In August 2023, the Singing River Health System, a healthcare provider operating multiple hospitals and medical facilities across the Gulf Coast, was the victim of a ransomware attack. The Rhysida ransomware group, notorious for targeting healthcare providers, claimed responsibility for the attack. In a similar incident, WebTPA, a third-party administrator for health plans and insurance companies, disclosed a data breach by the same ransomware group. Affected individuals were notified on May 8, 2024, and offered two years of credit monitoring, identity theft protection, and fraud consultation services through Kroll. These incidents highlight the escalating threat of ransomware in the healthcare sector and the urgent need for enhanced cybersecurity measures.

CVE-2024-34359 (CVSSv3: 9.7) is a critical vulnerability in the Jinja2 template engine within the llama_cpp_python package, used in AI applications. The inadequate security measures in Jinja2 allow attackers to inject malicious templates that can execute arbitrary code on the host system. The vulnerability was discovered by retr0reg, who also provided a proof-of-concept exploit.

On May 9, Ascension, a leading private healthcare provider managing 140 hospitals across the United States, confirmed experiencing a significant ransomware attack initiated by the Black Basta group. This cybersecurity breach was first detected the day before, May 8, because of unusual activity on the organization's network systems. The attack severely disrupted operations, leading to delays and postponements of patient appointments and other healthcare services.

Microsoft released their security updates for May of 2024 which include fixes for two zero-day vulnerabilities: CVE-2024-30040 (CVSSv3: 8.8) and CVE-2024-30051 (CVSSv3:7.8). CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege Vulnerability) allows for a local attacker to exploit this vulnerability to gain system-level privileges. CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability) allows a remote attacker to bypass OLE mitigations in M365 and Microsoft Office that protect users from vulnerable COM/OLE controls. It requires an attacker to convince a user to load a malicious file into a vulnerable system and manipulate it. This can allow an unauthenticated attacker to achieve remote arbitrary code execution from the context of the user. Both of these vulnerabilities are known to be exploited and have each been added to CISA’s Known Exploited Vulnerabilities Catalog, giving them a heightened patch priority and associated risk.

This is a vulnerability that exists in HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.1 classified as CVE-2024-49606 (CVSSv3: 9.8). Cisco Talos security researchers describe this vulnerability as a use-after-free which exists in the HTTP Connection Headers of vulnerable versions of tiny proxy. Utilizing a specially crafted HTTP header can trigger reuse of previously freed memory which leads to memory corruption and can potentially lead to remote code execution. This method does not require authentication. This vulnerability is considered a zero day, but a fix has been made available through GitHub.

There are several vulnerabilities fixed in a recent HPE Aruba Networking security advisory which details multiple critical remote code execution (RCE) vulnerabilities. There are 4 critical vulnerabilities total: CVE-2024-26305 (CVSSv3: 9.8) – Buffer overflow vulnerability by the Utility daemon leading to unauthenticated RCE utilizing specifically crafted packets sent to the PAPI (Aruba’s access point management protocol) over port 8211. Exploitation allows for the ability to execute arbitrary code as a privileged user on the operating system. CVE-2204-26304 (CVSSv3: 9.8) - Buffer overflow vulnerability in the L2/L3 Managment service leading to unauthenticated RCE utilizing specifically crafted packets sent to the PAPI over port 8211. CVE-2024-33511 (CVSSv3: 9.8) - Buffer overflow vulnerability in the Automatic Reporting service leading to unauthenticated RCE utilizing specifically crafted packets sent to the PAPI over port 8211. CVE-2024-33512 (CVSSv3: 9.8) - Buffer overflow vulnerability in the Local User Authentication Database service leading to unauthenticated RCE utilizing specifically crafted packets sent to the PAPI over port 8211.

MedStar, a leading healthcare service provider operating across Maryland, Virginia, and Washington DC, has recently fallen victim to a significant data breach. This incident, which came to light following an investigation concluded in March 2024, involved unauthorized access to the personal information of approximately 183,000 patients. Detected activities occurred intermittently between January and October of 2023, compromising sensitive data including health insurance information and individual healthcare details, which can fetch high prices on dark web markets. MedStar has responded by notifying affected patients and reinforcing their security measures.

A vulnerability in Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software, categorized as CVE-2024-20353 (CVSSv3: 8.6), results in a denial-of-service condition when exploited, allowing an unauthenticated, remote attacker to cause the device to reload unexpectedly. According to Cisco, this vulnerability is due to incomplete error checking when parsing an HTTP header. It is exploited by sending a specifically crafted HTTP request to a targeted web server. CISA has added this to their Known Exploited Vulnerabilities Catalog, adding to the urgency to remediate.

In a troubling revelation, Kaiser Permanente, one of the largest healthcare providers in the United States, confirmed a significant data breach that affected approximately 13.4 million current and former members. This incident, detected in April 2024, involved the unauthorized sharing of personal data with third-party advertisers, including major tech entities such as Google, Microsoft, and X (formerly Twitter), through tracking technologies embedded in Kaiser's websites and mobile apps. This breach is now listed as the largest health-related data breach of the year, according to the Department of Health and Human Services, and has raised serious privacy concerns among consumers and regulators alike.