Ransomware attack at a German hospital leads to the death of a patient
A man had a life-threatening condition and passed away after being forced to go to a more distant hospital because the nearest hospital was under a ransomware attack. German police contacted the ransomware operators via the ransom note instructions and explained that their target was a hospital. After that, ransomware operators withdrew the ransom demand and provided a decryption key.
The attackers exploited the Citrix ADC CVE-2019-19781 vulnerability. That vulnerability has been known in VPN products from Citrix for Cyber-Attacks used since January 2020, but the hospital didn’t patch it and had a sad result.
Apple Bug Allows Code Execution on iPhone, iPad, iPod
Apple has updated its iOS and iPadOS operating systems, which addressed many flaws in their products. The most critical vulnerabilities allow an attacker to execute code on a device. For now, Apple fixed these flaws, and appliances are safe. You need to update your devices until the latest firmware, and everything will be OK.
GartnerSEC: Top Trends for Risk and Security Include Cloud, Automation, and Privacy
At a Gartner Security and Risk Virtual Summit, top trends for Risks and Security were published. They are:
- Extended Detection and Response;
- Security Process Automation;
- Securing Artificial Intelligence;
- Impact of Cyber on the Physical World;
- Form Trust and Safety Teams;
- Secure Access Service Edge;
- Cloud Workload Protection.
During the whole virtual summit, speakers spoke about the most popular trends in Security and Risks Governance.
More Details Emerge on Operations, Members of Chinese Group APT41
This week, the United States made public two separate indictments returned by a federal grand jury in August 2019 and August 2020, charging a lot of Chinese citizens that are actors in the APT41 group, respectively. APT41’s activity spans over more than a decade, with victims located in the United States, Australia, Brazil, and many more countries.
U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence
The U.S. Treasury applied the sanctions target Rana Intelligence Computing Company (or Rana), which was as a front for the threat group APT39. APT39 is Iranian cyber espionage hacking group active since 2014, known for its attacks on companies in the U.S. and the Middle East with an aim to pilfer personal information and advance Iran’s national security objectives.