Improperly Configured Cloud Services in Over Half of Businesses
The healthcare sector has made great waves recently in embracing cloud based technology. Most healthcare groups now implementing secure cloud storage services to host web applications or store data which contains electronic protected health information (ePHI) pertaining to subscribers. However, as the proliferation of secure cloud storage systems continues at pace, it does not mean data breaches will not be experienced, and neither...
Almost 500K Records Exposed in September Healthcare Data Breaches
The Breach Barometer report from for September has been released and shows there was a significant increase in healthcare data breaches during that month. The report collates healthcare data violations reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) and security breaches recorded by databreaches.net. The latter of which have yet to appear on the OCR ‘Wall of Shame.’ Overall,...
Advisory Issues by Department of Education Regarding Hacking and Extortion Threats
TheDarkOverlord hacking group has, in recent time, been targeting K12 schools; obtaining access to networks, stealing data and trying to extort money. As a reaction to the hacking and extortion threats, the U.S. Department of Education has released an advisory to K12 schools and has issued guidance to help educational institutions mitigate danger and safeguard their networks from attack. The attacks on educational institute...
HIPAA Compliance and Skype: What You Need to Know
Skype and other text messaging platforms are a useful way of broadcasting information, but there are some questions to be answered in relation to HIPAA compliance of the service. There has recently been a lot of discussions and debate regarding this. There are security measure implemented by Skype to prevent unauthorized access of information transmitted via the platform and messages are encrypted. However it might still be unclear if...
U.S. Organizations Targeted by FormBook Malware Campaign
Specific industry sectors in the United States and South Korea have been the main targets in the Formbook malware attacks. However there has been some worry that the malware will be used in more widespread cyberattacks around the world. So far, the Aerospace industry, defense contractors, and the manufacturing sector have been widely targeted; however, attacks have not been limited to these sectors. The financial services, energy and...
PHI Exposure May Have Happened Following Theft of Unencrypted Laptop
Exposure of patients’ protected health information may have occurred after an unencrypted laptop computer was stolen from a car belonging to an employee of Bassett Family Practice in Virginia. The theft of the laptop is thought to have occurred during the weekend of 12/13 August. Patients were warned of the exposure of their private date on October 13, 2017. The delay in issuing notifications was justified as the time needed to...
Flash Player Flaw Used to Deliver FinSpy Malware Exploited by Adobe Patches
Adobe has issued a new update for Flash Player to tackle an actively exploited flaw (CVE-2017-11292) that is being used by the hacking group Black Oasis to send out FinSpy malware. Finspy is not malware as you would expect, it is a legitimate software program developed by the German software company Gamma International. However, its capabilities include a variety of malware-like functions. As the name implies, FinSpy is surveillance...
Zero Day Vulnerabilities Exploited by Microsoft Patches
This Patch Tuesday has seen Microsoft release several updates for serious vulnerabilities, some of which are being constantly exploited in the open. Microsoft is pleading with companies to apply the patches now to keep their systems safe. Some of the vulnerabilities are simple to exploit, requiring little experience or knowledge Overall, 62 vulnerabilities have been patched, including 33 that can lead to remote code execution. Out of...
Public Whois Registry Likely to be Affected by GDPR
The EU GDPR Law will have a significant impact on the businesses that process and manage EU citizens’ data. WHOIS is a member of Domain Name sector that is likely to be affected by the new data protection legislation. The introduction of these new laws will be a delicate process for companies as they work to comply with the guidelines from the European Union and the ICANN. WHOIS supplies a database where internet users to find domain...
Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS
The Department of Health and Human Services, at the start of 2014, completed a proposal for introducing a new rule to bring in an official certification of compliance for health plans. The proposed rule would have obligated all controlling health plans (CHPs) to complete a variety of documentation to HHS to confirm compliance with electronic transaction standards established by the HHS under HIPAA Rules. The main objective pf proposed...
GDPR to be incorporated in new UK Data Protection Bill
The British Government has completeded the Data Protection Bill that aims to align the country’s data protection regime with the soon to be introduced European Union General Data Protection Regulation (GDPR). This will allow UK citizens to have more control over their private personal information and impose harsher penalties on the companies that breach the laws. The Bill is part of the multi-billion National Cyber Security Strategy....
