Summary:
United Healthcare provides the financial conduits that connect healthcare providers and healthcare insurance companies. Last February, the company was hard hit by ransomware, and despite reportedly paying a large sum to the perpetrators, a month later many small providers were unable to use the payment network. Providers with large IT installations were able to install new software that United Healthcare switched to, but smaller operations could not. Rural areas were especially hard hit. The expedient was to allow payment deferment, but the interrupted cash flow was hard to bear.

According to Cyberscoop, Change Healthcare processes 15 billion transactions per year, and the hack has cost United Health Group nearly a billion dollars so far.

Summary:
The CEO of United Healthcare, Andrew Witty, testified to the Senate Finance Committee about the compromise of one of the company's server and the resulting exposure of patient data to the hackers, reputed to be part of ALPHV or BlackCat. The absence of multifactor authentication on the server was the focus of some intense questioning.

Summary:
The twisted tale of United Healthcare's server compromise includes some serious accusations of lack of honor among thieves and confusion about just how much data was stolen. Was it 4 terabytes, 6 terabytes, or something much less? And who got the extortion money?

Summary:
The White House notified state governor's about concerns that Iranian and Chinese threat actors are actively trying to compromise the nation's water systems. There is concern that the Chinese government may acquire enough of a foothold to disable substantial parts of the water systems in time of "geopolitical tensions and/or military conflict". CISA offers resources for securing the IT infrastructure, particularly legacy PLCs (Programmable Logic Controllers), that control water system devices.

Summary:
Although the US sees the importance of protecting all parts of the nation's drinking water supply, the EPA is finding resistance to mandates to improve cybersecurity in local systems. It seems impossible to enforce any kind of mandate because there is no explicit Federal authority of that sort.

Summary:
Instruction at a Utah school was disrupted for a week by a handheld commercial device known as a "Flipper Zero". It seems to be an infrared and Bluetooth signal interceptor and transmitter, capable of creating mischief if not actual theft and criminal disruption. The company touts it as kind of Swiss Army knife for geeks. Although it cannot decode encrypted traffic, it seems capable of disabling audio visual machines and other common electronic devices that use simple command and control sequences over wireless communication.

Summary:
Canada has struggled with regulating the Flipper Zero devices, and this article discusses the hype surrounding the idea that it could be used for car theft.

Summary:
Everyone uses SSH for secure point-to-point communication between computers. It's the workhorse of secure remote access, specified, verified, and crypto configurable. It's also open source, a fact that is reassuring to most, but distasteful to others. Having many eyes on the source should lead to greater security, one supposes. That was borne out recently when a software engineer discovered that the binary form of the program harbored a secret backdoor access method that was hidden in a supporting library. The compromised version of ssh was not released, but it was a close call and a wake-up call to the open source community.

The unidentified party behind the hidden method spent some 2+ years establishing a trusted identity on GitHub. Somehow, his malevolent changes to a compression library were accepted. No one noticed that the changes installed a backdoor capability into the ssh daemon. The only reason it was discovered was that it caused the daemon to execute more instructions that before the library was modified.

Summary:
The head of the FBI has told the country that China is poised to create panic in the US by disrupting its critical infrastructure at a "time of its choosing." The implication of his remarks is that a great deal of important control software in the US is known to vulnerable to attacks from China, either because it has been modified remotely or because authentication credentials have been stolen. Presumably water systems are part of the problem, as noted previously.

Summary:
Although foreign governments have developed impressive cyberattack capabilities, law enforcement is taking note of a large group of young people in the US and the UK whose expertise in social engineering has led to large-scale, successful attacks on businesses. Working both cooperatively and competitively with each other, Scattered Spider members pose a growing threat, including some cases of hired violence.

Summary:
North Korea is suspected of having stolen $3.6 billion from cryptocurrency exchanges over a period of 7 seven years, and they are beginning to extract value from those heists. UN monitors say that $1.47 million was laundered through Tornado Cash in March of this year.

Summary:
Remote access Trojan software has been detected over the last several months in a new sector: commercial chipping companies. Mustang Panda is the name of the hacker organization believed to be behind the installation of lurking software in commercial shipping companies and even onboard ships.

Summary:
Using email as the infection delivery mechanism, a group of fraudsters created the largest botnet ever, and officials in several EU counties and the US and UK cooperated to bring it a grinding halt. The creators of the botnet leased it out to cybercriminals. The operation is said to have operated from 2014 to 2022.

Summary:
This has an overview of the botnet and its takedown. It includes the additional detail that the botnet used VPNs to mask its traffic, which is probably why it was able to flourish for so long.

Summary:
About 600K routers used by customers of the ISP Windstream were rendered inoperable in a 3 day period last October. Though this was initially thought to be a result of a faulty firmware upgrade, it was actually more serious. The firmware had been overwritten by an unknown party, and the result was that the router no longer performed its function, and the correct firmware could not be restored. Many Windstream customers had no other ISP to turn to and had to wait for new routers. The event was named "Pumpkin Eclipse" by the ISP. Although investigators were able to find out how the software was installed on the routers, they were not able to find the initial vulnerability that led to the mass bricking.

Summary:
Although details are unclear at the time of this writing, the company Live Nation may have suffered a massive breach of customer data. "On May 27, a newly registered account on cybercrime forum Exploit posted an advertisement where they claimed to be selling 1.3 TB of Ticketmaster data, including more than 560 million people’s information." Live Nation owns Ticketmaster, and their data is on servers run by Snowflake, a US-based cloud service provider.