SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
OnePoint Patient Care data breach impact doubles
Arizona-based hospice pharmacy OnePoint Patient Care (OPPC) revealed in late October that it had suffered a data breach impacting nearly 800,000 people. In an updated notification, the healthcare organization says the impact is bigger than initially believed, with over 1.7 million people affected. The Inc Ransom ransomware group took credit for the attack on OPPC and leaked data allegedly stolen from the company.
Meta cracks down on scam centers
Meta has shared some details on its efforts to disrupt pig butchering and other scam operations. The social media giant has been working with law enforcement and the private sector, and claims that this year alone it has taken down over two million accounts linked to scam centers in Myanmar, Laos, Cambodia, the United Arab Emirates and the Philippines.
Malware abuses Avast anti-rootkit driver to disable security software
Trellix has come across a piece of malware that drops a legitimate anti-rootkit driver from Avast and abuses the deep access it provides to terminate processes associated with security software and take control of the infected system.
Kansas City man accused of hacking and physically entering victims’ buildings
A 31-year-old Kansas City man named Nicholas Michael Kloster has been charged for allegedly conducting computer hacking and gaining physical access to his victims’ buildings. The targets include a nonprofit and a health club business. In the case of one victim, the man sent in his resume after informing the organization that he had gained access to its systems. When he targeted a gym, he used the access to reduce his monthly membership fee to $1 and erased his photograph from the gym’s systems.
Mozilla, GitLab, Splunk and Nvidia patches
Mozilla, GitLab, Splunk and Nvidia announced patches this week. Mozilla patched two high-severity issues in Firefox and several low- and moderate-severity flaws. GitLab fixed one high-severity privilege escalation and five medium-severity bugs. Splunk addressed vulnerabilities in third-party packages, and Nvidia fixed a DoS vulnerability in Base Command Manager and Bright Cluster Manager for Linux.
Snowflake hacker may be a US soldier
An investigation conducted by Brian Krebs found that one of the individuals involved in the recent Snowflake account hacking may be a US soldier who is or at one point was deployed in South Korea. The suspect uses the online moniker Kiberphant0m and while his true identity has not been revealed, if Krebs’ research is accurate it should not be too difficult for authorities to track him down. Two other alleged Snowflake hackers were arrested recently.
Cloudflare loses customer logs
Cloudflare has informed customers that on November 14 it experienced an incident that impacted most Cloudflare Logs users. The logs services were impacted for approximately 3.5 hours and roughly 55% of logs were not sent to customers and were lost. The company has shared information on the failure and its root cause.
Windows Server 2012 Mark of the Web bypass
0patch researchers discovered a new vulnerability in Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass the Mark of the Web (MotW) security check. The issue has been reported to Microsoft, but it currently does not have a CVE identifier or a patch. 0patch has released an unofficial patch for the vulnerability, which is available for free until Microsoft releases a fix. Details are not being disclosed to prevent malicious exploitation.
Keesal, Young & Logan and Walsworth Publishing disclose significant data breaches
The law firm Keesal, Young & Logan has informed the Maine Attorney General this week that it recently detected a data breach, and an investigation showed that more than 316,000 people are impacted. Threat actors had access to the company’s systems between June 7 and June 13 and they may have obtained names, Social Security numbers, driver’s license numbers, financial account information and other data.
Commercial printing firm Walsworth Publishing Company informed the Maine AG of a data breach affecting over 107,000 individuals. The company discovered in February that its website and purchasing page had been compromised. Walsworth said it found no evidence of personal data exposure, but its investigation determined that information such as name and payment card details may have been affected.
Related: In Other News: TSA Wants New Cyber Rules, Scam Call Detection in Android, SIM Swappers Arrested
