FBI Private Industry Notification PIN 20220912-001 TLP: WHITE Summary The FBI has identified an increasing number of vulnerabilities posed by unpatched medical devices that run on outdated software and devices that lack adequate security features. Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity….
Lorenz ransomware breaches corporate network via phone systems
Sergiu Gatlan reports: The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks…
Vasile Mereacre testifies against former Uber security chief in criminal trial
Maria Dinzeo reports: When hackers Vasile Mereacre and Brandon Glover teamed up in 2016 and began scouring Github for exploitable security flaws, they weren’t looking to hack any one company specifically. But Uber’s lax security quickly made the ride-hail giant the pair’s top target. Testifying Monday in the former Uber security head Joe Sullivan’s criminal obstruction…
Member of Roanoke-Area ATM Skimming Conspiracy Pleads Guilty
ROANOKE, Va. – A member of a Romanian criminal organization who traveled to the United States to conduct ATM skimming pleaded guilty last week in federal court. Catalin Puscasu, 38, pleaded guilty to conspiracy to commit bank fraud, access device fraud, and aggravated identity theft. Puscasu is the third defendant to have pleaded guilty for…
LockBit updates leak site with post about Sud-Francilien hospital
After weeks of information and misinformation leaking out, and after some outstanding reporting by Valéry Rieß-Marchive on LeMagIT, LockBit 3.0 has publicly confirmed that they are responsible for the attack on South Francilien Hospital Center (CHSF). Consistent with the usual rhetoric we see from threat actors in such circumstances, LockBit tries to put responsibility on…
SN Servicing settles data breach litigation
Top Class Actions reports: SN Servicing Corp. agreed to pay $900,000 to resolve claims that its lack of cybersecurity measures resulted in a October 2020 data breach. The settlement benefits individuals whose personal information was accessed by unknown third parties during SN Servicing’s October 2020 data breach. In July 2021, SN Servicing announced it had been the…