Credit Unions outage, Roblox-Twitch extortion, Apple zero-days | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Credit unions facing outages due to ransomware attack on cloud provider

Up to 60 credit unions across the US are facing outages resulting from a ransomware attack on the cloud services provider Ongoing Operations, which is owned by credit union technology firm Trellance. According to The Record, “the attack is having larger downstream effects on other credit union technology providers, including FedComp, a company that offers data processing solutions to credit unions.” According to Emsisoft analyst Brett Callow, Ongoing Operations may be another victim of Citrix Bleed.

(The Record and Twitter/X)

Roblox, Twitch allegedly targeted by ransomware cartel

The ALPHV/BlackCat ransomware gang has posted information on its dark web blog about Tipalti, an accounting software fintech company. According to Cybernews, the gang quickly turned to exposing some of Tipalti’s clients, stating, “Tipalti claimed as a victim, but we’ll extort Roblox and Twitch, two of their affected clients, individually.” According to Tipalti’s own website, some of its other customers include Twitter/X, GoDaddy and Canva.

(Cybernews and

Apple fixes two new iOS zero-days in emergency updates

These updates are intended to resolve vulnerabilities in iPhone, iPad, and Mac devices, located in the WebKit browser engine. They are being tracked as CVE-2023-42916 and 42917. These would have allowed attackers to “gain access to sensitive information via an out-of-bounds read weakness and gain arbitrary code execution via a memory corruption bug on vulnerable devices via maliciously crafted webpages.”

(Bleeping Computer)

HHS issues CitrixBleed warning

The warning was issued last Thursday as a Sector Alert pointing out that “the Citrix Bleed vulnerability is being actively exploited and urged organizations to upgrade to prevent further damage to the sector.” The healthcare sector has already experienced disruptions from this vulnerability, with Capital Health alerting to outages in hospitals in New Jersey and Pennsylvania, Nashville-based Ardent Health reporting widespread outages across the US, and Prospect Medical Holdings seeing four sites attacked in August. A link to the HHS Sector Alert is available in the show notes to this episode. 

(The Record and HHS)

Huge thanks to this week’s episode sponsor, Barricade Cyber Solutions

Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 business cases over the past 5 years. Remember to visit and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. Visit today.

Russian Hacker convicted for creating TrickBot

Following up on a story we brought you back in September of 2021, Russian national Vladimir Dunaev, pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud, and now faces a maximum of 35 years in prison. This is in relation to the creation of the Trickbot malwareSentencing is scheduled for March of next year. He was arrested in South Korea in September 2021 after being stranded at Seoul airport due to COVID pandemic related travel cancellations.

(The Hacker News)

CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model

Speaking at an event held by the nonprofit International Information System Security Certification Consortium, CISA’s executive assistant director for cybersecurity stated that “addressing computer security vulnerabilities by quickly finding and patching flaws is a fundamentally broken model in need of being overhauled.” He seeks a philosophical shift that “puts a smaller burden on school districts, water utilities, and small businesses to maintain secure systems,” and asks more of the large companies to provide secure software and hardware. According to Cyberscoop, “Goldstein said that CISA is calling on technology providers to take accountability for the security of their customers by doing things like enabling default security controls such as multi-factor authentication, making security logs available, using secure development practices, and embracing memory safe languages such as Rust.”


US sanctions Kimsuky and North Korea agents

The announcement comes from US Department of the Treasury’s Office of Foreign Assets Control, along with sanctions against foreign North Korea agents. According to Security Week, the Treasury Department noted that the threat actor Kimsuky is “controlled by North Korea’s main foreign intelligence service, the Reconnaissance General Bureau.” The announcement comes just a few days after North Korea’s launch of a new spy satellite.

(Security Week)

Last week in ransomware

According to Bleeping Computer, last week saw an international law enforcement operation apparently taking down a ransomware affiliate operation in Ukraine, which had been responsible for attacks on organizations in 71 countries, and whose members were affiliated with gangs such as LockerGoga, MegaCortex, HIVE, and Dharma. Other attacks of note least week included on Ardent Health Services as mentioned earlier, Slovenia’s largest power provider HSE, a North Texas water utility, India’s national aerospace lab, and “a re-encryption of healthcare giant Henry Schein as punishment for allegedly not paying the ransom.”

(Bleeping Computer and Cyber Security Headlines)


Click Here For The Original Source.

National Cyber Security