DDoS Attacks Follow Increase in Flusihoc Botnet Activity Increases
DDoS attacks are being implemented using the Flusihoc Botnet, some as recording speeds as quick as 45 Gbps according to investigators at Arbor networks. The Flusihoc botnet has been in action for a minimum two years, although activity has grown over the last few months, with more than 900 attacks initiated using the Flusihoc botnet over the past four months. The botnet has in excess of 48 active command and control servers, although...
Matrix Ransomware Campaign Detected by Security Researcher
A new Matrix ransomware malvertising campaign has been detected by security researcher Jérôme Segura. The campaign employs malicious adverts to send users to a site hosting the Rig exploit kit. Flash and IE weaknesses are exploited to install the malicious file-encrypting payload. The Matrix ransomware is not a threat that hasn’t been seen before, having first been experienced in late 2016. The ransomware variant was used in...
Redlock Report: Cloud Storage Services are Misconfigured in over Half of Businesses
According to a recent study by cloud threat defense firm RedLock, more than half of businesses have made mistakes that have exposed sensitive data in the cloud. The report reveals that as muc as 53% of organizations are not following established security best practices, such as using multi-factor authentication for all privileged account holders. Worse again, many businesses are notmonitor their cloud environments constantly which...
PHI of 10,500 Patients Found Exposed in Basement Owned by Psychiatrist
The medical details of over 10,000 patients of an Illinois-based psychiatrist – Dr. Riaz Baber, M.D. – have been found in the accessible basement of an Aurora property by the woman who was renting the accommodation from the psychiatrist. It is believed that the files had been left in the basement for a minimum of four years. Barbara Jarvis-Neavins, the family renting the accommodation, is believed to have been given a key to the...
Hackers Able to Gain Access Using New Rowhammer Exploit
The Rowhammer exploit was first identified three years ago and was seen enabling hackers to access devices by using DRAM memory cells. Rowhammer attacks uses the close proximity of memory cells, making them leak their charge and change the make up of neighboring memory cells. The cyber attack involves sending constant read-write operations using carefully crafted memory access patterns to constantly activate the same memory rows,...
Yahoo Data Breach Saw 3 Billion Accounts Breached in 2013
After it was first discovered the 2013 Yahoo data violation was quickly found to have affected many of the company’s customers and in December 2016 it was announced that 1 billion accounts had been compromised. In September 2016, prior to that announcement, a separate breach was discovered that affected approximately half a billion email accounts. Now Verizon, which completed the purchase of Yahoo in Summer 2017, has found the 2013...
51,000 Plan Members Affect by Network Health Phishing Attack
Network Health, a Wisconsin-based insurer, has contact 51,232 of its plan members to advise them that some of their protected health information (PHI) hmay have been obtained by unauthorized persons. Last August, a number of Network Health staff members received sophisticated phishing emails. Two of those members of staff replied to the scam correspondence and handed over their login credentials to the cyber attackers, who used those...
U.S. Organizations Targeted by FormBook Malware Attacks
The majority of Formbook malware cyber attacks have focused on specific industry sectors in the United States and South Korea, but there is some worry that the malware will be employed in more attacks worldwide. So far, the Aerospace industry, defense contractors and the manufacturing sector have been mainly targeted; however, attacks have not been restrcited to these sectors. The financial services, energy and utility companies,...
Multi-Function Printers Flaw Risks Password Security
Ruhr University Researchers have uncovered significant security flaws in multi-function printers which may be exploited remotely by hackers to shut down the printers, or more worryingly, modify documents or steal user passwords. Hackers might aslo exploit the flaws in order to physically damage printers. The security flaws have already been found in HP, Lexmark and Dell multi-function printers. Twenty such printers are now recognised...
Should Identity Theft Protection Services Be Offered to Data Breach Victims Under HIPAA?
The HIPAA Breach Notification Rule stated that covered bodies must advise people once their ePHI has been compromised. It is less clear if it is a requirement that credit monitoring and identity theft protection services should be be offered to those affected. HIPAA does not stata outright whether credit monitoring and identity theft protection services should be given to people affected by a data violation. The decision whether or...
