Windows Vulnerability Patched, Gmail Takeover Threat, PIH Health Ransomware – Cybersecurity News [December 09, 2024]
Zero-day vulnerabilities are the most critical because no one knows about them unless they are discovered. Therefore, malicious actors have greater chances of exploiting them before corrective measures are initiated. In this week’s news section, we shall discuss some zero-day vulnerabilities and the measures software producers take to mitigate the risks.
Everyone almost uses Gmail, and they should know about the vulnerabilities cybercriminals can exploit to harm their systems. We also throw light on the latest Google updates in this section. Besides, we also look at how cybersecurity attacks can cripple healthcare service providers. Finally, we see how the government and regulatory bodies take punitive actions against cybersecurity companies that violate norms.
Critical Windows Zero-Day Vulnerability Gets Unofficial Patch
Windows users using Network Trust Level Manager (NTLM) authentication should be aware of a new Windows zero-day vulnerability that enables cyber attackers to steal their NTLM credentials. The 0patch team, a platform providing unofficial support for Windows, has reported this flaw to Microsoft. This flaw, which has no CVE ID, affects all Windows versions. The technical details of this vulnerability are not currently available. Still, attackers can obtain a user’s NTLM credentials by tricking them into viewing (not opening) a malicious file in Windows Explorer. So, it is a clickless exploit causing Windows to automatically send NTLM hashes for logged-in users that the attackers can then steal.
Microsoft has not provided any official patches to protect users. However, 0patch researchers have released free protective micropatches to protect users from this vulnerability during the interim period. Users can protect their systems by signing up for a free 0patch Central account and installing the 0patch Agent software. This solution is also available for Windows 10 users even after its end-of-support date in October 2025.
The Gmail Takeover Hack: 7 Days in Hand to Act
Have you ever found yourself locked out of your Gmail account? If yes, you could be a victim of the Gmail Takeover hack, in which an attacker compromises your Gmail account and changes passwords, phone numbers, and passkeys to prevent you from regaining access. Google spokesperson Ross Richendrefer says that victims of Gmail takeover hacks are those who do not use phishing-resistant authentication technologies to protect their Gmail accounts.
How do you protect yourself from these phishing techniques? One way is to use the age-old trick of hovering the mouse over the link, which shows its genuine destination. However, cybercriminals have become smarter when they use HTML coding to edit the mouseover label. Therefore, protect yourself by using Gmail apps for browsing, where the actual URL is displayed at the bottom of the screen. A Google spokesperson has said that Gmail blocks over 99.9% of spam phishing attempts and malware.
Malicious actors are also known to use the Gmail 2FA Bypass Attack threats, where the attacker uses the man-in-the-middle tactic to target the cookie you successfully authenticated in the last session. Using Chrome as the default browser for app-bound encryption prevents apps such as the logged-in user from accessing secrets such as session cookies.
PIH Health Hospitals Become Victims of Ransomware Attack
Imagine approaching a hospital for emergency medical care only to be turned down or directed to another hospital because of a network shutdown. That is precisely what happened when a ransomware attack targeted PIH Health hospitals in Downey, Whittier, and Downtown LA. Hospitals affiliated with PIH Health could not access patient health records, pharmacy orders, laboratory systems, or radiation access. Besides, the attack forced the hospital authorities to shut down their internet and phone lines completely, leaving millions of patients in the dark.
There has been no news of any ransom demand yet, and the hospital authorities are unsure when the network will be fully restored. While they cater to emergency cases, the hospitals request patients wait for system restoration or look out for alternative hospitals for treatment. Ransomware attacks are among the most potent cyber threats, causing large-scale system disruptions. A key solution is implementing robust ransomware protection while maintaining records on a standalone server or ensuring adequate backups at alternate geolocations.
Chrome Security Update Addresses 3 High-Severity Vulnerabilities
Google Chrome is among the most used browsers globally. The higher the number of users, the higher the chances of cybercriminals exploiting vulnerabilities to expose them to significant risks. As a corrective measure, Google has released a security update that addresses three high-severity vulnerabilities in the Chrome browser.
- On December 2, 2024, security researcher Seunghyun Lee discovered a high severity flaw in Chrome’s V8 JavaScript engine that could allow bad actors to execute arbitrary code or cause system crashes.
- On November 18, 2024, a researcher from the TIANGONG Team of Legendsec at QI-ANXIN Group reported a vulnerability in Chrome’s translation feature, which cyberattackers can exploit to cause memory corruption.
- Google has not disclosed the details of the third high-severity vulnerability to prevent cyber attackers from exploiting it. Thus, users can update their systems before these criminals take advantage.
Google advises Chrome users to update their browsers immediately to protect their computers and data. This update is critical to Google’s continuous efforts to enhance Chrome’s security. Google is gradually rolling out the latest update (v131.0.6778.139/140) for Windows and Mac and (v131.0.6778.139) for Linux to reach all users shortly.
Cybersecurity Company Involved In Cybercriminal Activities Pay the Price
The United States Department of Treasury’s Office of Foreign Assets (OFAC) has sanctioned a rogue cybersecurity company, Sichuan Silence Information Technology Company, Limited, for its role in compromising thousands of firewalls globally in April 2020. One of its employees, Guan, has also been prosecuted. The company has primarily targeted critical infrastructure companies in the US. malicious actors, including those operating in China, continue to be one of the greatest and most persistent threats to U.S. national security, as highlighted in the 2024 Annual Threat Assessment released by the Office of the Director of National Intelligence.
The cybersecurity event started in April 2020 when the errant employee discovered a zero-day exploit in a firewall product. He misused it to deploy malware to over 81,000 firewalls globally. The prime motive behind this compromise was to steal usernames and passwords. The exploit also infected the victims’ systems with the Ragnarok ransomware variant.
The Office of Foreign Assets sanctions stipulate that all properties in the US or those controlled by US persons must be reported to the governing body. They also block other assets where the company or its errant employee has over 50% holdings.