The ransomware landscape has witnessed many notorious groups, over the years, that became a security nuisance for every organization. Adding to that list, the FBI warned of the Cuba ransomware group that has targeted 49 organizations across five critical infrastructure sectors and gathered millions in ransom payments. Meanwhile, a new cryptomining campaign was found abusing Github and Netlify to distribute a Monero miner and other malicious tools.
Energy and healthcare are two of the most critical sectors for every nation. Last weekend, an American electric utility company disclosed a destructive ransomware attack that resulted in massive data loss and billing disruption. Meanwhile, the data of thousands of U.S. healthcare workers was left exposed due to an unsecured database.
Top Breaches Reported in the Last 24 Hours
Electric utility company hacked
An electric utility company, Delta-Montrose Electric Association, based in the U.S. state of Colorado was hit by a ransomware attack. The attack resulted in the loss of company records spanning two decades. Additionally, the company’s billing systems were disrupted due to the incident.
Healthcare workers’ data exposed
A security researcher discovered a database owned by Gale Healthcare Solutions that was left unsecured online. The database contained the personal information of over 30,000 U.S. healthcare workers, including names, emails, home addresses, photos, and, in some cases, SSNs as well as tax documents.
Bitmart crypto heist
Security firm Peckshield reported a breach at Bitmart cryptocurrency exchange wherein the hackers apparently withdrew tens of millions of dollars worth of cryptocurrency assets from one of its hot wallets. Bitmart confirmed the hack and said that the stolen assets amounted to about $150 million in value.
Top Malware Reported in the Last 24 Hours
FBI warns of Cuba ransomware
In a new notice, the FBI reported that the Cuba ransomware group has attacked 49 organizations across five critical infrastructure sectors and collected around $44 million in ransom payments. The group is believed to be targeting the financial, government, healthcare, manufacturing, and information technology sectors while using the Hancitor malware to gain entry to Windows systems.
Cryptominer abuses Github and Netlify
Trend Micro reported cryptomining malware activity exploiting known vulnerabilities in Apache HTTP Server, Atlassian Confluence, F5 BIG-IP, VMware vCenter, and Oracle WebLogic Server to mine Monero. The malware scripts and tools were found to be distributed using repositories on GitHub and Netlify.
Top Vulnerabilities Reported in the Last 24 Hours
Hitachi Energy product vulnerabilities
The CISA released several advisories to inform organizations about vulnerabilities affecting Hitachi Energy products. The advisories detail more than 30 vulnerabilities, majorly affecting third-party, open-source components such as OpenSSL, LibSSL, libxml2, and GRUB2. The security flaws can be exploited to reboot devices, execute arbitrary code, cause a DoS condition, install malicious packages, monitor traffic, and access or modify data.
Another Zoho ManageEngine flaw
Zoho warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP software is under active exploitation. The flaw, identified as CVE-2021-44515, is an authentication bypass vulnerability that could allow attackers to execute arbitrary code in the Desktop Central MSP server.