company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

NGO

PHI

Healthcare

loading..
loading..
loading..

69,000 patients are hit by a massive data breach at Kaiser Permanente

Washington based Kaiser Permanente, a largest NGO for health plans and health care providers, was hit by a massive data breach affecting 69,000 patient's health...

14-Jun-2022
2 min read

Related Articles

loading..

Scattered Spider

MoneyGram

MoneyGram’s global operations were paralyzed for five days in a shocking cyberat...

The MoneyGram cyberattack in September has highlighted a glaring reality: even the most established financial giants are not immune to advanced cyber intrusions. This wasn’t just a minor hiccup—MoneyGram’s extensive global operations, spanning over 200 countries with 350,000 physical locations, were paralyzed for five days. Customers found themselves locked out, unable to access or transfer funds, igniting widespread concern. Initially, many speculated ransomware as the likely culprit—a standard conclusion given the surge of such attacks in recent years. However, after working closely with cybersecurity experts and law enforcement, MoneyGram firmly denied any connection to ransomware. While this might offer temporary relief, the lack of transparency and concrete details raises an unsettling question: if it wasn’t ransomware, what kind of threat are we dealing with? The absence of clear answers leaves the door open to even more complex and potentially dangerous vulnerabilities that remain concealed beneath the surface. ### September Breach: Disruption & Chaos On September 20, MoneyGram's services were abruptly halted, with customers unable to transfer funds or access vital services for five days. The company acted quickly, taking systems offline to contain the breach, and it wasn't until September 25 that operations resumed. Despite whispers of a ransomware attack, MoneyGram vehemently denied this, stating, “At this time, we have no evidence that this issue involves ransomware.” Yet, behind this reassurance lies a deeper, more disturbing narrative involving a hacker collective known as Scattered Spider. ### Rise of Scattered Spider To understand the gravity of this situation, we must travel back to a series of attacks in recent history. Scattered Spider, a hacker group with a reputation for its sophisticated social engineering attacks, made headlines in September 2023 after its audacious breach of MGM Resorts. With a cunning impersonation tactic, they called the resort's IT help desk, posing as employees to reset a password, eventually gaining access to the entire network. In the blink of an eye, Scattered Spider deployed BlackCat ransomware, encrypting hundreds of critical servers, causing a digital blackout that reverberated through the casino and resort giant. This attack, while devastating, was not isolated. In fact, Scattered Spider's modus operandi is to target organizations using similar social engineering methods. Their precision and deep understanding of corporate systems have left a trail of chaos across various industries. What’s most troubling is that the tactics used against MGM appear eerily similar to those seen in MoneyGram’s breach. ### Social Engineering: Silent Killer MoneyGram’s breach, while not linked directly to ransomware, shares a disturbing parallel with previous Scattered Spider attacks. According to insiders, the attackers gained access through a social engineering attack on the company’s internal help desk. An employee’s credentials were compromised, allowing the intruders to access critical employee information in MoneyGram's Windows Active Directory Services. Although swift action prevented further damage, this breach could easily have spiraled into something far more catastrophic. This is the signature of Scattered Spider. Their hallmark is not brute force or sophisticated malware but rather the subtle manipulation of human trust—a vulnerability far harder to patch. By exploiting human error, they bypass even the most stringent cybersecurity defenses, gaining access to systems that would otherwise be impregnable. ### Unanswered Questions While MoneyGram has downplayed the event, stating that "no further damage" was done and that "the majority of our systems are now operational," there remain lingering concerns. The company’s assurance that the breach wasn’t tied to ransomware is comforting, but the very fact that such a significant platform fell prey to a social engineering attack sends a ripple of fear through the financial industry. MoneyGram has yet to publicly name the attackers, but the similarity in attack strategies to those employed by Scattered Spider leaves little room for doubt. This hacker collective has evolved, moving from resort giants like MGM to financial behemoths like MoneyGram. Are they sending a message? Are they honing their skills, biding their time until they can strike again with even greater ferocity? ### A History of Chaos Scattered Spider has been a thorn in the side of cybersecurity for years. Their attacks, dating back to their earlier incarnation as UNC3944, have been marked by meticulous planning and a deep understanding of the corporate systems they breach. They move silently, often remaining undetected until it’s too late. The MGM attack was a defining moment, one that brought Scattered Spider into the limelight. With Microsoft, the FBI, CISA, and cybersecurity firm Mandiant issuing warnings about the group’s tactics, the world took notice. Yet, despite these advisories, the group continues to wreak havoc. Their ability to adapt and evolve, to learn from their past attacks and refine their techniques, makes them one of the most dangerous hacker collectives in the world today. ### A Warning to All The attack on MoneyGram serves as a stark reminder that no company, no matter how large or how secure they may seem, is immune to the threat of cybercrime. The financial industry, in particular, stands at a precipice. With vast amounts of sensitive data and billions of dollars at stake, the risk of another breach—potentially more damaging than this one—looms large. For now, MoneyGram can breathe a sigh of relief. Their systems are back online, and their customers can once again transfer funds. But the damage has been done. Trust has been shaken, and the specter of Scattered Spider continues to hover over the financial world like a shadowy figure waiting for its next victim. As we move into an era where digital transactions become the lifeblood of the global economy, companies must remain vigilant. The tactics of groups like Scattered Spider will only grow more sophisticated. Today, it's MoneyGram. Tomorrow, it could be anyone. And in this ever-evolving game of cat and mouse, it’s clear that the hackers are always one step ahead. The intersection of MoneyGram and Scattered Spider is not just to be cautious—it’s a rather a rock bottom hit. We are at war with cybercriminals who do not need guns or bombs to cause devastation. All they need is a phone call, a little bit of deception, and a world of havoc follows. The question now shouldn't be who will be next?

