Welcome to Ironshare’s first Cyber Round-up of 2024, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Xerox has released a public statement detailing a recent compromise of their U.S. branch’s IT systems, in which personal information may have been exposed. XBS provides business services and technology such as printers, copiers, supply services, and consultation services.
INC Ransom claimed responsibility for this attack when XBS was added to their extortion portal on December 29th with claims that sensitive and confidential documents were accessed from the victim’s systems. Samples of data leaked by INC Ransom include email communications, payment details, invoices, filled-out request forms, and purchase orders.
Xerox has stated "The event was limited to XBS U.S. We are actively working with third-party cybersecurity experts to conduct a thorough investigation into this incident and are taking necessary steps to further secure the XBS IT environment."
Xerox has assured that all affected individuals will be notified.
By bleepingcomputer.com
Fallon Ambulance Services, a subsidiary of Transformative Healthcare, has suffered a ransomware attack that exposed the personal information of almost half a million people. The attack occurred when the ALPHV ransomware group accessed Fallon’s data storage archive which Transformative Healthcare said, “complied with legal obligations.”
ALPHV are thought to have retained access to the company’s systems from late February 2023 until late April and, during this period, 911,757 people were exposed; the stolen information included victims’ driver’s license numbers and other IDs.
“After an extensive review of the event, we identified that the activity appears to have occurred as early as February 17th, 2023, through April 22nd, 2023 and that files were obtained by an unauthorized party that may have contained personal information,” reads Transformative Healthcare‘s breach notification.
By cybernews.com
LastPass, a password management service, has announced that they will now be enforcing a length of at least 12 characters for all master passwords (the password used to access your vault).
“This policy will be implemented via a phased rollout to our customer base, with email notifications being sent to our Free, Premium and Families customers first, followed by our Teams and Business customers towards the end of January 2024" reports Mike Kosak, LastPass senior principal intelligence analyst.
Users who already have a password longer than 12 characters won't be required to change their password. LastPass will also be enforcing MFA re-enrolment for federated business customers during this period.
By darkreading.com
On Wednesday, Google released 2024’s first batch of security updates for Chrome which contains fixes for six vulnerabilities, four of which are of high-severity and were discovered by external researchers.
The bugs addressed include a heap buffer overflow flaw in ANGLE, and three use-after-free vulnerabilities in ANGLE, WebAudio, and WebGPU.
As always, we recommend users of Google Chrome update their browsers to the latest version to ensure they are protected against these flaws.
By chromereleases.googleblog.com
Telecoms provider, Orange, has suffered a cyberattack after an individual known as ‘Snow’ gained unauthorised access to their RIPE NCC account. The RIPE NCC (Network Coordination Centre) is the regional internet registry for Europe, the Middle East, and parts of Central Asia.
This attack has had an impact on Orange’s services in Spain, with many users reporting major outages and a loss of internet connectivity. Despite the impact on their Spanish userbase, Orange has confirmed that no customer data was compromised in the attack.
Strangely, it appears that the hacker did not have malicious intents, and claims their goal was to “prevent an actual bad threat actor from finding the account and compromising it.”. No ransom was demanded, and no client data was accessed; the hacker even claims that the service disruptions were accidental too.
Access to the RIPE account has since been restored, and all services are back in operation; RIPE NCC are continuing their investigations to determine if any other account holders have been compromised.
By securityweek.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #263 – 5th January 2024
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
