Weekly CyberTip: Tap into CISA’s Known Exploited Vulnerability (KEV) catalog
The Cybersecurity & Infrastructure Security Agency (CISA) maintains a comprehensive list of system vulnerabilities that have been exploited in the wild. The Known Exploited Vulnerability (KEV) catalog https://www.cisa.gov/known-exploited-vulnerabilities is a provides a one-stop destination for information and links to potentially high-impact bugs as well as mitigations/fixes for them. CISA strongly urged all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of vulnerabilities in the catalog.
Apple fixes scores of vulnerabilities in latest patches
On May 18, Apple released new operating system versions for almost all of its products, addressing nearly 200 vulnerabilities in the process.
Version 16.5 has been released for Safari, iOS, and tvOS, while watchOS and macOS also have updated software available.
Apple has advised that at least three of the vulnerabilities are under active attack in the wild. The vulnerabilities – CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 – each affect the WebKit browser engine used in Safari and other iOS-compatible browsers. Users of Apple products are encouraged to review their asset inventories and update accordingly.
KeePass vulnerability could expose master password
A security researcher has identified a flaw in KeePass password locker software that could expose the program’s master password to an attacker. CVE-2023-32784 explains that it possible to recover the master password from a system “memory dump”, even if the software is no longer running. The researcher published a proof of concept to illustrate exploitation of the bug. KeePass has acknowledged the bug and will be releasing a fix in version 2.54, due out in June. KeePass users are encouraged to watch for the release and patch as soon as possible.
Pharmacy services ransomware attack affects 5.8M patients
On May 15, U.S. pharmacy services company PharMerica issued a breach notification to over 5.8M patients, advising that their confidential medical data had been exposed in a March ransomware attack.
Full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information was involved in the attack, allegedly conducted by the Money Message ransomware gang, which has been posting samples of data on their darkweb site. In all, 4.7 terabytes of data was exfiltrated, according to the gang’s posts. Money Message is the same criminal operation that orchestrated a massive data breach at Taiwanese electronics company MSI in April 2023.
In a status post on their website, PharMerica advised that they had learned about the incident on March 14, and identified that data had been stolen a week later. “At this point, PharMerica is not aware of any fraud or identity theft to any individual as a result of this incident, but is nonetheless notifying potentially affected individuals to provide them with more information and resources,” according to the post.
Ontario university suffers cyber attack
The Northern Ontario School of Medicine (NOSM) was hit by a cyber attack on May 17. In a media release on May 19, the university explained that “campus internet in both Sudbury and Thunder Bay, as well as shared and departmental drives, and many university websites and services, continue to be inaccessible”. The school’s website was still unavailable as of May 22.
The school has requested that all employees and learners “work remotely unless on-campus presence is required for student support or other in-person activities” as work continues to restore services.
NOSM University is Canada’s first independent medical university and describes itself as one of the greatest education and physician workforce strategy success stories of Northern Ontario.
Bank of Canada warns of cyber attack consequences
In their annual review released May 18, the Bank of Canada warned that a successful major cyber attack on one part of Canada’s financial infrastructure could quickly spread and threaten the country’s overall financial stability.
The central bank has had heightened concerns about a possible cyber attack since Russia’s invasion of Ukraine in February 2022 and the increase in state-sponsored cyber crime worldwide.
“In particular, ransomware attacks – where criminals demand payment for a victim’s data – on critical or widely used third-party service providers remain a source of concern. A severe incident could disrupt the delivery of financial services, lead to significant losses for compromised financial institutions and weaken public confidence in the financial system,” according to the report. “This is particularly the case if the targeted supplier provides a critical service, such as telecommunications, to a large commercial bank or a prominent financial market infrastructure.”
“Predicting an attack with systemic consequences is difficult, which is why financial system participants must have rigorous response and recovery plans.”