Skip to main content
News

Cyber News Rundown: Bitmarck takes operations offline for security incident

Cyber News Rundown: Bitmarck takes operations offline for security incident
Forum|alt.badge.img+7
  • Threat Research Analyst
  • 4 replies

Over the weekend, staff for the IT service provider Bitmarck were forced to take their core operations offline after discovering a cybersecurity intrusion. While Bitmarck was able to quickly identify the incident and take their systems offline to prevent additional harm, it still has not been determined as to when their operations will return to normal, or if any sensitive information was compromised. Because Bitmarck provides IT services for the healthcare industry, officials are taking extra precautions in their investigation to determine the overall extent of the attack.

Ransomware causes outages at Americold

One of the largest cold storage and shipping companies, Americold, was recently targeted by a suspected ransomware attack that has caused significant outages across their supply chain. Officials for Americold were forced to take potions of their network offline after identifying some unauthorized activity and are expecting the outages to persist for at least a week. During this outage, Americold customers are asked to cancel all but the most critical orders and reschedule them later.

Severe vulnerability found in Oracle’s property management service

Researchers have identified a bug in Oracle’s Opera property services software that can allow remote code execution without requiring any authentication, though Oracle states that this is unlikely. The vulnerability was first noted during a hacking event last year, in which researchers proved that they were able to successfully breach a major resort chain by exploiting the bug. While this is a significant vulnerability, it is only one of many that were found in the Opera software that have yet to be analyzed by Oracle for any remediation.

Hackers exploit 5-year-old vulnerability in CCTV cameras

Nearly 5 years after a vulnerability in TBK’s DVR camera system was first identified; researchers have been tracking a rise in attacks that are focused specifically on exploiting the vulnerability to gain administrative access to over a million cameras and related devices worldwide. It is still unclear as to why the vendor has ignored the vulnerability for so long and refused to develop a patch, while many of their clients use their hardware in extremely sensitive areas, like banks and medical facilities. The researchers who have been tracking this exploit are warning organizations to check their devices to verify if they are a vulnerable model and to make any necessary upgrades.

ChatGPT breach leaks customer payment data

Officials for OpenAI, the creators of ChatGPT, have released an announcement regarding a bug in their source code that temporarily allowed users to access personally identifiable information (PII) on other active ChatGPT users. They have also confirmed that upon discovery, the vulnerability was patched on the same day, and the company made plans to launch their own bug bounty program, in hopes of spotting additional issues before they become attack vectors for threat actors.

Did this help you find an answer to your question?

16 replies

ProTruckDriver
Moderator

Thank you Connor.


TripleHelix
Moderator
Forum|alt.badge.img+63
  • Moderator
  • 8902 replies
  • May 5, 2023

Thanks Connor for more great info!

 

 


kleinmat4103
Popular Voice
Forum|alt.badge.img+6

Thanks, Connor.

 

Still crazy to me how frequently long-ago patched vulnerabilities are still exploited on the regular. I get that CCTV cameras are probably not the first priority on the patch cycle. But it’s been 5 years.

I always wonder about these things if it’s just incompetence or if security at this scale is much easier said than done.


tasystems
New Voice
Forum|alt.badge.img+8
  • New Voice
  • 156 replies
  • May 5, 2023

The CCTV side of things always amazes me… you buy them for security and then find manufacturers or the CCTV supplies are not keeping things updated! The CHATGPT side of things I feel will become more interesting if they start to find ways in to alter settings and remove any blocks that might be currently in place….


Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Thank you Connor


Forum|alt.badge.img+1
  • New Member
  • 56 replies
  • May 5, 2023

Interesting read,cheers Connor 


russell.harris
Popular Voice
Forum|alt.badge.img+5

Thanks again @ConnorM 

Agree the cctv lack of patching is crazy. A ‘security’ device should be a priority for patching


tmcmullen
Popular Voice
Forum|alt.badge.img+6
  • Popular Voice
  • 177 replies
  • May 6, 2023

5 years later the CCTV vulnerability is still being exploited? The manufacturers of this type of technology should be held responsible for not properly securing their product with updates/patches.


Robis
New Member
Forum|alt.badge.img+1
  • New Member
  • 74 replies
  • May 6, 2023

Thanks a lot Connor


Forum|alt.badge.img

Another great info! Thanks Connor 


Fascinating,  cheers Connor 


Martin.1
Popular Voice
Forum|alt.badge.img+4
  • Popular Voice
  • 424 replies
  • May 8, 2023

@ConnorM  thank you for the article. There can me a massive debate here with this article…. just “scary” that security and Cyber Resilience should be in the forefront of every discussion you have, yet if we look at this, it is seriously neglected by so many. 


Martin.1
Popular Voice
Forum|alt.badge.img+4
  • Popular Voice
  • 424 replies
  • May 8, 2023
tasystems wrote:

The CCTV side of things always amazes me… you buy them for security and then find manufacturers or the CCTV supplies are not keeping things updated! The CHATGPT side of things I feel will become more interesting if they start to find ways in to alter settings and remove any blocks that might be currently in place….

@tasystems  I also still have a lot of “doubt” in adopting ChatGPT. My prediction here it is still going to become a nightmare for a lot of companies out there.


russell.harris
Popular Voice
Forum|alt.badge.img+5
tmcmullen wrote:

5 years later the CCTV vulnerability is still being exploited? The manufacturers of this type of technology should be held responsible for not properly securing their product with updates/patches.

Too right 👍🏻


russell.harris
Popular Voice
Forum|alt.badge.img+5
Martin.1 wrote:
tasystems wrote:

The CCTV side of things always amazes me… you buy them for security and then find manufacturers or the CCTV supplies are not keeping things updated! The CHATGPT side of things I feel will become more interesting if they start to find ways in to alter settings and remove any blocks that might be currently in place….

@tasystems  I also still have a lot of “doubt” in adopting ChatGPT. My prediction here it is still going to become a nightmare for a lot of companies out there.

Agreed. Will early adapters later on regret adopting as security and legal copyrights bite them? That’s my worry


I was waiting for something like this to happen in all truth with regards to CCTV. Its incredible how many systems there are out there that literally get 1 update in their lifetime and that’s usually at the start. Something like CCTV which is planned to be installed and then used for years “headless” needs better care over security, ironic that it’s “security” need for a “security” but at the same time you can’t bank online with an outdated phone, why shouldn’t it be the same for allowing access to your premises.


Reply