GDPR Leads Lloyds to Alter Marketing Campaigns
Lloyds Banking Group has taken steps to introduce new marketing campaigns due to the coming introduction of the European Union’s GDPR legislation, a new set of guidelines on data privacy and security. Lloyds is moving from product-focused campaigns to the content-focused strategies in line with the GDPR legislation. Lloyds is one of the groups that has spent a considerable amount of money preparing for the new regulations....
OCR Issue Clarification on HIPAA Disclosure Rules
The Department of Health and Human Services’ Office for Civil Rights OCR, has, following the recent attacks in Las Vegas, moved to issue a clarification on HIPAA Rules regarding disclosures to family, friends and other people. In the aftermath of Hurricane Irma and Hurricane Maria, OCR issued a partial waiver of certain provisions of the HIPAA Privacy Rule in the regions where both hurricanes occurred. Such a waiver is often, but not...
Patch Issued for Actively Exploited Drupal Vulnerability
A patch for a vulnerability in Drupal (CVE-2017-6922) that has been activiley exploited for some months was released in June 2017. The flaw affects Drupal v 7.56 and 8.3.4. Drupal was aware of the flaw, an access bypass vulnerability, since October 2017. It is possible for the flaw to be exploited on misconfigured websites, permitting unidentified users to upload files which are then stored in a public file system. This means that...
Cybercriminals with Nation-State Support Responsible for Yahoo Attack
InfoArmor has claimed that data from the Yahoo breach of over one billion user accounts has already been purchased on the black market by multiple third parties on numerous occasions. Although Yahoo argues that a nation-state sponsored group was responsible for the hack, research carried out by InfoArmor’s indicates otherwise and a number security experts concur. Rather a nation-state sponsored group of hackers, InfoArmor suggest that...
Global Reports of WannaCry Ransomware Attacks
There has been a huge increase in WannaCry ransomware attacks around the globe, including a new campaign being launched on Friday the 13th of May 2017. Unlike previous WannaCry ransomware attacks, the present campaign takes advantage of a vulnerability that is found in Server Message Block 1.0 (SMBv1). Zero day exploits are often employed by cybercriminals, however this example would appear to have been originally developed by the...
US-Certs: SSL Inspection Tools Might Make Cybersecurity Weaker
A recent warning issued by US-CERT has advised that SSL inspection tools may actually do the opposite of what they are intended for; i.e. they might serve to weaken the cyber defenses of healthcare organizations’ rather than strengthen them – by making their computer systems more at risk of man-in-the-middle attacks. It should be noted that what US-CERT has alleged does not necessarily mean that the SSL inspection tools...
Rapid Account Verification Being Offered by New Twitter Credit Card Phishing Scam
Proofpoint, the cybersecurity firm, has confirmed that is has discovered a new Twitter credit card phishing scam. Users of the social media platform Twitter are being offered verified account status via native Twitter ads; the catch being that signing up requires the provision of credit card details, which are then communicated to the attackers. Obtaining verified account status is normally a complicated and lengthy process. Public...
Windows Dialog Box Mimicked By Newly Discovered Trojan Downloader
Dr. Web, a Russian antivirus firm has recently discovered a new Trojan downloader. The malware uses a popup Windows ‘Save As’ dialog box to install malicious payloads, which have thus far all been adware. The malware, dubbed “Trojan.Ticno.1537”, installs variety of adware together with a malicious extension for Google Chrome. According to Dr. Web, the Ticno Trojan is downloaded via a separate malware and is then packaged in a single...
Wi-Fi Routers Infected by Switcher Trojan through Android Mobiles
Kaspersky Lab has identified a highly dangerous new Trojan which has been used to attack Wi-Fi routers through Android devices. The new form of malware, which has been dubbed the Switcher Trojan, is presently being employed to attack routers based in China. Nonetheless, Kaspersky Lab researchers have warned that the new malware could indicate a new and dangerous trend that could well become a world-wide concern. Ordinarily, attackers...
