Cybersecurity Agencies Warn of TrueBot Malware Campaign Targeting U.S. and Canadian Orgs
A joint cybersecurity advisory has been issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) warning about a TrueBot malware campaign targeting organizations in the United States and Canada.
TrueBot is a downloader/botnet malware that establishes a connection with its command-and-control server, collects information on compromised systems, and is used for launching more extensive attacks on compromised networks. TrueBot is used by multiple threat actors including FIN11 and the Silence group. FIN11 has been using TrueBot malware to deploy Clop ransomware on victims’ networks. FIN11 installs TrueBot, then uses the malware to deliver the FlawedGrace Remote Access Trojan (RAT), which is used to escalate privileges and maintain persistence. FIN11 has also been observed deploying Cobalt Strike beacons.
TrueBot is usually installed via phishing attacks using malicious attachments; however, newer versions of the malware are also being delivered by exploiting a remote code execution vulnerability in the Netwrix Auditor application – CVE-2022-31199. Successful exploitation of the vulnerability allows a malicious actor to execute arbitrary code with SYSTEM privileges, allowing the deployment of TrueBot malware at scale within a compromised environment. The cybersecurity authorities report that phishing emails with malicious hyperlinks are being used in addition to the exploitation of the Netwrix Auditor vulnerability to deliver TrueBot malware.
Immediate patching of the CVE-2022-31199 vulnerability is strongly recommended if the Netwrix IT system auditing software is in use. To protect against phishing attacks, email security solutions are recommended along with phishing-resistant multifactor authentication. Organizations are also encouraged to search for the published Indicators of Compromise (IoCs) detailed in the alert and to immediately apply the recommended incident responses and mitigation measures if the IoCs are detected.
The post Cybersecurity Agencies Warn of TrueBot Malware Campaign Targeting U.S. and Canadian Orgs appeared first on HIPAA Journal.
Advanced Medical Management Reports Data Breach Affecting … – HIPAA Journal
Advanced Medical Management Reports Data Breach Affecting 319,485 Individuals
Advanced Medical Management LLC, a provider of operational, administrative, and technical healthcare management services to large physician organizations, government agencies, and health plans, has recently announced that it was the victim of a cyberattack in which the protected health information of 319,485 individuals was exposed and potentially stolen.
The forensic investigation confirmed that unauthorized individuals gained access to parts of its network that were designed and maintained by third-party vendors. The security breach was detected on May 11, 2023, with unauthorized access occurring between May 10, 2023, and May 13, 2023.
A review was conducted of all files on the compromised systems and confirmed they contained information such as names, addresses, email addresses, phone numbers, dates of birth, driver’s license numbers, Social Security numbers, and health insurance information. Notification letters started to be mailed to affected individuals on June 29, 2023.
Californian Law Firm Confirms Data Breach Affecting Almost 41,000 Individuals
The San Francisco, CA-based law firm, Orrick, Herrington & Sutcliffe LLP, has recently confirmed a breach of its IT environment and the exposure of the protected health information of up to 40,823 individuals. In a breach report submitted to the Montana Attorney General, the law firm said a potential system intrusion was detected on March 13, 2023, and the forensic investigation confirmed that unauthorized individuals had gained access to a portion of its network where client files were stored. Those files contained names, dates of birth, addresses, and Social Security numbers. The investigation also confirmed that files had been exfiltrated from its network on March 7, 2023.
Individuals affected by the attack include members of an unnamed vision health plan, which had engaged the law firm following a security breach in 2020. The law firm started sending notification letters to affected individuals on June 30, 2023 and has offered two years of complimentary identity theft monitoring services to affected individuals. Since data was stolen in the attack, anyone receiving a letter should take advantage of the services being offered through Kroll. The law firm has confirmed that additional security measures have been implemented to prevent similar attacks in the future.
The post Advanced Medical Management Reports Data Breach Affecting 319,485 Individuals appeared first on HIPAA Journal.
Abacus Life to Participate in ICR Webinar Series Tuesday, July 11 … – InvestorsObserver
Abacus Life to Participate in ICR Webinar Series Tuesday, July 11 ... InvestorsObserver
Senior Data Privacy Analyst, Samaritan’s Purse, Boone, NC – International Association of Privacy Professionals
Senior Data Privacy Analyst, Samaritan's Purse, Boone, NC International Association of Privacy Professionals
Dr. MedLaw Q&A: When It Is Appropriate to Disclose Personal … – Physician’s Weekly
Dr. MedLaw Q&A: When It Is Appropriate to Disclose Personal ... Physician's Weekly