By John Weiler
A Russian espionage tool infiltrates 50 countries, updates on the Western Digital breach and over a million patients impacted in NextGen Healthcare breach. Here are the latest threats and advisories for the week of May 12, 2023.
Threat Advisories and Alerts
Russian Cyber Espionage Tool 'Snake' Found in Over 50 Countries
The U.K., U.S. and their allies released a cybersecurity advisory pertaining to state-sponsored malware known as "Snake." Developed and used by Russia's Federal Security Service (FSB) for almost 20 years, Snake has infiltrated government networks, research facilities and journalistic entities across 50 countries. The malware operates using a covert peer-to-peer network of infected computers that route its operational traffic. A joint report on the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) website provides mitigation recommendations.
WordPress Users Warned of Reflected XSS Threat Affecting Popular Plugin
More than two million websites using the Advanced Custom Fields (ACF) plugin for WordPress are vulnerable to a severe security flaw. Outdated versions of the plugin expose websites to cross-site scripting (XSS) attacks that make it possible for cybercriminals to escalate their account privileges or inject arbitrary executable scripts. Updating to version 6.1.6 of the plugin should protect users from the vulnerability.
CISA Alert: Install Mozilla Updates to Patch High-Severity Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is advising anyone who uses Mozilla products to read the company’s most recent announcement about security updates. The updates apply to multiple versions of the popular Firefox web browser and rectify nine high-severity vulnerabilities, ranging from memory safety bugs to clickjacking attacks. Users and administrators who manage endpoints with Mozilla products installed should review and install the necessary patches as soon as possible.
Emerging Threats and Research
Western Digital Reveals Details on Data Breach That Exposed Customer Information
More than a month since the Western Digital My Cloud data breach was announced, details are finally beginning to emerge. As a result of the March 26 security incident, cybercriminals were able to obtain “limited personal information” for anyone who had created an account for Western Digital’s online store. Breached data included home addresses, email addresses and telephone numbers. The company temporarily suspended all online orders while conducting a forensic investigation.
MSI Data Breach May Lead to Huge Headaches for Intel’s Boot Guard
The cybercriminals responsible for a ransomware attack on hardware manufacturer MSI have begun leaking stolen information. Most notably, private signing keys for Intel’s hardware-security product Boot Guard, installed on 116 MSI models, were posted online. Threat actors could use leaked keys to create malware that passes firmware checks, making it incredibly hard to detect. Intel says it is looking into whether the breach affects non-MSI devices.
Sysco Discloses Data Breach Affecting Business, Customer and Employee Data
Multinational wholesale food distribution company Sysco admitted falling victim to a data breach spanning the first few months of 2023. In a message to employees, the company explained that threat actors likely accessed and stole private customer, supplier and employee information for those in the U.S. and Canada. The worst of the breach involved the theft of employee social security and payroll account numbers. Sysco claims the security vulnerabilities responsible for the incident have been identified and fixed.
NextGen Healthcare Discloses Data Breach of 1.05 Million Patient Records
Electronic health record software provider NextGen Healthcare has revealed that threat actors accessed the personal data of more than one million patient records. Breached records contained patients' names, dates of birth, addresses and Social Security numbers. NextGen claims that whoever was responsible for the attack accessed the company's database using credentials stolen in an unrelated security incident.
To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.