Erie County Medical Center Patients Put at Risk by Apparent Ransomware Attack
Ashland Women’s Health confirmed in April 2017 that it had been the victim of a significant ransomware attack.19,272 Ashland patients were affected. This followed confirmation the previous week that ABCD pediatrics ransomware attack had put 55,447 patients at risk. On Sunday 9th April, a third healthcare provider became aware that it had received a ‘virus’ via email which had made its way onto the organisation’s network. In New...
SMB File Sharing Protocol Flaw Made Public Before Release of Patch
Details of a SMB file sharing protocol flaw in Windows have been made public some 12 days prior to the release of a patch by Microsoft. Laurent Gaffié, the researcher who published details of the flaw, has claimed that Microsoft had been aware of the issue for around 3 months beforehand yet failed to act to patch the vulnerability. An attacker who exploits the SMB file sharing protocol flaw would be able to crash Windows 10 and 8.1...
San Francisco Transport System Ransomware Attack Reported
A ransomware attack on the San Francisco Transport System in November 2016 resulted in the encryption of computers used by the city’s light rail system. The criminals responsible for the attack demanded ransom of 100 Bitcoin (approxiately $70,000) for the key to unlock the encryption. The San Francisco Municipal Transportation Agency (SFMTA) stated that although the attack put its computer systems out of action, transport remained...
Investigation into Ransomware Infection Affecting 19,000 People
One of Highmark Blue Cross Blue Shield’s (Delaware) subcontractors has fallen victim to a ransomware infection and cyberattack that may have put private information relating to almost ninetenn thousand beneficiaries of employer-paid health plans at risk. The attack happened on the 5th of August 2016 at Highmark BCBS subcontractor Summit Reinsurance Services, however affected individuals were only notified of the incident in...
Diagnostics Website Flaw at ‘True Health’ Reveals Private Patient Information
Patients of the True Health Group have had their health reports exposed online due to a law in the True Health Diagnostics website. Moreover, the reports appear to have been viewable by other patients for months if not years. Based in Frisco, Texas, True Health Diagnostics is a company that offers a broad range of testing services for genetic and other diseases. It operates an online portal that patients can access in order to consult...
Sentara Healthcare: Investigation into Data Breach
Sentara Healthcare is currently carrying out an investigation into a data breach affecting one of its 3rd-party vendors which allowed a number of patients’ protected health information to be accessed by an unauthorized person. Sentara Healthcare was alerted to a possible ePHI breach by police officers on the 17th of November 2016. An internal investigation was promptly begun in order to identify the origin of the breach. Investigators...
Yahoo Breach Investigated By U.S. Securities and Exchange Commission
It has been confirmed that the U.S. Securities and Exchange Commission (SEC) are to investigate Yahoo concerning two enormous data breaches that were made public in late 2016. The controls put in place by Yahoo to prevent data breaches will not fall under the SEC investigation, but rather if the web services provider took too long to inform its investors of the breaches. Yahoo publicly acknowledged in September 2016 that it had been...
Samba possibly vulnerable to ‘WannaCry’-type attacks
It has been revealed that Samba might possibly be vulnerable to network worm attacks similar to those which were utilized to deliver WannaCry ransomware on the 12th of May 2017. Unix, Linux and numerous NAS devices use Samba to add Windows file and print sharing services. Additionally, Samba may be employed as an Active Directory server on Windows networks for access control. Samba’s protocol is based on Windows Server Message...
Industrial Sector targetted by Ransomware Attackers using KillDisk Variant
In late 2016, a new ransomware variant emerged which is now being used in attacks on industrial companies. Unlike other ransomware variants, the new malware does not permanently lock users’ files. Victims have been threatened with full disk deletion should they fail to pay the ransom, and it has been confirmed that the ransomware has the capability to do exactly that. The variant that is being used by the attackers is a modified...
ABCD Pediatrics Hit By Ransomware Attack Affecting 55,000 Patients
The private health information relating to more than 55,000 patients may have been compromised in during a ransomware attack against ABCD Pediatrics on the 6th of February 2017. Attackers managed to access ABCD Pediatrics’ servers following which Dharma ransomware was installed and consequently some PHI was encrypted. Dharma ransomware has been identified by experts as a variant of CrySiS ransomware. CrySiS ransomware proved to be one...
