September 23, 2019 By David Bisson 3 min read

Last week in security news, researchers revealed that millions of medical images and other personal health data were publicly viewable on the web. Security analysts disclosed their research on a threat actor’s efforts to update its attack infrastructure, exploits and cryptomining payloads, and others revealed how a threat group had targeted IT providers in Saudi Arabia in probable supply chain attacks. Finally, researchers found a rootkit capability in a Linux malware family and spotted a new family of ransomware targeting businesses via exposed Remote Desktop Services (RDS).

Top Story of the Week: 5 Million Exposed Medical Images

ProPublica found images of MRI, CT and X-Ray scans for at least 5 million U.S. patients — and even more worldwide — stored on unsecured servers. Many of these servers lacked even basic password protections at the time of discovery, making it easy for anyone to view the more than 16 million images over the public web.

In its investigation, ProPublica found no evidence that anyone had copied the images and/or published them elsewhere. Still, investigators found it was hard to assign blame for the server exposures.

Source: iStock

Also in Security News

  • TFlower Ransomware Targets Businesses via Exposed RDS: First discovered in August 2019, TFlower ramped up its activity in September 2019 when attackers began abusing exposed RDS to hack into network-connected machines. This initial intrusion enabled bad actors to infect the local machine, reported Bleeping Computer, or spread the ransomware to other IT assets by moving throughout the network.
  • Emotet Springs Back to Life: Security researcher Raashid Bhat spotted a malspam campaign targeting Polish- and German-speaking users with Emotet. This marked the first time that anyone in the security community had spotted a new attack campaign involving the malware family in close to four months.
  • Panda Continues to Update Infrastructure, Exploits on the Fly: Since July 2018, Cisco Talos has been tracking a threat actor named Panda that uses remote access tools (RATs) and cryptomining malware to generate Monero cryptocurrency. Researchers have observed the actor update its activities upon numerous occasions; most recently, it began exploiting a new WebLogic flaw and changed its command-and-control (C&C) infrastructure.
  • Malware Dropper Masquerading as a Virtual Currency Wallet: Avast spotted a malware dropper, dubbed WiryJMPer, masquerading as a wallet called ABBC Coin. Using this disguise, the malware displayed the ABBC Coin wallet’s window while it downloaded threats such as the Netwire RAT in the background.
  • Linux Malware Uses Rootkit Functions to Evade Detection: Trend Micro disclosed that it observed a new family of Linux malware called Skidmap. This threat used LKM rootkits to overwrite or modify parts of kernel, thereby making it easier for the threat to evade detection and remain persistent.
  • Astaroth Trojan Found Leveraging YouTube and Facebook Profiles: In a phishing campaign spotted by Cofense, emails used one of three lures — an invoice, a show ticket or a civil lawsuit notice theme — to trick users into opening an .htm file that, in turn, downloaded a sample of the Astaroth Trojan. This malware used YouTube and Facebook profiles to host and maintain configuration data for its command-and-control (C&C) infrastructure.
  • Attack Group Targeting IT Providers in Saudi Arabia: Symantec discovered a previously undocumented attack group dubbed Tortoiseshell using custom and off-the-shelf malware to target IT providers in Saudi Arabia. At the time of publication, the security firm had identified 11 organizations that the group had targeted; at two of those organizations, bad actors had managed to obtain admin-level access.
  • New Remote-Access Trojan Conceals Itself to Steal Personal Data: Researchers at Zscaler detected a new remote-access Trojan (RAT) named InnfiRAT checking for sandbox environments and concealing itself as an easily overlooked system process to hide on an infected machine. This technique gave the malware the perfect cover to steal victims’ credentials, especially those pertaining to their cryptocurrency wallets.

Security Tip of the Week: Boost Your Organization’s Malware Defenses

The stories discussed above highlight the need for organizations to defend themselves against increasingly sophisticated strains of malware. They can do so by creating security awareness training programs that teach digital security hygiene to all employees. Companies should also develop a comprehensive vulnerability management plan through which they can identify, prioritize and remediate known vulnerabilities affecting key business assets.

Learn more about vulnerability management on the SecurityIntelligence podcast

More from

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today