health Insurance Exchange, known as Access Health CT, failed to report 44 data breaches to public auditors and the state comptroller between July 2017 and March 2021.
Access Health CT is Connecticut’s official health insurance marketplace dedicated to reducing the number of uninsured people in Connecticut. The exchange also allows low-income people to apply for Medicaid.
Although Access Health CT reported the 44 violations to HHS as required by the HIPAA violation reporting rule, it did not meet statewide violation reporting requirements. Additionally, 34 of the breaches involved a single contractor.
InfoSecurity (April 4, 2022) Scottish Power Parent Company Affected by Data Breach
Spanish energy giant Iberdrola has been hit by a cyberattack that led to a data breach affecting more than a million customers, according to local reports.
The Bilbao-based parent company of British utility Scottish Power and others said the attack happened on March 15 this year.
It reportedly resulted in the theft of customer identification numbers, email addresses and phone numbers, but not financial information such as bank account details or credit card numbers.
However, that is still enough information for scammers to create convincing follow-up attacks to obtain more data, including bank details. Iberdrola reportedly warned customers to be on the lookout for potential phishing attempts looking for financial information and passwords.
Other industry news