Cybersecurity Weekly: Nursing home ransomware attack, Android apps GIF processing flaw and Kaspersky patches

Each week, Wipfli’s cybersecurity professionals review the latest breaches, vulnerabilities, patches and updates.

Breaches

• A ransomware attack affected access to patient data at more than 100 nursing homes in the U.S. On November 17, Wisconsin-based Virtual Care Provider Inc. (VCPI), which provides data hosting, security, access management for nursing homes and acute care facilities was attacked with Ryuk ransomware. The attack poses a threat to patient health at some facilities as medication orders cannot be processed. The hackers responsible for the attack are demanding $14 million in Bitcoin.
• Adobe-owned e-commerce platform Magento recently informed some users that an unauthorized third-party had gained access to their account information. The attackers exploited a vulnerability in the Magento Marketplace, which allowed them to access information such as name, email address, MageID, shipping and billing address, phone number, and some commercial information (i.e. percentages for payments to developers). The company says the breach does not impact passwords or payment card data, and claims that the Magento core services and products are also not affected.
• South Korea cryptocurrency exchange Upbit is the latest victim of cryptocurrency heists. Hackers struck at 1:06 p.m. local time on Wednesday, moving $49 million worth of Ethereum from its hot wallet to an unknown wallet. Cryptocurrency worth $158 million has been stolen via seven major cryptocurrency heists so far this year.

Vulnerabilities

• Researchers have discovered thousands of Android applications impacted by the GIF processing vulnerability that was patched recently in WhatsApp. Tracked as CVE-2019-11932, the security flaw exists in the open source library named libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package and is used by numerous Android applications when processing GIF files.
• Fortinet, a vendor of cyber-security products, took between 10 and 18 months to remove a hardcoded encryption key from three products that were exposing customer data to passive interception. The hardcoded encryption key was found inside the FortiOS for FortiGate firewalls and the FortiClient endpoint protection software (antivirus) for Mac and Windows.
• US-CERT Vulnerability Summary for the week of November 25, 2019.

Patches & Updates

• Kaspersky has patched several vulnerabilities affecting the web protection features present in its Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Security Cloud, and Small Office Security products.