Welcome reader to your CybersecurityHQ report.

Headlines

UT Health East Texas, a network of hospitals and clinics, is grappling with a "potential cybersecurity incident," resulting in the inability to accept ambulances since Thanksgiving Day. Operating under emergency protocols, the hospital is investigating the issue and striving to restore its computer systems. This incident is part of a growing trend of cyberattacks on healthcare facilities in the U.S., with several hospitals across various states affected in recent months.

The frequency of such attacks is increasing, with 209 ransomware attacks reported in 2023 compared to 162 in 2022, highlighting the ongoing challenge of cybersecurity in the healthcare sector.

Broadcom, a major player in the computer chip and software industry, has announced its plan to complete a $69 billion acquisition of VMware, a leading cloud technology company. This monumental deal, one of the largest in tech history, includes Broadcom paying $61 billion in cash and stock, plus assuming $8 billion of VMware's debt. The acquisition, taking 18 months to receive global regulatory approvals, faced its final hurdle with China's endorsement, contingent on Broadcom's commitments to mitigate merger impacts.

Amid global supply chain disruptions and economic uncertainties, this move is seen as Broadcom's strategic expansion into cloud computing, leveraging VMware's technology to blend public and internal company networks. Major entities, including banks, retailers, and governments, rely on both companies' products. The deal, cleared by regulators worldwide, reflects a trend of more affordable tech acquisitions post-pandemic and is part of Broadcom CEO Hock Tan's ongoing strategy of growth through significant acquisitions​​.

A new web shell, named "HrServ.dll," has been identified in an advanced persistent threat (APT) attack targeting an unspecified Afghan government entity. A Kaspersky researcher revealed that this sophisticated web shell, a dynamic-link library (DLL), has been active since early 2021. Web shells like HrServ.dll enable remote control over compromised servers, facilitating data theft, server monitoring, and network infiltration.

The attack involves PAExec, a remote administration tool, creating a fake Microsoft update task to execute the HrServ.dll, which then initiates an HTTP server for additional malicious actions. The malware's design suggests financial motivations, but its operational approach aligns with typical APT behavior. The origin of the threat actor remains unknown, with indications that the malware author is not a native English speaker​​​​​​.

Interesting Read

Dive into SecurityWeek's latest roundup for intriguing cybersecurity stories that may have escaped your notice. The article goes through some interesting, if overlooked, items through the last week, which was a busy one. 

There was an Idaho National Laboratory data breach, where a hacktivist group accessed critical employee information, as well as a wave of recent GPS attacks on commercial flights near Iran, causing unprecedented navigation failures. Plus, Russia accuses China and North Korea for a spike in cyberattacks targeting its public and telecom sectors.

Cybersecurity & Tech Stocks

• Palo Alto Networks (PANW) just gave the latest indication that the economy is slowing. Much like its large cybersecurity peer Fortinet (FTNT), more modest growth is on the way for Palo Alto as customers look to save some cash amid ongoing global concerns, from war to higher interest rates.

• A few weeks ago, Fortinet disappointed investors with another lackluster report that indicated growth is slowing. This is particularly the case for Fortinet and its slant toward hardware-based sales (firewalls, devices that protect a physical location like an office or data center). After several years of booming sales tied to necessary network expansions during the pandemic, that part of Fortinet's business is now in a downturn.

• Palo Alto Networks is also headed for a slowdown, but CEO Nikesh Arora firmly believes this is merely "cosmetic" due to the timing of customers paying invoices.

• At any rate, the slowdown is worth noting. First-quarter fiscal 2024 (the three months ended in October 2023) revenue increased 20% year over year to $1.88 billion. This beat the outlook Arora and the top team provided three months ago. However, billings (invoices sent but not yet paid by customers) growth for full-fiscal year 2024 is expected to rise 16% to 17%. This is a downgrade from the previous expectation for fiscal 2024 billings growth of 19% to 20%.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team