Hospitals and medical facilities are at risk of attacks from nine new vulnerabilities discovered in the Nexus Control Panel software. Collectively dubbed as PwnedPiper, the flaws can enable attackers to launch remote code execution attacks and gain access to a hospital’s network. Furthermore, the flaws can also be exploited to harvest sensitive data of healthcare workers.
A new sophisticated RAT named FatalRAT has been spotted in the cyberthreat landscape. Distributed via Telegram channels, the malware comes with a wide set of anti-analysis capabilities. Researchers expect to see a rise in the presence of the trojan and its variants in the near future.
Top Breaches Reported in the Last 24 Hours
Faulty platform exposed data
A now-patched security issue in Thailand’s vaccine registration platform had exposed emails and personal details of over 20,000 applicants. The data was found publicly available on the internet.
Top Malware Reported in the Last 24 Hours
A new trojan named FatalRAT has been found to be distributed via different software or media articles on Telegram channels. The malware includes several evasion techniques, as well as other capabilities such as logging user keystrokes, collecting system information, and exfiltrating over the C2 channel.
Decryptor for Prometheus ransomware
Researchers have released a free decryptor for Prometheus ransomware that can allow the victims to retrieve their encrypted files. The ransomware, which was first observed this July, uses the Salsa20 algorithm to encrypt victims’ files.
Top Vulnerabilities Reported in the Last 24 Hours
Nine critical vulnerabilities, collectively called PwnedPiper, were found impacting the Nexus Control Panel that powers all current models of Translogic Pneumatic Tube Systems (PTS). Five of these flaws can be used to launch remote code execution attacks and gain access to a hospital’s network. Researchers claim that over 80% of the major hospitals in the U.S. are impacted by the vulnerabilities.
Top Scams Reported in the Last 24 Hours
Office 365 users targeted
Cybercriminals are spoofing the WeTransfer file-sharing system to target Microsoft Office 365 users with an aim to pilfer their credentials. The attack starts with recipients receiving emails with the title ‘View Files Sent Via WeTransfer’. These emails include two files, which if opened, lead the victim to a fake login page of Microsoft Excel.