Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Check what Google knows about you
Google offers a wide range of services that are free, but may come at the expense of your privacy. Your online – and potentially even physical – movements can be tracked, recorded, and used indefinitely unless you check your settings and preferences. Technology website CNET offers a comprehensive guide on the wealth of data Google has on file, and gives you the resources to adjust as necessary.
Louisiana municipality hit by “security breach”
IT personnel from the Louisiana city of Alexandria are working with local law enforcement and state resources to investigate a June 2 “security breach” on the city’s computer systems.
As the outage affected the city’s email system, city spokesperson Jim Smilie texted a brief status announcement to local media: “To protect the integrity of the investigation, neither the city nor the investigators can provide details at this time. We will provide as much information as possible at the appropriate time in the investigative process.” That investigation has continued through the weekend, and an update is expected early this week.
Mike Steele, communications director at the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness, confirmed that the state cybersecurity resources are assisting local IT staff in managing the situation and supporting the criminal investigation.
According to a report in The Record, the city learned of the attack when the AlphV ransomware gang added Alexandria to its list of alleged victims on June 2. The following day, the post was updated to address Louisiana Governor John Bel Edwards directly, boasting of the theft of 80 GB of “important city data” and compromising the city’s network. The post also appeared to warn local NBC television affiliate KALB Channel 5 to muzzle its reporting of the incident.
Costa Rican healthcare system suffers cyber attack
Costa Rican authorities have announced that the country has been the target of yet another cyber attack. A Spanish language Twitter post from the nation’s public health service (known as the Costa Rican Social Security Fund or “CCSS”) advised that they had discovered a serious hacking incident on the morning of May 31. While few other details were disclosed, the Central American government agency did confirm that citizen health and tax information stored in the EDUS (Unified Digital Health) and the SICERE (Centralized Tax-Collection System) databases was not compromised. IT staff are doing analysis to attempt to restore critical services, but there is no indication as to when operations will resume.
The attack reportedly delivered ransomware infections to at least 30 of the 1500 servers in the CCSS network before it was contained. The incident has forced the CCSS to shut down many of their unaffected systems as a precaution, disrupting services to some 1200 hospitals and clinics and potentially affecting care for thousands of patients across the country. Many healthcare services – including COVID-19 reporting – have been delayed, but facilities are switching to paper filing systems to maintain operations as best as possible.
The ransomware group known as “Hive” is widely believed to be behind this latest attack, which comes on the heels of a series of serious cyber breaches across the Costa Rican government IT infrastructure in recent weeks. Those attacks were orchestrated by the Conti ransomware gang in late April and early May, finally prompting President Rodrigo Chaves Robles to declare a state of emergency on May 11.
Patch alert: Atlassian releases fix for critical vulnerability in Confluence products
On June 2, Atlassian issued a security advisory with information and instructions on how users can address a critical vulnerability in their Confluence Server and Data Centre installations. Coded CVE-2022-26134, the vulnerability could allow an attacker to conduct unauthenticated remote code execution on compromised systems. All current versions of Confluence are at risk.
Atlassian has contacted all potentially vulnerable customers directly to notify them about a fix, and to provide several temporary workarounds for those who are unable to patch promptly.
The vulnerability is believed to affect nearly 10,000 installations worldwide. Early reports suggest that threat actors are already exploiting the vulnerability in the wild.
Patches have been made available for Confluence versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, and 7.18.1. There is no current evidence that Atlassian cloud customers are affected.
Cyber breach at Regina Public Schools enters its third week
The Regina Public Schools website remains down after a significant cyber attack over Canada’s Victoria Day long weekend.
The district disclosed the attack in a Twitter posting on May 24, advising they had “experienced a network-wide incident” that had affected “a large number” of computer systems. On May 28, the CBC reported that they had received a copy of the ransom note that appeared on compromised computers in the district. The note suggested that the attack had been orchestrated by the BlackCat/AlphV ransomware gang, the same group involved in an attack on the city of Alexandria, Louisiana. cyber attack.
“The note alleges that 500 gigabytes of files belonging to Regina Public Schools have been encrypted and that the group now possesses copies of data ranging from tax reports and health information to passports and social insurance numbers,” according to the report.
Privacy ruling: Tim Hortons found to have contravened PIPEDA legislation
On June 1, the Office of the Privacy Commissioner of Canada (OPC) issued a report summarizing a joint investigation involving the OPC and privacy authorities in Alberta, B.C., and Quebec, directed at Tim Hortons (TDL Group) and its parent company Restaurant Brands International (RBI).
The investigation followed the release of a June 2020 Financial Post article entitled “Double-double tracking: How Tim Hortons knows where you sleep, work and vacation,” which revealed the extent of GPS tracking data that the Tim Hortons mobile phone app collected on its users without their explicit knowledge or consent – even when the app was not running.
TDL Group, which ceased collecting granular location data in August 2020 after the probe was announced, has agreed to delete all historical data, and establish and maintain a privacy management program to ensure future compliance with PIPEDA.
The OPC issued a veiled warning to other RBC properties in Canada (viz., Burger King, Popeyes, and Firehouse Subs) in its ruling, saying that they “would expect that RBI will further leverage the outcome and lessons of this investigation and review its personal data handling practices in the context of those other apps to ensure their compliance with the Acts.”