Tag Archive for: Impacts

Ransomware Attack Impacts Health Services Organization in Pennsylvania

/in


The incident may have compromised patient’s and employee’s Social Security numbers, driver’s license numbers, and financial information between August 21, 2021, and April 4, 2022.

On January 5, 2023, Maternal & Family Health Services (MFHS) — a private non-profit that serves women, children, and families of Northeastern Pennsylvania — announced the organization was a target of a ransomware attack that may have exposed sensitive data to an unauthorized individual.

In a statement, MFHS said they were made aware of the cybersecurity incident on April 4, 2022, and immediately called in third-party forensic teams to assist in securing the organization’s systems.

Results of an investigation revealed that hackers may have accessed the personal information of current and former employees, patients, and vendors between August 21, 2021, and April 4, 2022.

Sensitive data included, but may not be limited to, names, addresses, date of birth, driver’s license numbers, Social Security numbers, financial account/payment card information, usernames and passwords, health insurance information, and medical information.

However, MFHS reports no evidence that any compromised personal information was misused due to the attack.

The organization began sending letters on January 3, 2023 via U.S. mail to individuals who the data breach may have impacted — almost nine months after first becoming aware of the attack. The letter relayed information about the incident and steps individuals can take to protect their personal data.

These steps include monitoring personal accounts through credit reporting bureaus like Equifax, Experian, or TransUnion and placing fraud alerts on accounts if necessary. MFHS also recommends that individuals contact the Federal Trade Commission or their state Attorney General to learn more about protecting personal information, identity theft, or filing a complaint.

In addition, the non-profit created a phone hotline for people with questions concerning the ransomware attack. Call center agents are available at (833) 896-7339, Monday through Friday, from 9:00 am –9:00 pm Eastern Time.

In a news release, Maria Montoro Edwards, Ph.D., President & CEO of MFHS, said,…

Source…

Impacts of BCPS ransomware attack still evident, security upgrades continue 2 years later – Fox Baltimore

/in



Impacts of BCPS ransomware attack still evident, security upgrades continue 2 years later  Fox Baltimore

Source…

A 15-Year-Old Unpatched Python bug potentially impacts +350K projectsSecurity Affairs

/in


More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability

More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago.

The issue is a Directory traversal vulnerability that resides in the ‘extract’ and ‘extractall’ functions in the tarfile module in Python. A user-assisted remote attacker can trigger the issue to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

“While investigating an unrelated vulnerability, Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. Initially we thought we had found a new zero-day vulnerability. As we dug into the issue, we realized this was in fact CVE-2007-4559.” reads the post published by security firm Trellix.”The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive.”

The experts pointed out that the issue was underestimated, it initially received a CVSS score of 6.8, however, in most cases an attacker exploit this issue to gain code execution from the file write. Trellix shared a video PoC that shows how to get code execution by exploiting Universal Radio Hacker:

An attacker can exploit the flaw by uploading a specially crafted tarfile that allows escaping the directory that a file is intended to be extracted to and achieve code execution.

“For an attacker to take advantage of this vulnerability they need to add “..” with the separator for the operating system (“/” or “\”) into the file name to escape the directory the file is supposed to be extracted to. Python’s tarfile module lets us do exactly this:” continues the post.

tarfile python flaw.jpg
Crafting a Malicious Archive (Source Trellix)

“The tarfile module lets users add a filter that can be used to…

Source…

New Security Bug Impacts Several Android Feature Phones 

/in


Mobile security firm Kryptowire has reportedly found a massive security bug that affects Android phones. It was found on a system-on-chip made by Chinese OEM Unisoc. This chip mainly powers budget Android smartphones, including from a few brands like Samsung, HTC, Nokia, along with Lenovo and its subsidiary Motorola. The issue seems limited to devices running on the Unisoc SC9863A chipset.

Kryptowire shared its findings through a press release (via Android Police). The firm said it shared information on this vulnerability with Unisoc and smartphone manufacturers in December 2021. It said that an attacker with knowledge of this bug could access all stored data or even take control of the smartphone. The hacker could also get into texts, contacts, system logs, and other sensitive data. This includes the “external-facing camera to record video,” as per Kryptowire.

The research firm later said the problem stems from a pre-installed app authored by Unisoc that exists within the chipset. Kryptowire claims the app doesn’t have any authentication protocols, thus making it an easy target for hackers.

Two Samsung phones appear in the list of affected phones

Phones impacted by this bug include the Samsung Galaxy A03 and A03 Core, the Motorola Moto E6i and E7i Power, the Realme C11, and Lenovo smartphones such as the A7 and K13. Some ZTE phones in the Blade E range also seem to be impacted by the bug.

“In an increasingly competitive mobile device market, it’s imperative that device manufacturers establish and maintain trust among carriers and end-users,” Kryptowire CTO Alex Lisle said. If you own any of the devices mentioned on this list, we recommend contacting your manufacturer or carrier about this Android security bug.

Reports about Android malware and vulnerabilities pop up quite frequently, though manufacturers are usually quick to fix them. In related news, an Android remote access trojan called ‘BRATA’ appeared in January. Using this malware, attackers can wipe phones remotely and steal sensitive data. To make matters worse, BRATA can also evade conventional antivirus scanners. Details about this particular malware were available courtesy of security firm Cleafy.

Source…