May 17, 2024 at 11:30AM
SecurityWeek’s cybersecurity news roundup offers a concise compilation of noteworthy stories in the cybersecurity landscape. This week’s stories include FBI targeting the Scattered Spider group, identification of LockBitSupp mastermind, Firefox and Cisco patches, GE Healthcare Vivid Ultrasound vulnerabilities, cybersecurity guidance for civil society organizations, Wi-Fi vulnerability, MediSecure ransomware attack, and Turla APT’s Lunar malware targeting European ministry of foreign affairs.
Based on the meeting notes, here are the key takeaways:
1. FBI’s Pursuit of Scattered Spider Cybercrime Group:
– The FBI is seeking to charge members of the Scattered Spider cybercrime group for deploying the BlackCat (Alphv) ransomware on MGM Resorts’ systems.
– The group includes individuals from the US, western countries, and eastern Europe.
2. Identification of LockBit Mastermind:
– Brian Krebs has revealed the identity of LockBitSupp, the mastermind behind the LockBit ransomware operation, as Dimitry Yuryevich Khoroshev.
3. Patching of Vulnerabilities by Mozilla and Cisco:
– Mozilla has released Firefox 126 to address several vulnerabilities, including high-severity flaws.
– Cisco has fixed high-severity vulnerabilities in Crosswork Network Services Orchestrator and ConfD, as well as medium-severity security bugs in various products.
4. Disclosed Vulnerabilities in GE HealthCare Vivid Ultrasound Products:
– Nozomi Networks has disclosed 11 vulnerabilities in GE HealthCare Vivid Ultrasound products, warning of potential exploitation by malicious insiders.
5. Cybersecurity Guidance for Civil Society Organizations:
– CISA, the FBI, and international partners have issued guidance to help civil society organizations mitigate cyber threats with limited resources, including nonprofit, advocacy, cultural, faith-based, academic, and journalist organizations.
6. Wi-Fi Vulnerability (CVE-2023-52424) and SSID Confusion Attack:
– A new Wi-Fi vulnerability affects all clients and operating systems, enabling SSID confusion attacks against enterprise, mesh, and home networks.
7. Ransomware Attack on Australian Digital Prescription Platform MediSecure:
– The MediSecure platform has been hit by a ransomware attack originating from a third-party vendor, impacting personal and health information.
8. Turla APT’s Use of Lunar Malware:
– The Russia-linked Turla APT has targeted a European ministry of foreign affairs using a toolset named Lunar, including the backdoors LunarWeb and LunarMail.
These takeaways provide a comprehensive overview of the notable cybersecurity developments discussed in the meeting.