1. Microsoft’s cyber security negligence was called out after a major breach

Microsoft is facing increasing criticism following a major breach on its Azure platform caused by a Chinese hacking group known as Storm-0558. The attack affected 25 organizations, including sensitive emails from US government officials. CEO of cyber security company Tenable, Amit Yoran, claims that Microsoft has a history of negligent cyber security practices. Microsoft took more than 90 days to implement a partial fix and Yoran says this delay was grossly irresponsible. The company disputes the severity of the breach and has responded to criticism by emphasizing its collaboration with the security community. (bleepingcomputer)

My thoughts: As tech leaders, such negligence is indeed a mortal sin. 90 days of partial fixes is too long. I can’t honestly help but wonder how they thought that was okay.

2. This department learns a hard lesson

The Colorado Department of Higher Education (CDHE) announced that it experienced a ransomware attack in June 2023, during which unauthorized access was gained to its computer system. The attackers copied certain data, including names and social security numbers of students and teachers. While the identity of the ransomware source is known, the amount of ransom demanded has not been disclosed, but CDHE confirmed that it was not paid. Potentially impacted individuals have been notified, and CDHE is offering free access to credit monitoring services. (securityaffairs)

My thoughts: I know it’s impossible to avoid 100% of the attacks but I wish these stories included the measures the victims had in place. Are they getting breached because they don’t have MFA or don’t have a strategy at all?

3. National attack on hospitals

A cyber attack has hit hospital computer systems across the United States, causing disruptions and closures in emergency rooms and primary care services. The attack targeted facilities operated by Prospect Medical Holdings in multiple states. The company took its systems offline upon discovering the incident and is investigating with the help of cyber security specialists. The extent of the problem is being assessed, and affected patients are being contacted individually. Similar disruptions have been reported at other facilities within the Prospect Medical Holdings system. (theguardian)

My thoughts: One reason I see why attackers target hospitals; urgency. Life is on the line when systems are hacked in hospitals. We have seen in the past weeks that there is a rise in ransomware attacks in healthcare. Hopefully, they do not pay the ransom.

4. Playful “versioning” malware in Play Store

Google's Cloud security team has acknowledged a tactic known as "versioning," used by malicious actors to sneak malware onto Android devices through the Google Play Store. This technique involves malicious payloads via updates to already-installed apps or loading malicious code from servers controlled by threat actors, called dynamic code loading (DCL). By circumventing the app store's static analysis checks, they deploy their payloads on Android devices as native, Dalvik, or JavaScript. This allows them to bypass some of Google Play's security controls, leading to apps being labeled as backdoors. Google cited the example of the SharkBot banking malware, which disguised itself as legitimate apps and later downloaded the full version of the malware after installation. (hackernews)

My thoughts: Versioning is not new but it is very sneaky. To minimize potential risks, users are advised to download apps only from trusted websites and check the updates being installed on their devices.

‍