Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Quick Gmail Logout
If you’re on the go, you may log into your Gmail account from a home PC, a work computer, your phone, and a tablet. If you’re concerned that your multiple logins may create a security exposure, there’s a quick and easy answer. Google provides a one-stop page that shows you all of the devices that are accessing your account – and lets you disconnect some or all of them instantly. Here’s how:
- Open Gmail
- At the top right of the screen, click your photo
- Click “Manage your Google Account”, then “Security”
- Under “Your devices,” click “Manage all devices”
- Choose a device.
- Click Sign out.
Israel facing cyber attacks in wake of Hamas rocket attacks
Various hacking groups are launching attacks against Israeli government, media, and infrastructure after the Palestinian military group Hamas launched a series of deadly attacks on Israel starting on October 7. For example:
- Killnet – an organization with links to Russia – targeted Israeli government websites with distributed denial-of-service attacks, causing several brief outages. The website of security agency Shin Bet was also temporarily knocked offline on October 9.
- A separate group called Anonymous Sudan – also alleged to have ties to Russia – claimed responsibility for a DDoS attack on The Jerusalem Post, which also went offline for a short period on October 9.
- The hacker group AnonGhost said it was behind a breach on an Israeli app that provides rocket attack warnings. The hackers allegedly sent fake alerts about rockets and nuclear attacks over the app, which is used by up to 20,000 residents.
- A pro-Hamas group called Cyber Av3ngers has allegedely targeted the Israeli Electricity Department, the Noga Company (claiming to have compromised its network and shut down its website), and the Dorad power plant with various types of attacks.
According to an article in the Washington Post, the seeds for some of these cyber attacks may have been laid earlier this year, when a group called Storm-1133 went after energy, defense and telecommunications companies inside Israel. “The group used fake LinkedIn profiles and posed as software developers or project managers to send malware to employees at those targets and install back doors for later communications,” according to the article, quoting a recent Microsoft report.
Patch alert: High severity Linux vulnerability identified
Researchers at Qualys have discovered a high severity vulnerability affecting several versions of the Linux operating system. Tracked as CVE-2023-4911, the researchers exploited the vulnerability to gain full root privileges from local logins on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. While Alpine is not currently among those versions of Linux with an exposure, several versions of RedHat are also at risk. Administrators are urged to check their release versions and assess appropriate patching or mitigation strategies as soon as possible.
Patch alert: Critical vulnerability patched in Cisco Emergency Responder 12.5(1)
Cisco has released patches for a critical vulnerability in its Emergency Responder application. The vulnerability “could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted,” according to the Cisco bulletin. The issue is being tracked as CVE-2023-20101. Cisco’s security advisory provides more details on the vulnerability, along with information on applying patches. To date, only version 12.5(1) of the system is affected.
Microsoft report: basic security protects against 99% of attacks
Microsoft has released its latest Digital Defense Report. One of the key takeaways of the wide-ranging report is Microsoft’s assessment that following five basic security principles will protect against 99% of attacks:
- enable multi-factor authentication
- apply zero-trust principles
- use extended detection and response / anti-malware
- keep up to date
- protect data
Meanwhile, the report contains sobering news for organizations managing IoT devices:
- Of the 78% of IoT devices with known vulnerabilities on customer networks, 46% cannot be patched
- 25% of OT devices on customer networks use unsupported systems.
- 57% of devices on legacy firmware are exploitable to over ten CVEs
- 80-90% of all successful ransomware compromises originate through unmanaged devices
The free report is available as a full-length document, or in executive summary form.
Michigan AG weighs in on McLaren Health Care cyber incident
On October 6, Michigan Attorney General Dana Nessel issued a statement on the cyber incident at McLaren Health Care, one of Michigan’s largest hospital systems.
According to Nessel, “This attack shows, once again, how susceptible our information infrastructure may be… Organizations that handle our most personal data have a responsibility to implement safety measures that can withstand cyber-attacks and ensure that a patient’s private health information remains private.”
The cyber criminal gang BlackCat (also known as ALPHV) has taken credit for the September 5 attack, claiming to have stolen over 6 terabytes of data, including sensitive patient health information. While the actual number of affected individuals has still not been disclosed, McLaren Health provides services to over 732,000 people across 15 hospitals and over 100 primary care locations. McLaren says that systems are back to normal and there is “no evidence to suggest the group still has access to its IT systems,” though the investigation into the incident continues.
“Time is of the essence when a breach occurs to ensure affected individuals can take the necessary steps to protect their identities,” continued Nessel in her statement, which provided advice to patients on the warning signs of abuse of personal information, and practical steps to take in the event of a suspected disclosure of personal information.
