Skip to main content

Resources tagged with:
Threat Bulletin

Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks

January 29, 2025 | Health-ISAC, Resources & News, Special Updates, Threat Intelligence

TLP WHITE –

Update January 30, 2025

Health-ISAC, in collaboration with AHA, has identified attempted and ongoing ransomware attacks potentially due to SimpleHelp remote monitoring and management (RMM) software vulnerabilities.  Based on the potential threat and impact on patient care, the AHA worked with Health-ISAC to ensure this bulletin is distributed widely to the health sector.  
 
It is strongly recommended that all instances of the SimpleHelp application, especially within health care organizations, be identified and appropriate patches be applied per the bulletin guidance. It is also strongly recommended that health care organizations ensure that all third-party and business associates using SimpleHelp also apply appropriate patches.

January 29, 2025

Recent reporting indicates that threat actors are exploiting patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to gain unauthorized access to private networks. These vulnerabilities tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were discovered by Horizon3 researchers in late December 2024 and disclosed to SimpleHelp on January 6, prompting the company to release patches. The flaws were publicly disclosed after the patches were released on January 13, 2025.

This campaign highlights the importance of patch management, as threat actors use exploits within a week of public disclosure. 

The vulnerabilities identified in SimpleHelp RMM could allow attackers to manipulate files and escalate privileges to administrative. A threat actor could chain these vulnerabilities in an attack to gain administrative access to the vulnerable server and then use that access to compromise the device running vulnerable SimpleHelp client software. 

TLPWHITE Cb3ee67f Simplehelp Rmm Software Leveraged In Exploitation Attempt To Breach Networks
Size : 139.4 kB Format : PDF

 

Read more

Potential Threats to Healthcare Executives Are Circulating On-Line

December 13, 2024 | Health-ISAC, In The News

 

Following the tragic shooting of the UnitedHealthcare CEO in New York City on December 4, Health-ISAC issued an alert to Members on December 9 identifying eleven precautionary actions health sector organizations should take.

Health-ISAC has received reports of multiple on-line postings threatening executives within the health sector. Forums have been identified as a source of threats targeting CEOs in the healthcare industry, particularly those leading major health insurance companies and pharmaceutical firms. Health-ISAC has issued a threat bulletin to inform the global health sector on what to be aware of and recommend mitigation steps for organizations to take immediately. Please read and share within the health sector.

TLPWHITE Da2c7f6d Potential Threats To Healthcare Executives Are Circulating On Line
Size : 3.6 MB Format : PDF

 

These threats, which range from general intimidation to specific calls for violence, have emerged in the wake of the recent killing of a UnitedHealthcare CEO. It is important to note that the perpetrator of this recent assassination has not yet been apprehended, and the investigation into the possible motives is still ongoing.

While these circulating threats have not been verified, Health-ISAC recommends heightened security awareness among healthcare executives and more stringent security measures to ensure safety. 

Calls for violence may extend to the cyber domain, leading hacktivists to carry out DDoS and other disruptive attacks on the health sector. Health-ISAC recommends that members remain vigilant about safeguarding all infrastructure and that organizations share any specifics they can about threats to executives so we can keep the community informed.

Read more
This site is registered on Toolset.com as a development site.