Adrian Johnson
TLDR:
Key Points:
- Kaiser Permanente reported a security breach affecting 13.4 million individuals, involving data sharing with third-party companies.
- PlugX malware is found in over 170 countries, with researchers speculating on its use for espionage.
In a recent episode of the CyberWire Intel Briefing, several key cybersecurity incidents were highlighted. Kaiser Permanente, a major U.S. healthcare provider, reported a security breach affecting 13.4 million individuals, involving the sharing of patient data with third-party companies. This incident follows a previous breach at Kaiser in 2022. Additionally, researchers at cybersecurity firm Sekoia discovered the China-linked PlugX malware in over 170 countries, with speculation on its use for espionage.
The episode also discussed hackers exploiting an old Microsoft Office vulnerability to launch Cobalt Strike Beacon attacks in Ukraine, as well as threat actors exploiting a critical vulnerability in the WordPress Automatic plugin. The segment also touched on the increasing use of developing nations as testing grounds for new malware strains before targeting wealthier countries. Furthermore, German authorities questioned Microsoft over Russian hacks, and CISA celebrated the success of their Ransomware Vulnerability Warning Program.
Lastly, a survey by Bitwarden revealed concerning trends in password management, with a significant number of individuals globally relying on memory or pen and paper to manage passwords. However, the survey also noted a positive shift towards better security habits, such as the adoption of password managers and two-factor authentication.
