Cyberattack Prompts University of Michigan to Disconnect from Internet
The University of Michigan has cut off internet ties and access to certain systems following a cyberattack that started on Sunday. The university’s chief information officer, Ravi Pendse, stated that the decision was made deliberately to address a significant security concern. Although the move has caused disruptions, patient care and classes continue unaffected, and federal law enforcement is involved. Online services may take several days to restore, and the university is communicating through social media.
While the university did not confirm if it was a ransomware attack, President Santa J. Ono expressed apologies and acknowledged ongoing efforts to resolve the situation. This incident is especially problematic as the school year starts, and investigations are underway to determine more details.
Source – The Record
Chatbot ‘Prompt Injection’ Attacks Highlighted by UK Cybersecurity Agency
The UK’s National Cyber Security Centre (NCSC) has cautioned about the potential manipulation of chatbots by hackers through “prompt injection” attacks. These attacks involve users inputting prompts that manipulate the behavior of language models behind chatbots. Chatbots use artificial intelligence to provide answers to user queries, and malicious prompts can cause unintended actions. The NCSC warned that as chatbots are used to transfer data to third-party services, the risks from prompt injection attacks will increase. Such attacks could lead to offensive content generation, revealing confidential information, and more. The NCSC advocates designing systems with security in mind to mitigate these risks.
Source – The Guardian
Massive Data Breach Impacts M&T Bank Customer Information
M&T Bank customers’ data may have been compromised in a significant cyber-attack that also affected numerous other companies. The breach targeted MOVEit, a file transfer software used by various organizations, including M&T Bank. The attack, attributed to the cybercrime group CL0P, exploited a flaw in MOVEit, impacting entities like the BBC, Shell, and government agencies. M&T Bank revealed that customer information held by third-party service providers was compromised, including names, addresses, and account numbers, but sensitive data like social security numbers and card numbers remained unaffected. The bank swiftly installed security patches and offered impacted customers free credit monitoring.
Source – NBC Connecticut
Ransomware Deployed Through Cyberattacks Targeting Unpatched Citrix NetScaler Systems
Sophos X-Ops is monitoring threat actors targeting exposed and unpatched Citrix NetScaler systems. Recent attacks share similarities with those using CVE-2023–3519 to deliver malware. Citrix had a Zero-Day vulnerability in their NetScaler ADC allowing remote code execution, leading to around 2,000 compromised NetScaler systems globally. Attackers exploited the vulnerability as a code-injection tool for domain-wide assaults. Their tactics included payload injection, use of BlueVPS ASN 62005 for malware staging, and obfuscated PowerShell scripts. Sophos advises immediate Citrix NetScaler infrastructure checks for compromise signs and patching, emphasizing both actions are crucial for protection. Defenders are urged to review pre-July data for prior appearance of IoCs in NetScaler attacks. A GitHub list of IoCs for this case will be released.
Source – Cyber Security News
Hacking Forum Publishes Data Scraped from Over 2.6 Million Duolingo User Records
Following a cyber-attack initiated by the Black Basta ransomware group in March, outsourcing firm Capita is bracing for a financial impact of up to £25 million, leading to a pre-tax loss of nearly £68 million for the first half of the year. The attack targeted its Microsoft Office 365 software, compromising the personal data of employees and clients. Capita confirmed that a small portion of its server estate, about 0.1%, was exfiltrated but has since been recovered, with impacted parties notified. The financial estimate now includes complexities of analyzing the exfiltrated data and investing in cybersecurity enhancements, although potential fines have not been estimated yet.
Source – CPO Magazine
Personal Information of 1.2 Million Customers Exposed in PurFood Data Breach
PurFoods, a US meal delivery service catering to individuals and over 500 health plans, encountered a data breach exposing over 1.2 million customers’ data. The breach occurred on January 16 but was only discovered on July 10, resulting from a hacker infiltrating the system. Encrypted files prompted the discovery. Stolen data involves names, personal identifiers, Social Security numbers, health insurance member IDs, and financial details like credit/debit card numbers. There’s suspicion of potential access to medical information. While no evidence of misuse or further disclosure has been seen, affected customers have been informed. PurFoods offers one-year credit monitoring to those affected and is enhancing security measures to prevent future incidents.
Source – Cyber Security Hub