What’s in the paper for last week’s top cybersecurity news? From new healthcare threats to the growing concern over TikTok, here are the most notable security incidents of the week:
Ransomware gang leaks breast cancer images
The Russia-linked ALPHV ransomware group, also known as BlackCat, has posted sensitive clinical photos of breast cancer patients—calling them “nude photos”—to extort money from the Lehigh Valley Health Network (LVHN).
This has triggered a chorus of accusations from the cybersecurity community, with some labeling the group as “barbarians” and others saying the group is “exploiting and sexualising breast cancer”.
LVHN had previously said it fell victim to a BlackCat ransomware attack on February 20. The Network initially detected an intrusion within its IT systems on February 6 and said that initial analysis showed the attack was on a network supporting one physician practice located in Lackawanna County.
The ransom amount has never been made public, but we know that the Network decided not to pay ALPHV anyway. Lehigh’s website has remained offline since the attack.
The U.S. government plans to ban TikTok
The US government says TikTok should be sold or else face a possible ban in the country. The video-sharing app, owned by Chinese company ByteDance, is accused of posing a national security risk through data gathered from millions of users.
A request for a change in ownership, first reported in the Wall Street Journal (WSJ), was confirmed to BBC News by TikTok.
The company said a forced sale would not change its data flows or access. The White House has not yet responded to a BBC News request for comment.
For years American officials have raised concerns that data from the popular app could fall into the hands of the Chinese government. According to the WSJ, US President Joe Biden’s administration wants ByteDance to divest itself of TikTok to create a clear break from China.
Telegram and Whatsapp copycat apps spreading malware
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware.
“All of them are after victims’ cryptocurrency funds, with several targeting cryptocurrency wallets,” ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis.
While the first instance of clipper malware on the Google Play Store dates back to 2019, the development marks the first time Android-based clipper malware has been built into instant messaging apps.
“Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware.”
Google reveals 18 critical vulnerabilities
Google is calling attention to a set of severe security flaws in Samsung’s Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction.
The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 chipset.
Four of the 18 flaws make it possible for a threat actor to achieve internet-to-Samsung, Vivo, and Google, as well as wearables using the Exynos W920 chipset and vehicleses in late 2022 and early 2023, said.
“[The] four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number,” Tim Willis, head of Google Project Zero, said.