loading..   05-Oct-2024
loading..   6 min read
loading..

Password

VoiceOver

Update now! Apple releases critical iOS and iPadOS patches to fix a VoiceOver vu...

Apple has released critical updates for iOS and iPadOS to address two significant security issues, one of which could have allowed a user's passwords to be read aloud by the VoiceOver assistive technology. ### Overview The first vulnerability, tracked as CVE-2024-44204, is a logic flaw in the new Passwords app that impacts a wide range of iPhones and iPads. Security researcher Bistrit Daha discovered and reported this flaw to Apple. >>> _"A user's saved passwords may be read aloud by VoiceOver,"_ Apple stated in an advisory released this week. The issue was resolved with improved validation. ### Affected Devices The vulnerability impacts the following devices: **iPhones:** - iPhone XS and later **iPads:** - iPad Pro 13-inch - iPad Pro 12.9-inch (3rd generation and later) - iPad Pro 11-inch (1st generation and later) - iPad Air (3rd generation and later) - iPad (7th generation and later) - iPad mini (5th generation and later) **CVE-2024-44207:** Audio Capture Before Microphone Indicator Activation Apple also patched a security vulnerability identified as CVE-2024-44207, specific to the newly launched iPhone 16 models. This flaw resides in the Media Session component. ### Description The vulnerability allows audio to be captured before the microphone indicator is activated, potentially leading to unauthorized audio recording. > _"Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated,"_ Apple [noted](https://support.apple.com/en-us/121373). ### Resolution The issue has been fixed with improved checks. Apple credited Michael Jimenez and an anonymous researcher for reporting it. Recommended Actions Users are advised to update their devices to safeguard against these vulnerabilities. #### How to Update **For iPhones:** - Update to iOS 18.0.1 **For iPads:** - Update to iPadOS 18.0.1 #### Steps to Update: - 1. Open Settings: Tap on the Settings app. - 2. Navigate to Software Update: Go to General > Software Update. - 3. Download and Install: If an update is available, tap Download and Install. ### Importance of the Update These vulnerabilities could potentially allow unauthorized access to sensitive information and compromise user privacy. Updating your device ensures that these security flaws are patched. Apple's prompt response to these vulnerabilities highlights the importance of keeping your devices updated. Users are encouraged to install the latest updates immediately to maintain security and privacy.

loading..   05-Oct-2024
loading..   2 min read
loading..

DDoS

CUPS

Critical CUPS vulnerability allows 600x DDoS attack amplification via a single p...

The Common Unix Printing System (CUPS) is a widely used open-source printing system that manages print jobs and queues on Unix-like operating systems. While essential for network printing, CUPS can introduce security vulnerabilities if not properly managed. Recent disclosures have highlighted vulnerabilities within CUPS that threat actors could exploit to launch distributed denial-of-service (DDoS) amplification attacks. This comprehensive analysis delves into the intricacies of these vulnerabilities, their exploitation mechanisms, and mitigation strategies to safeguard affected systems. --- ### Understanding CUPS CUPS provides a modular printing system that enables a computer to act as a print server. It uses the Internet Printing Protocol (IPP) and supports various printing services, making it integral to many network environments. However, its widespread adoption also makes it a target for cyber threats. --- ### Overview of the Vulnerabilities Vulnerability in cups-browsed Daemon The cups-browsed daemon is responsible for browsing remote printers and adding them to the local print system. A vulnerability within this daemon allows attackers to send specially crafted packets that trick the CUPS server into treating a target device as a printer to be added. ### Exploitation via Malicious UDP Packets Attackers can exploit this vulnerability by sending a single malicious UDP packet to an exposed CUPS service. This packet initiates a series of unintended actions by the CUPS server, leading to DDoS amplification. --- ### Mechanism of DDoS Amplification #### Amplification Factor Each malicious packet sent to a vulnerable CUPS server causes it to generate larger IPP/HTTP requests to the target device. This results in a significant amplification of traffic—up to 600 times the size of the initial packet. #### Impact on Servers and Networks **Bandwidth Consumption:** The amplified traffic consumes considerable bandwidth, potentially overwhelming the target's network capacity. **Resource Exhaustion:** Both the CUPS server and the target device experience increased CPU and memory usage. **Infinite Request Loops:** In some cases, CUPS servers enter an infinite loop, continuously sending requests and exacerbating the attack's impact. --- ### Scope of the Vulnerability #### Exposed and Vulnerable Servers Security researchers estimate that a significant number of CUPS servers are exposed online, with thousands running outdated versions dating back to 2007. These outdated systems lack critical security patches, making them susceptible to exploitation. #### Potential for Botnet Recruitment Cybercriminals can exploit these vulnerabilities to build botnets for more extensive DDoS attacks or achieve remote code execution (RCE) by chaining multiple vulnerabilities. --- ### Technical Analysis of the Exploit - **1. Initial Probe:** The attacker sends a crafted UDP packet to the vulnerable CUPS server. - **2. Triggering Printer Addition:** The server misinterprets the packet, attempting to add the target as a new printer. - **3. Amplified Request Generation:** The server sends larger IPP/HTTP requests to the target device. - **4. Resource Drain:** Repeated requests lead to bandwidth and CPU resource exhaustion on both the server and the target. - **5. Infinite Loop Scenarios:** Certain errors can cause the server to repeatedly attempt connections, creating an endless loop of traffic. --- ### Mitigation Strategies #### Apply Security Patches ***Update CUPS***: Ensure that the CUPS software is updated to the latest version, incorporating all security patches that address known vulnerabilities. #### Disable Unnecessary Services ***Stop cups-browsed Daemon***: If not required, disable the cups-browsed service to eliminate the attack vector. `sudo systemctl stop cups-browsed` `sudo systemctl disable cups-browsed` #### Implement Network Access Controls ***Firewall Configuration:*** Restrict access to CUPS services using firewalls to allow only trusted networks or hosts. ***UDP Traffic Limitation:*** Limit or monitor UDP traffic to and from CUPS servers. #### Monitor and Detect Anomalous Activity ***Intrusion Detection Systems***: Deploy IDS/IPS solutions to detect and prevent exploitation attempts. ***Log Analysis***: Regularly review system logs for unusual activity related to CUPS services. ### Educate and Train Staff ***Security Awareness:*** Ensure that system administrators are aware of the latest vulnerabilities and the importance of timely patching. ***Incident Response Planning:*** Develop and maintain an incident response plan for potential security breaches.

loading..   04-Oct-2024
loading..   4 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303