In this issue:

Acronis - an RCE vulnerability actively exploited, update now;

Dark Angels - biggest ransom ever paid in a ransomware case;

OneBlood - ransomware attack on a blood transfusion clinic;

HealthEquity - 4.3 million records breached from HealthEquity; 

Google Workspace - a flaw enabled hackers circumvent email verification;   

ServiceNow - cloud software breached with the help of two vulnerabilities; 

Delta Air Lines / CrowdStrike - An airline has launched a lawsuit against Crowdstrike after the recent update fiasco; 

Meta / Texas Attorney General - Meta to pay $1.4 billion due to privacy violation;

Vulnerability of the Week - Acronis RCE (CVE-2023-45249)

Cybersecurity company Acronis has issued a warning about a critical security flaw in its Cyber Infrastructure (ACI) product that has been exploited in the wild. The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), allows remote code execution due to the use of default passwords. 

It impacts ACI builds:

• 5.0.1-61

• 5.1.1-71

• 5.2.1-69

• 5.3.1-53

• 5.4.4-132 

The flaw has been patched in versions: 

• 5.4 update 4.2

• 5.2 update 1.3

• 5.3 update 1.3

• 5.0 update 1.4

• 5.1 update 1.2 

Acronis discovered the issue when investigating a customer's report of performance degradation, finding crypto-mining software installed.

[Ransomware]

Dark Angels

An undisclosed Fortune 50 company paid a record-breaking $75 million ransom to the Dark Angels ransomware gang, as reported by Zscaler ThreatLabz and confirmed by Chainalysis. The largest known ransom payment was previously $40 million, paid by CNA after an Evil Corp ransomware attack.

[Ransomware]

OneBlood

A ransomware attack has severely impacted OneBlood, a major U.S. blood donation center. Operating at reduced capacity, OneBlood has implemented manual processes and asked over 250 hospitals to activate critical blood shortage protocols. They are collaborating with cybersecurity experts and officials to resolve the crisis.

[Data Breach]

HealthEquity

HealthEquity reported a data breach affecting 4.3 million people. A compromised vendor’s user accounts allowed unauthorized access to a data repository, exposing names, contact information, Social Security numbers, health plan details, diagnoses, prescription information, and payment card details (excluding card numbers).

[Data Breach]

Google Workspace

A Google Workspace authentication flaw allowed hackers to bypass email verification, impersonate companies, and access third-party services using "Sign in with Google." The vulnerability, discovered by KrebsOnSecurity, was exploited in the wild and affected thousands of accounts before Google fixed it.

[DDoS]

Microsoft

Microsoft confirmed a nine-hour outage on Tuesday was caused by a DDoS attack. The outage disrupted Microsoft 365, Azure services, and other applications. An error in DDoS defense implementation worsened the impact. A preliminary post-incident review will be released within 72 hours.

[Vulnerability]

ServiceNow

Hackers are exploiting two vulnerabilities in ServiceNow’s cloud software to steal sensitive data. Despite patches released in May and June, public disclosure led to increased attacks. The Cybersecurity and Infrastructure Security Agency warns federal agencies to patch the bugs by August 19 due to their critical severity.

[Legal]

Delta Air Lines / CrowdStrike

Delta Air Lines hired attorney David Boies to seek damages from CrowdStrike and Microsoft after a July 19 software update caused an outage, leading to widespread flight cancellations. The incident cost Delta $350-$500 million and caused CrowdStrike's shares to drop 5%. 

[Legal]

Meta / Texas Attorney General

Meta has agreed to a $1.4 billion settlement with Texas over unauthorized use of biometric data. Texas Attorney General Ken Paxton noted this is the largest state-secured settlement. Previously, Meta settled for $650 million in Illinois. Meta aims to invest further in Texas despite the settlement. 

Resources

• The Hacker News Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild

• Bleeping Computer: Dark Angels ransomware receives record-breaking $75 million ransom

• The Record: Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols

• HealthCare Dive: HealthEquity data breach could affect 4.3M

• Tech Radar: Hackers bypass Google Workspace authentication to expose thousands of accounts

• Bleeping Computer: Microsoft says massive Azure outage was caused by DDoS attack  

• The Record: Critical ServiceNow vulnerabilities being targeted by hackers, cyber agency warns

• NBC: Delta hires David Boies to seek damages from CrowdStrike, Microsoft after outage

• AP: Meta agrees to $1.4B settlement with Texas in privacy lawsuit over facial recognition