~this week in security~
a cybersecurity newsletter by @zackwhittaker

volume 3, issue 39


Ransomware attack hits Universal Health Services
Wall Street Journal ($): One of the largest hospital chains in the U.S. was taken offline after a ransomware attack. The incident forced some facilities to turn away patients and ambulances, reports say. Patient data, operated through a third-party, is said to be unaffected, according to UHS' chief executive who spoke to the Journal. Sources said the ransomware was consistent with the Russian ransomware group Ryuk. UHS has 400 hospitals and healthcare facilities across the United States. The company's U.K. operations were unaffected, per a statement.
More: Associated Press | ZDNet | TechCrunch | Universal Health Services
Russia's Fancy Bear hackers likely penetrated a U.S. federal agency
Wired ($): New clues suggest Russia's Fancy Bear, known as APT 28, may be behind an intrusion at an unnamed U.S. federal agency. CISA said hackers broke in — without attributing blame — but detailed their tactics and techniques, which security experts say point to hackers working for the Russian GRU.
More: CISA | @a_greenberg

Blackbaud hackers had access to banking info and passwords
BBC News: Remember Blackbaud, a cloud provider for schools, faith groups, and non-profits that was hit by data-stealing ransomware earlier this year, tried to cover it up, but got a pinky promise from the hackers that they (allegedly) deleted the data? In fact, it turned out to be one of the biggest security incidents of the year based on the number of organizations involved. But the company admitted in a regulatory filing this week that bank account information and users' passwords may have been stolen in the breach. Previously it was just believed to be personal data that was stolen. It's the cyberattack that just gets worse as time goes on...
More: Blackbaud [PDF] | Bleeping Computer

This is what Palantir and the LAPD know about you
BuzzFeed News: Newly obtained documents reveal how for more than a decade the LAPD used technology built by Palantir, the secretive data analytics and surveillance startup, which went public this week. The documents show that dozens of police depts, sheriff's offices, airport police, universities, and school districts gave their data to the LAPD's Palantir database. The documents give an unprecedented look into how the technology works. This is a really incredible read.
More: @carolineha_ tweets

Facebook shut down malware that hijacked accounts to run ads
Wired ($): Hackers drained $4 million from victims during a hacking spree that involved compromising Facebook accounts and buying malicious ads to promote scams on the platform, reports @lilyhnewman. The operation, dubbed SilentFade, would compromise accounts using stolen passwords or account cookies, and even went as far as disabling Facebook notifications as to not alert the compromised user of the malicious activity.
More: Cyberscoop

Confidential information released after school district refused to pay hackers' ransom demand
CNN: Hackers who launched a data-stealing ransomware attack on the fifth-largest school district in the U.S. have published the information they stole after the school district failed to pay the ransom. The ransomware operators published employee Social Security numbers, addresses and retirement paperwork. For students, information released includes a data file with names, grades, birth dates, addresses and the school attended. The district has about 320,000 students
More: Wall Street Journal (R) | Clark County School District
~ ~

A huge thanks to everyone who reads this newsletter! If you can spare $1/month (or more for perks!), it helps to maintain its upkeep. You can contribute to the Patreon or send a one-time donation via PayPal or Venmo.
~ ~


Microsoft says Russia behind most nation-state cyberattacks
Bloomberg: In a new report, Microsoft said that Russia-based hackers are responsible for the majority of nation-state attacks on its customers. That is, to be clear, detected attacks. Microsoft issued 13,000 alerts about nation-backed hacking incidents between July 2019 and June 2020. More than half were attributed to Russia, and about one-quarter were blamed on Iran.

Helping to pay off ransomware hackers could draw big penalties from the feds
Cyberscoop: In a new advisory this week, the U.S. Treasury said ransomware victims and cybersecurity firms that help companies respond to attacks could face severe penalties if they pay the ransom that then goes on to fund attackers on the U.S. sanctions list. It comes after the Garmin attack in July, which sources said paid the ransom, even though the group allegedly behind the attack is on a U.S. sanctions list. @pwnallthethings has a good thread on this.
Google is creating a special Android security team to find bugs in sensitive apps
ZDNet: Google is hiring to create a new Android security team that will try to find vulnerabilities in high-profile apps on Google Play, like coronavirus contact tracing and election-related apps.

Pressing YubiKeys
Bertrand Fan: This deeply technical article is a fun read, even if the end result is hilariously underwhelming (and oddly specific for this person's use case). Bertrand Fan built a robotic finger to trigger his YubiKey from his keyboard, rather than having to tap the YubiKey, which for some reason didn't work one-in-five times.
~ ~


Microsoft outage prevents millions from logging in
Well that wasn't fun. For hours last Monday and Tuesday, millions were prevented from logging into their Office, Outlook, and Teams accounts because of an outage with Azure's Active Directory. @maryjofoley explains what caused the hours-long incident.

After breach, Twitter hires a new CISO
Rinki Sethi has joined Twitter as its new chief information security officer. Sethi hails from Rubrik where she also served as CISO. Before then, she worked in cybersecurity positions at IBM, Palo Alto Networks, and Intuit. Her hiring comes just a couple of months since its very high-profile attack that saw hackers trick employees into giving over access to the company's internal "admin" tool, which the hackers used to spread a cryptocurrency scam on the accounts with some of the largest followers, including Barack Obama, Bill Gates, Elon Musk, Apple, and Uber.
To hunt hackers, FBI works more closely with spy agencies
The FBI is teaming up with the CIA, NSA, and the Secret Service as part of a wider task force effort to target and prosecute hackers who target U.S. organizations. Matt Gorham, the assistant director of the FBI's cyber division, told Reuters that the goal was to combine "everyone’s tools and authorities" for better results.
~ ~


And breathe. It's the happy corner. 

Here's @kevincollier with his annual October PSA. Don't forget to be aware of your cybersecurity for the whole month! After that you can stop caring until October again. (I'm kidding!)
And, per @SwiftOnSecurity, Google has dropped the blacklist/whitelist terminology in Chrome management policies. It's part of a wider effort in the wake of the Black Lives Matter movement to move toward more inclusive language. Great move!
If you want to nominate some good news from the week, feel free to reach out.
~ ~


This week's cyber cat is Ellie. Here she is on the lookout for nation-state hackers. A big thanks to her human Nick S. for the submission!
Don't forget to keep sending in your cyber cats! The more the merrier. They'll always be featured.
~ ~


Thanks for reading this week! The suggestion box is always open for feedback. Have a great week and see you next Sunday.

You can update your preferences or unsubscribe from this list.