Take a look at this week's Cyber Weekly Digest for a run down of our top cyber security news picks of the week. In this release, we take a look how 1Password suffered a security incident following a breach, as well as a cyber attack on Canadian Healthcare and an important update for users of Mirth Connect. Keep reading to stay up to date on the latest cyber security news.
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Given the ease with which the vulnerability can be trivially abused, coupled with the fact that the exploitation methods are well known, its recommended to update Mirth Connect , as soon as possible to mitigate potential threats.
F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. Michael Weber and Thomas Hendrickson of Praetorian have been credited with discovering and reporting the vulnerability on October 4, 2023.
A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled. Yesterday, the service provider TransForm released a statement stating that their IT systems are experiencing an outage due to a cyberattack. As the nature of this attack and scope of the incident have not been determined, those who have received healthcare in the past, from the hospitals mentioned, are advised to treat unsolicited communications with suspicion.
1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant. Okta first learned of the breach from BeyondTrust, who shared forensics data with Okta, showing that their support organisation was compromised. However, it took Okta over two weeks to confirm the breach.
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks. The attacks have steadily evolved since early 2022, expanding their targeting to organisations providing cable telecommunications, email, and tech services, and partnering with the ALPHV/BlackCat ransomware group. Octo Tempest is financially motivated and achieves its goals through stealing cryptocurrency, data theft extortion, or encrypting systems and asking for a ransom.