Over the weekend, staff for the IT service provider Bitmarck were forced to take their core operations offline after discovering a cybersecurity intrusion. While Bitmarck was able to quickly identify the incident and take their systems offline to prevent additional harm, it still has not been determined as to when their operations will return to normal, or if any sensitive information was compromised. Because Bitmarck provides IT services for the healthcare industry, officials are taking extra precautions in their investigation to determine the overall extent of the attack.
Ransomware causes outages at Americold
One of the largest cold storage and shipping companies, Americold, was recently targeted by a suspected ransomware attack that has caused significant outages across their supply chain. Officials for Americold were forced to take potions of their network offline after identifying some unauthorized activity and are expecting the outages to persist for at least a week. During this outage, Americold customers are asked to cancel all but the most critical orders and reschedule them later.
Severe vulnerability found in Oracle’s property management service
Researchers have identified a bug in Oracle’s Opera property services software that can allow remote code execution without requiring any authentication, though Oracle states that this is unlikely. The vulnerability was first noted during a hacking event last year, in which researchers proved that they were able to successfully breach a major resort chain by exploiting the bug. While this is a significant vulnerability, it is only one of many that were found in the Opera software that have yet to be analyzed by Oracle for any remediation.
Hackers exploit 5-year-old vulnerability in CCTV cameras
Nearly 5 years after a vulnerability in TBK’s DVR camera system was first identified; researchers have been tracking a rise in attacks that are focused specifically on exploiting the vulnerability to gain administrative access to over a million cameras and related devices worldwide. It is still unclear as to why the vendor has ignored the vulnerability for so long and refused to develop a patch, while many of their clients use their hardware in extremely sensitive areas, like banks and medical facilities. The researchers who have been tracking this exploit are warning organizations to check their devices to verify if they are a vulnerable model and to make any necessary upgrades.
ChatGPT breach leaks customer payment data
Officials for OpenAI, the creators of ChatGPT, have released an announcement regarding a bug in their source code that temporarily allowed users to access personally identifiable information (PII) on other active ChatGPT users. They have also confirmed that upon discovery, the vulnerability was patched on the same day, and the company made plans to launch their own bug bounty program, in hopes of spotting additional issues before they become attack vectors for threat actors.