Cyber Security News — Past 24 hours | 12.07.2021
Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems
Multiple security vulnerabilities have been disclosed in Philips Clinical Collaboration Platform Portal , some of which could be exploited by an adversary to take control of an affected system.
«Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity in such a way as to negatively impact the confidentiality, integrity, or availability of the system,» the U.S.
Four of the issues have been given a Common Vulnerability Scoring System base score of 9.8, and concern improper validation of input data as well as vulnerabilities introduced by flaws previously patched in Redis.
Another serious flaw is caused by the Vue platform’s use of cryptographic keys beyond their established expiration date, «which diminishes its safety significantly by increasing the timing window for cracking attacks against that key».
Prevent Data Breaches
While Philips has addressed some of the shortcomings as part of its updates shipped in June 2020 and May 2021, the Dutch healthcare company is expected to patch the rest of the security issues in version 15 of Speech, MyVue, and PACS that’s currently in development and set for release in Q1 2022.
New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021
For years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service applications over 2020 turned slow-burning embers into a raging fire.
Organizations manage anywhere from thirty-five to more than a hundred applications. From collaboration tools like Slack and Microsoft Teams to mission-critical applications like SAP and Salesforce, SaaS applications act as the foundation of the modern enterprise.
Understanding the SaaS Security Management Landscape
SaaS applications provide easy-to-use, scalable solutions that offer a wide variety of native security controls.
SaaS Misconfiguration Worries
85% of respondents in the 2021 SaaS Security Survey Report cited SaaS misconfigurations as one of the top three risks facing their organization.
More Apps Mean Less Monitoring
Although this seems counterintuitive at first, upon further thought, ‘more apps means less monitoring’ makes sense for the organization handling the monitoring process manually.
Delegating Security Impacts Risk
With the scope of the ever-growing portfolio of SaaS app estate, 52% of respondents report regularly putting responsibility for checking and maintaining SaaS security into the hands of the SaaS owner.
As CSPM and CASB tools aren’t built to address the challenges of a SaaS environment, SSPM has risen to the top of the enterprise agenda and is the top pick in terms of priorities in 2021.
Automating SaaS Security with Adaptive Shield
Automating maintenance of security settings and controls can enable security teams to take control of their SaaS applications.
SaaS Security Posture Management , like Adaptive Shield, offers a powerful platform designed uniquely to enable security teams to proactively maintain continuous security across their interconnected, divergent SaaS application estate.
Takes minutes to deploy for zero business disruption
By automating monitoring and enforcement with Adaptive Shield, security teams no longer need to delegate responsibility to app owners, or have no visibility to the management of the security settings of the SaaS.
Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection.
Stack Overflow Teams
In one instance of a Magento e-commerce website infection investigated by the GoDaddy-owned security company, it was found that the skimmer was inserted in one of the PHP files involved in the checkout process in the form of a Base64-encoded compressed string.
What’s more, to further mask the presence of malicious code in the PHP file, the adversaries are said to have used a technique called concatenation wherein the code was combined with additional comment chunks that «does not functionally do anything but it adds a layer of obfuscation making it somewhat more difficult to detect».
Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack
Stack Overflow Teams
The latest development comes days after Kaseya cautioned that spammers are capitalizing on the ongoing ransomware crisis to send out fake email notifications that appear to be Kaseya updates, only to infect customers with Cobalt Strike payloads to gain backdoor access to the systems and deliver next-stage malware. Kaseya has said multiple flaws were chained together in what it called a «sophisticated cyberattack», and while it isn’t exactly clear how it was executed, it’s believed that a combination of CVE-2021–30116, CVE-2021–30119, and CVE-2021–30120 was used to carry out the intrusions. REvil, a prolific ransomware gang based in Russia, has claimed responsibility for the incident. The use of trusted partners like software makers or service providers like Kaseya to identify and compromise new downstream victims, often called a supply-chain attack, and pair it with file-encrypting ransomware infections has also made it one of the largest and most significant such attacks to date.
Interestingly, Bloomberg on Saturday reported that five former Kaseya employees had flagged the company about «glaring» security holes in its software between 2017 and 2020, but their concerns were brushed off.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT