HC3 Sector Alert
Medical technology company Medtronic issued an urgent recall for two models of their insulin pump remote controllers, models MMT-500 and MMT-503, due to cybersecurity/hacking concerns.
In August, 2020, a significant number of vulnerabilities in common information systems relevant to the healthcare sector have been disclosed to the public.
A newly discovered bug in Microsoft Azure's Active Directory implementation enables a single-factor brute-forcing of an Active Directory instance without authentication. Currently there is no available patch for this vulnerability.
On September 21, 2021, VMware disclosed numerous vulnerabilities affecting their vCenter Server and Cloud Foundation products, some of which could be exploited for the deployment of ransomware or other malicious activity.
On September 21, 2021, VMware disclosed numerous vulnerabilities affecting their vCenter Server and Cloud Foundation products, some of which could be exploited for the deployment of ransomware or other malicious activity.
Agenda
Executive Summary
What the Group Claims To Be
What We Know About the Group
Technical Details
Mitigations
Outlook
Malware
First Surfaced: July 2021
Suspected Predecessor(s): DarkSide, REvil RaaS
Malware Capabilities: Ransomware written in C that encrypts files using a鈥
This week, Hacking Healthcare begins by examining a new Chinese Data Security Law (DSL) that is set to go into effect on September 1st and contains provisions that may significantly impact how multinational organizations operate in China.
The FBI and CISA stated that in the 鈥渓ast several months鈥 they have observed an increase of 鈥渉ighly impactful鈥 ransomware attacks occurring during holidays or generally when people are out of the office.
Since April 2021 there have been several vulnerabilities in Pulse Secure VPN technology which are being actively compromised.
The FBI shared indicators of compromise (IOCs) associated with the Hive ransomware, which they believe 鈥渓ikely operates as an affiliate-based ransomware.