Over 500 Organizations Hit By Ransomware

Identified in April of 2022, the organization known as Black Basta has hit more than 500 organizations globally, according to warnings put out by multiple United States government departments, including CISA and the FBI. The group operates under a Ransomware-as-a-Service (RaaS) business model and works with affiliates to conduct cyberattacks and deploy malware against victim organizations while taking a percentage of the ransom payment in exchange.

Ransomware Attack Costs Change Healthcare Nearly $1B

United Healthcare, the parent company of Change Healthcare, has released financial information about the recent ransomware attack that disrupted cashflow and the ability to provide care to hospitals and pharmacies across the United States. The company published their quarterly earning results in which they disclosed that repairs are likely to exceed $1 billion over time, including the $22 million ransom payment that was made.

WordPress Website Admins Urged to Delete Plugin

Admins who utilize the Malware Scanner and Web Application Firewall plugin from miniOrange on their WordPress are being told to remove the plugins after a critical security flaw was discovered. The flaw, being tracked as CVE-2024-2172, has been rated a 9.8 out of 10 for severity and affects the Malware Scanner versions up to 4.7.2 and Web Application Firewall versions up to 2.1.1.

CISA Gives Warning of Active "‘Roundcube” Email Attacks

On February 12th, the United State’s Cybersecurity and Infrastructure Security Agency (CISA) gave a warning about a medium severity security flaw that was added to their Known Exploited Vulnerabilities (KEV). The vulnerability was added after evidence was found of active exploitation and is being tracked as CVE-2023-43770 with a CVSS score of 6.1.