Healthcare in the crosshairs.

Ascension healthcare shuts down systems following a cybersecurity event. Updates from RSA Conference. The FDA recalls an insulin pump app. Polish officials blame Russia for recent cyber attacks. IntelBroker claims to have compromised a pair of UK banks. New Mexico’s top cop accuses Meta of failing to protect kids. British Columbia reports "sophisticated cybersecurity incidents" on government networks.Researchers uncover a vulnerability in UPS software affecting critical infrastructure. Zscaler investigates a claimed data breach. On the Learning Layer, host Sam Meisenberg and N2K’s Urban Alliance Intern, David Nguyen [NEW-ann], discuss David's AZ-900 exam experience. The Library of Congress stands strong.

Today is Thursday May 9, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Ascension healthcare shuts down systems following a cybersecurity event. 

Ascension healthcare, a major U.S. nonprofit health system with 140 hospitals across 19 states, experienced a "cyber security event" leading to the shutdown of some systems for investigation. Detected on May 8, the incident disrupted certain clinical operations and prompted Ascension to advise business partners to temporarily sever system connections. The organization, which reported $28.3 billion in revenue in 2023, has engaged Mandiant for incident response and informed relevant authorities. This event follows a recent HHS warning about social engineering attacks targeting the healthcare sector's IT systems. Ascension is continuing to assess the impact and will update as more information becomes available.

Updates from RSA Conference. 

The 2024 RSA Conference in San Francisco continues, and yesterday CISA Director Jen Easterly announced that 68 global software companies, including giants like Microsoft and Google, have committed to a pledge for designing products with built-in security. This initiative aims to counter sophisticated hacking campaigns, such as China’s Volt Typhoon, by enhancing product security from the start. Companies agreed to implement multi-factor authentication, reduce default passwords, address vulnerabilities, and improve transparency on cybersecurity issues. This commitment is part of a broader effort to shift the cybersecurity burden from consumers to manufacturers, aligning with the national cybersecurity strategy introduced in 2023.

Additionally, CISA has launched "Vulnrichment," a project to enhance the enrichment of CVE records in response to delays at NIST's National Vulnerability Database (NVD). Since the NVD has slowed down in updating its database with vital information such as impact metrics and vulnerability types, CISA’s initiative aims to address the gap by enriching CVEs with additional data through its Authorized Data Publisher container. So far, CISA has enriched 1,300 CVEs, categorizing vulnerabilities by urgency and impact to aid in more efficient remediation. The project, which uses the CVE JSON format, seeks community feedback and is expected to evolve rapidly.

Elsewhere at RSA Conference, the White House cyber czar, National Cyber Director Harry Coker, addressed past leadership instability at the Office of the National Cyber Director (ONCD), confirming the team's commitment to advancing U.S. digital security. Despite experiencing significant turnover with four chiefs in less than a year since its 2021 inception, the ONCD has successfully produced critical policy documents and implemented cybersecurity strategies. Coker, confirmed late last year, emphasized the office's ongoing contributions to national security and its resilience amidst potential future personnel changes. The ONCD recently published a report on U.S. cybersecurity posture and released the second implementation plan for the national cybersecurity strategy, outlining new government benchmarks.

Later in the show our N2K Cyberwire Executive Editor Brandon Karpf catches up with Caleb Barlow from CyberBit at RSA. Stay tuned for that. 

In addition to our own N2K Cyberwire team on the ground at RSA Conference, a tip of the hat to The Record by Recorded Future, who have been providing outstanding coverage of the show. 

The FDA recalls an insulin pump app. 

The FDA announced a Class I recall for Tandem Diabetes Care's iOS t:connect app version 2.7, used with the t:slim X2 insulin pump, due to a defect causing premature shutdowns from excessive battery drain linked to Bluetooth issues. At least 224 injuries have been reported. Users are advised to update the app to version 2.7.1 or later to correct the issue. The defect can interrupt insulin delivery, potentially leading to severe hyperglycemia or diabetic ketoacidosis, which may require hospital intervention. No deaths have been reported, but Tandem has urged heightened vigilance, especially during sleep, and has requested customers confirm notification of the recall through an online form.

Polish officials blame Russia for recent cyber attacks. 