New Powershell Remote Access Trojan Identified
Researchers at Cisco Talos have recently identified a new Powershell remote access Trojan. The memory-resident malware is almost impossible to detect because it doesn’t write files to the computer’s hard drive and uses a new way of communicating with its C2. The infection is spread via a malicious Microsoft Word document sent as an email attachment. Cisco Talos has warned that only 6 out of 54 AV engines recognize the...
Victims Offered A Criminal Choice by “Popcorn Time” Ransomware
New methods of spreading ransomware are constantly being developed; however, a new ransomware variant discovered by MalwareHunterTeam researchers called “Popcorn Time” appears to use tactics that have never before been seen. When Popcorn Time ransomware has infected a victims device they are given a choice between two options: They can pay the ransom and thereby regain access to their encrypted files, or, rather more unusually, they...
Ransomware Attacks Targetting Businesses Now Using PetrWrap
A new group of criminals have taken control of Petya ransomware and are using it in ransomware attacks against businesses without the participation or knowledge of those who created the ransomware. Those responsible for the new PetrWrap campaign developed Petya ransomware by adding a module to it that serves to modify the ransomware ‘on the fly’, taking control of the encryption process in such a manner that even the authors of Petya...
Molina Healthcare Patients’ Data Exposed by Portal Security Flaw
A security flaw in a patient portal has exposed information concerning patient claims. Claims information had previously been uploaded to the patient portal of Molina Healthcare, which is a managed care company based in Long Beach, California. This in itself is not abnormal, however the flaw meant that the information was in fact accessible without any authentication checks. Some patients with claims pending had been sent a link to...
“Patch Tuesday”: Sixty-eight Microsoft Vulnerabilities Repaired
Patch Tuesday 2016: Microsoft has acted to fix 68 vulnerabilities including 6 that had been rated critical. The updates have been spread over fourteen security bulletins. The updates include fixes for 2 vulnerabilities that are presently being actively exploited including the CVE-2016-7255 vulnerability that was announced by Google in October 2016. Google decided to announce the vulnerability within 10 days of informing Microsoft...
Warning Issued by OCR to Providers of Healthcare Regarding Use of HTTPS Inspection Tools
Numerous healthcare organization employ HTTPS inspection tools in order to monitor HTTPS connections for any malware which may be present. HTTPS inspection tools are used to decrypt secure HTTPS network traffic and verify content prior to re-encrypting traffic. The purpose of HTTPS inspection tools is to enhance security, however the Department of Health and Human Services’ Office for Civil Rights has recently issued a warning which...
Thousands of Sites at Risk from Newly Identified Zero Day WordPress Vulnerability
A Sucuri researcher has recently discovered a new zero day WordPress vulnerability in the WordPress REST API. The vulnerability permits content injection and the escalation of user privileges. Should it be exploited, an unauthenticated user might be able to make modifications to any content found on the WordPress sites, which could include the addition of malicious links or exploit kits, therefore turning totally harmless sites into...
Victims Being Blackmailed by Newly Discovered Ransomware Variant
Proofpoint researchers have recently identified a previously unknown ransomware variant, known as “Ransoc”, which employs various techniques to extort money from its victims. As opposed to the encryption of a broad range of file types and then demanding that a ransom be paid by the victims in exchange of a key to unlock the affected data, in the case of Ransoc the victims are simply blackmailed into making payment. In standard cases...
Recent Discovery of Social Engineering Scam on LinkedIn
A new LinkedIn social engineering scam has been uncovered by researchers at Heimdal Security which tries to convince LinkedIn users to give their personal information. The attackers have been attempting to obtain access to users’ financial data together with identity documents, e.g. passport and driver’s license numbers, which can then be exploited in order to commit identity theft. A rather common social engineering technique,...
Latest Business Email Compromise Scam Methods Revealed
Numerous email compromise tactics have for some time been in use by scammers to trick business executives into making fraudulent wire transfers. Recently, a Symantec security specialist has observed that some scammers have begun taking a new approach in order to increase BEC scams’ rate of success. The biggest problem that the scammers face is trust. Although over-worked executives may become complacent and fail to sufficiently...