Posted on February 16, 2023 at 6:32 AM
CISA says hackers are actively trying to infiltrate Adobe, Apple, Microsoft, and Mozilla
Hackers have been actively trying to target some of the largest companies globally. A recent report by the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to the leading companies urging them to remain vigilant in case hackers launch targeted attacks.
Hackers attempt to hack Adobe, Apple, Microsoft, and Mozilla
The alert issued by CISA said several software companies and service providers were urging users to install updates to their systems. These updates were being installed to address the vulnerabilities in several products to ensure that hackers did not have control over the targeted device.
The agency also said that attackers were actively looking for ways to gain access to the products provided by Adobe, Apple, Microsoft, and Mozilla. A recent WindowsReport said that some of the attempts being made by hackers had already been categorized as “critical” in terms of the severity level.
Some products the agency has labeled as critical include Adobe in Design and Adobe Photoshop. CISA has also published an advisory for each of these companies urging them to take the necessary measures to ensure that threat actors cannot infiltrate their devices.
In the advisory that CISA sent to Apple, the agency said that users and administrators needed to review the security updates page for the tech company on various products. The tech giant also needed to install the needed updates as soon as possible to reduce the possibility of a breach happening.
In the case of Apple, CISA said that users and administrators needed to install updates for Safari 16.3.1, iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1. These updates were needed to ensure that users do not fall victim to hacking attacks that might be targeted toward them.
CISA has also urged users and administrators to review Adobe Security Bulletins and install the necessary updates. The bulletins that CISA referred to include After effects APSB23-02, Connect APB23-05, FrameMaker APSB23-06, Bridge APSB23-09, Photoshop APSB23-11, InDesign APSB23-12, Premiere Rush APSB23-14, Animate APSB23-15, and Substance 3D Stager APSB23-16.
In the case of Mozilla, the company has also released security updates that address the vulnerabilities in Firefox 110. CISA has encouraged users and administrators to review the security advisories made by Mozilla for Firefox 110 and Firefox ESR 102.8 to access more information about these updates as they take measures to install them and lower the possibility of a breach happening.
Microsoft has also released several updates that address several vulnerabilities within its software. According to CISA, users need to take the time to assess the February 2023 Security Update Guide and Deployment Information released by the company. Afterward, they needed to install the needed updates.
Hacking attacks against US institutions increase
There has been a notable increase in hacking attacks targeting institutions in the United States. Russian threat actor groups have been targeting Western countries in retaliation for the heavy sanctions imposed on the country following the invasion of Ukraine.
The websites of at least 14 healthcare facilities in the United States were targeted by a distributed denial-of-service (DDoS) attack on January 30. Some healthcare centers affected by the attack include Stanford Healthcare, Duke University Hospital, and Cedars-Sinai.
The DDoS campaigns were attributed to a Russian threat actor group known as KillNet. The group has already taken responsibility for the breach and claimed to have exfiltrated data from several US hospitals over the past month. An alert issued by the US Department of Health & Human Services said that the threat actor group was actively targeting the US healthcare system.
The report said that on January 28, the threat actor group released the health and personal data belonging to global healthcare organizations. The data was published on the “KillNet” list, which is where the company releases the data that has been stolen from the victims.
Healthcare organizations have been urged to take the necessary measures to ensure that they can mitigate the risks that come from DDoS attacks. The National Counterintelligence and Security Center (NCSC) has shared several cyber defense guidelines that these companies can use.
The statement released by HHS said, “Although KillNet’s ties to official Russian government organizations such as the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service are unconfirmed, the group should be considered a threat to government and critical infrastructure organizations including healthcare.”