Polish government institutions were targeted by Russian military intelligence hackers in a recent espionage campaign, orchestrated by the hacker group APT28 or Fancy Bear, linked to Russia’s GRU. This is part of a broader pattern where several NATO countries, including Germany, Lithuania, Slovakia, and Sweden, have accused the Kremlin of cyberattacks. In Poland, the hackers used phishing emails with a decoy story about a "mysterious Ukrainian woman" to trick recipients into downloading malware that collects information and sends it to hacker-controlled servers. Germany has escalated its response by recalling its ambassador, and Czechia plans to summon the Russian ambassador over similar cyberattacks.

IntelBroker claims to have compromised a pair of UK banks. 

The hacker using the handle IntelBroker claims to have compromised a third-party contractor and stolen sensitive data from two major UK banks, HSBC and Barclays. The breach, which occurred in April 2024, involved the theft of SQL, source code, database files, and email addresses. The stolen data, including potentially sensitive and technical information, has been leaked on Breach Forums and is circulating on Russian-language forums, posing significant security risks to the banks and their customers.

New Mexico’s top cop accuses Meta of failing to protect kids. 

New Mexico's Attorney General, Raúl Torrez, announced charges against three men accused of using Meta's social media platforms to solicit sex with underage children. The arrests resulted from a months-long undercover operation where the suspects connected with decoy accounts set up by the state Department of Justice. The investigation began around the time New Mexico filed a lawsuit against Meta, alleging the company failed to protect children. Torrez criticized Meta for prioritizing profits over children's safety, while Meta defended its efforts to prevent suspicious adult interactions and work with law enforcement. The lawsuit also revealed internal documents estimating 100,000 children face sexual harassment on Meta's platforms daily.

British Columbia reports "sophisticated cybersecurity incidents" on government networks.

British Columbia Premier David Eby reported "sophisticated cybersecurity incidents" on provincial government networks. Following this, all government employees were directed to change their passwords, a move described by the Office of the Chief Information Officer as routine security updates. The government is collaborating with the Canadian Centre for Cyber Security to assess the incidents, with no current evidence of compromised sensitive information. 

Researchers uncover a vulnerability in UPS software affecting critical infrastructure. 

Researchers from security firm Cyble revealed vulnerabilities in CyberPower's PowerPanel Business Software, used for UPS management, posing potential serious risks to critical infrastructure. These vulnerabilities could allow attackers to bypass authentication, obtain administrator privileges, and execute arbitrary code, potentially leading to severe operational disruptions and financial losses. CISA has issued an ICS advisory amid concerns of increased targeting of such systems by hacktivists. CyberPower has issued a patch to address these vulnerabilities. 

Zscaler investigates a claimed data breach. 

Cybersecurity firm Zscaler is investigating a claimed data breach after threat actor IntelBroker allegedly offered to sell access to the company's network on Breach Forums. Zscaler has confirmed there is no impact or compromise to its customer, production, and corporate environments. IntelBroker is demanding $20,000 in cryptocurrency for access, which includes SMTP and SSL passkeys and certificates. Zscaler engaged an incident response firm and continues to monitor the situation. They discovered an exposed test environment, which has since been taken offline for analysis.

 

Today from the RSA Conference, N2K’s Brandon Karpf catches up with Cyberbit CEO Caleb Barlos. Caleb shares some insights into what he’s seeing at RSAC this year. 

Next up, we’ve got a bonus Learning Layer segment. Today host Sam Meisenberg talks with N2K’s Urban Alliance Intern, David Nguyen, about David's AZ-900 exam experience. 

On our Learning Layer segment, we continue Joe’s journey to prepare for his CISSP exam. This time, Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and talk about networking, the OSI model, and firewalls. 

We’ll be right back

Welcome back

The Library of Congress stands strong. 

And finally, remember last fall when the British Library fell victim to a cyberattack? Turns out, on the same October day, cybercriminals tried their luck on both sides of the pond. The US Library of Congress (LOC) fended off a cyberattack while its transatlantic cousin, the British Library, wasn't so lucky. Reportedly, LOC stood its ground thanks to the digital drawbridge of multifactor authentication and some quick-thinking IT professionals who promptly closed the digital gates. Meanwhile, the British Library, targeted by the notorious Rhysida ransomware gang, ended up surrendering 500,000 files after refusing to pay a king's ransom of 20 bitcoin.

The drama highlights the importance of digital defenses. The U.S. remained secure, perhaps disappointing the cyber villains who had to settle for less fortified targets. While LOC didn't comment, their silence speaks volumes of a fortress well-guarded, keeping cultural treasures safe from digital marauders.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.