Welcome back to GlobalSign’s weekly wrap up of the biggest stories in cybersecurity.
The biggest story this week was over at Apple, which released security updates for a zero-day vulnerability that affects the iPhone, iPad, Mac and Apple Watch. Users are being urged to immediately update their devices. Citizens Lab, which discovered the vulnerability, says it discovered new artifacts of the ForcedEntry vulnerability exploited by Pegasus spyware. The spyware was used to silently hack into iPhones belonging to at least one Bahraini activist. But Citizens Lab is being very careful to not necessarily attribute the attack to the Saudi government.
Another important story (which emerged last weekend) is the United Nations admitted that its network was breached in April. During the event, hackers stole data which could be used in future attacks not only on the UN, but other agencies. Currently there aren’t many details, so stay tuned.
Meanwhile, in Paris hospital officials disclosed on Wednesday that hackers were able to steal the personal data of around 1.4 million people who took Covid-19 tests in the middle of 2020. Hackers stole social security numbers and contact details of people tested as well as the identities and contact details of health professionals who dealt with them, along with the test results. But no other health information was stolen. According to officials, "the stolen files concern 1.4 million people, almost exclusively for tests taken in the middle of 2020" in the Paris region”.
Then in Germany hackers have stolen information from sportswear maker Puma and are also attempting to extort the company into paying ransom. If the company doesn’t company with the hackers demands, stolen files may be released on a dark web portal. The information released was Puma source code, and fortunately no consumer or employee data was impacted.
Also, it was reported this week that Olympus was attacked in the early morning of September 8. The event did involve ransomware, possibly BlackMatter. The company released a brief statement that it is “currently investigating a potential cybersecurity incident” affecting its European, Middle East and Africa computer network. Olympus has suspended data transfers in the affected systems and have informed the relevant external partners, according to the statement.
Finally, we also learned this week about a phishing campaign that impersonates U.S. Department of Transportation contractors. The campaign was discovered by security company INKY. INKY reports the main goal was to harvest Microsoft Office 365 credentials. The activity peaked around August 16-18, right after the US Senate passed the $1 trillion infrastructure bill on August 10.
That’s a wrap for this week. Have a great weekend!
Top Global Security News
ZDNet (September 15, 2021) Phishers impersonate US DOT to target contractors after Senate passed $1 trillion infrastructure bill
"A new phishing campaign has been uncovered targeting companies that may work with the US Department of Transportation.
The campaign, discovered by security company INKY, found that phishers are impersonating the US Department of Transportation (DOT) in an effort to harvest Microsoft Office 365 credentials, INKY's Roger Kay wrote in a blog post.
Kay noted that the phishing emails peaked around August 16-18, right after the US Senate passed the $1 trillion infrastructure bill on August 10."
The Straits Times (September 15, 2021) Mass personal data theft from Paris Covid-19 tests, say hospitals
"Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday (Sept 15).
Hospital officials said they filed a complaint with the Paris prosecutor's office on Wednesday after confirming on Sept 12 that such a cyber attack took place over the summer.
Stolen were the identities, social security numbers and contact details of people tested as well as the identities and contact details of health professionals who dealt with them, along with the test results, the hospital organisation said."
TechCrunch (September 13, 2021) Apple patches an NSO zero-day flaw affecting all devices
"Apple has released security updates for a zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices.
The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability that it said 'may have been actively exploited.'
Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability, details it first revealed in August as part of an investigation into the use of a zero-day vulnerability that was used to silently hack into iPhones belonging to at least one Bahraini activist."
TechCrunch (September 12, 2021) Technology giant Olympus hit by BlackMatter ransomware
"Olympus said in a brief statement that it is “currently investigating a potential cybersecurity incident” affecting its European, Middle East and Africa computer network.
'Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners,' the statement said.
But according to a person with knowledge of the incident, Olympus is recovering from a ransomware attack that began in the early morning of September 8. The person shared details of the incident prior to Olympus acknowledging the incident on Saturday."
Recorded Future (September 12, 2021) Hackers stole Puma source code, no customer data, company says
"Hackers have stolen information from sportswear maker Puma and are currently trying to extort the German company into paying a ransom demand, threatening to release the stolen files on a dark web portal specialized in the leaking and selling of stolen information.
The entry advertising the Puma data was added on the site more than two weeks ago, at the end of August, The Record has learned.
'It was a PUMA source code for an internal application, which was leaked,' Robert-Jan Bartunek, head for Puma’s corporate communications, told The Record last week.
'No consumer or employee data was affected,' Bartunek added."
Tech Radar (September 10, 2021) The UN has been hit by a major cyberattack
"The United Nations has admitted that malicious figures were able to breach its network earlier this year and steal data which could now be used for facilitating future attacks on the organization as well as on other agencies.
'We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,' Stéphane Dujarric, spokesman for the UN Secretary-General, said in a statement.
Dujarric added that the international body is a frequent target of cyberattacks, and also confirmed that it has been responding to other attacks linked to the earlier breach."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.