Check for Plex and XStream on PCs; Are You at Risk From Using Third Party Invisible Pixel Trackers?; Make Sure CISA Is Not On Your Email Spam List

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: a remote code execution flaw in Plex Media Server and a remote code execution flaw in XStream. Both have remediation due dates of March 31, 2023. Some reports have indicated that the breach of a LastPass engineer’s computer may have been conducted through a Plex vulnerability.

Read more in

Cerebral, a mental health services healthcare platform, has begun notifying more than 3 million people that their personal information was compromised. A Notice of HIPAA (Health Insurance Portability and Accountability Act) Privacy Breach recently posted on the Cerebral website says that the company has been using invisible pixel trackers and other tracking technologies from several third parties since late 2019.

Read more in

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced the creation of its new Ransomware Vulnerability Warning Pilot (RVWP). RVWP was established to comply with the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and has been in operation since the end of January. RVWP involves “leverage[ing] existing authorities and technology to proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.”

Read more in

The US Securities and Exchange Commission announced that Blackbaud has “agreed to pay $3 million to settle charges for making misleading disclosures about a 2020 ransomware attack.” Blackbaud provides donor data management software to non-profit organizations. When Blackbaud disclosed the incident in July 2020, the company said that donor bank data and Social Security numbers (SSNs) had not been compromised. However, a September 2020 SEC filing indicated that the attackers had accessed and stolen those data.

Read more in

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a cybersecurity advisory “detailing activity and key findings from a recent CISA red team assessment … of a large critical infrastructure organization with multiple geographically separated sites.” The advisory recommends establishing a baseline of normal network activity; conducting regular assessments; and enforcing phishing-resistant multi-factor authentication.

Read more in

Law enforcement agencies in multiple countries have taken action to hobble operations of the NetWire remote access trojan (RAT). The FBI seized a domain associated with NetWire. In Switzerland, authorities seized a server that hosted NetWire infrastructure. And law enforcement authorities in Croatia have arrested an individual in connection with the alleged operation of NetWire.

Read more in

The US Cybersecurity and Infrastructure Security Agency (CISA) and Women in CyberSecurity (WiCyS) have signed a Memorandum of Understanding, “which outlines opportunities for the two organizations to formally partner on bringing awareness to the incredible careers in the industry and building a pipeline for the next generation of women in cybersecurity.”

Read more in

The Housing Authority of the City of Los Angeles (HACLA) has disclosed a data breach that affects personal information, including driver’s license, payment card, passport, and financial account numbers and health insurance data. HACLA detected encrypted files on its network on December 31, 2022. An investigation revealed that intruders had had access to HACLA’s network since mid-January 2022.

Read more in

The Centre Hospitalier Universitaire (CHU) Saint-Pierre in Brussels, Belgium, was the target of a cyberattack over the weekend. The incident caused the organization to divert ambulances to other hospitals. By Saturday evening, the affected servers were disconnected and restarted; they remain disconnected from the Internet. CHU Saint-Pierre’s chief executive said that the hospital “launched the emergency plan specifically established for this type of situation.”

Read more in

More than a dozen vulnerabilities have been detected in Akuvox E11 smart intercoms. The flaws were reported to the US Cybersecurity and Infrastructure Security Agency (CISA) by researchers from Claroty’s Team 82. Both Claroty and CISA have attempted to notify the Chinese vendor and coordinate the vulnerabilities’ disclosure since January 2022. The vulnerabilities remain unfixed; CISA recommends disconnecting Akuvox E11 devices from the Internet until fixes are made available.

Read more in

The failure of Silicon Valley Bank (SVB) and Signature Bank this weekend left many of the bank's customers with questions as to how to communicate with the bank, or how to access their money. Scams often take advantage of these uncertainties, and some indications of scammers becoming ready to act have been sighted. The Internet Storm Center already spotted some suspicious domain registrations, and observed companies using simple emails to update account information with partners.

Read more in