Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Safety. Show all posts
VPN
Cyber Security Data Safety IP Address User Privacy VPN

Here's How to Change IP Address Without VPN

 

The internet is becoming an increasingly important aspect of people's lives since it allows them to perform an array of activities with minimal effort. However, it is also becoming a more dangerous place, as many hackers harm you by breaking into your servers and networks and stealing your private data. Hiding or changing your IP address is one way to secure your online activity. In this article, we'll go over how to change it without a VPN and why you should use one. 

What is an IP address? 

IP addresses, often known as "internet protocol," are a string of digits that help identify the network that each individual is using. They will let you send and receive data across a network. They normally include a lot of data on your online activities, location, and data. They are an important aspect of the internet and how it functions. 

However, because it contains a large amount of private information about internet users, it can lead to a variety of issues and cybercrimes, which is why remaining safe and protected is critical, and one way to do so is to change your IP address, with or without a VPN. 

You may be wondering how you can change your IP address without using a VPN. That is possible, and to assist you change it so that you stay safe and keep your data secure, here are multiple ways to change IP address without VPN: 

Change your network: This is the most obvious and straightforward approach to change your IP address. Changing your network and using a new one will instantly generate you a new IP address. 

Tor Browser: When you use the Tor browser, nodes conceal your IP address when you connect to any network. The nodes will change every time you use them. That ensures your privacy as well. 

Disconnect the modem: If you unplug your modem for a few hours, you can get a new IP address when you turn it back on. 

Proxy server: Depending on the server you connect to, a proxy will mask and disguise your IP address before assigning a new one. 

Your internet service provider might be able to modify your IP address for you if you request it and provide an appropriate reason.
Read more »
Vulnerabilities and Exploits
Account security Account Takeover BreachForums Dark Web Data Safety GitHub NPM Vulnerabilities and Exploits

Critical npm Account Takeover Vulnerability Sold on Dark Web

 

A cybercriminal known as Alderson1337 has emerged on BreachForums, offering a critical exploit targeting npm accounts. This vulnerability poses a significant threat to npm, a crucial package manager for JavaScript managed by npm, Inc., a subsidiary of GitHub. Alderson1337 claims this exploit can enable attackers to hijack npm accounts linked to specific employees within organizations. 

The method involves embedding undetectable backdoors into npm packages used by these employees, potentially compromising numerous devices upon updates. This exploit could have widespread implications for organizational security. Instead of sharing a proof of concept (PoC) publicly, Alderson1337 has invited interested buyers to contact him privately, aiming to maintain the exploit’s confidentiality and exclusivity. If executed successfully, this npm exploit could inject backdoors into npm packages, leading to extensive device compromise. 

However, npm has not yet issued an official statement, leaving the claims unverified. The incident primarily impacts npm Inc., with npmjs.com being the related website. While the potential repercussions are global, the specific industry impact remains undefined. Account takeover (ATO) vulnerabilities represent severe risks where cybercriminals gain unauthorized access to online accounts by exploiting stolen credentials. These credentials are often obtained through social engineering, data breaches, or phishing attacks. 

Once acquired, attackers use automated bots to test these credentials across various platforms, including travel, retail, finance, eCommerce, and social media sites. Users’ reluctance to update passwords and reusing them across different platforms increase the risk of credential stuffing and brute force attacks. Such practices allow attackers to access accounts, potentially leading to identity theft, financial fraud, or misuse of personal information. To mitigate ATO attack risks, experts recommend adopting strong password management practices, including using unique, complex passwords for each account and enabling two-factor authentication (2FA) wherever possible. Regular monitoring for unauthorized account activities and promptly responding to suspicious login attempts are also crucial for maintaining account security. 

While Alderson1337’s claims await verification, this incident underscores the ongoing challenges posed by account takeover vulnerabilities in today’s interconnected digital landscape. Vigilance and collaboration across the cybersecurity community are essential to mitigating these threats and preserving the integrity of online platforms and services.
Read more »
User Privacy
Data Breach Data Safety Illegal spying Law Enforcement United States User Privacy

Law Enforcement is Spying on Thousands of U.S. Citizens' Mail

 

The Washington Post reported on Monday that federal law enforcement authorities have long received information about certain Americans' mail via a little-known U.S. Postal Service operation known as the "mail covers program.” While officials argue that the program is solely used to investigate criminal activities, it appears to be widely used, with some Americans claiming to have been targeted by the program despite having done nothing unlawful. 

The mail covers program prevents outside agencies from opening a person's mail, but it does allow them to look at the information printed on the outside of letters and packages. According to a previously leaked program document, a "mail cover" is an "investigative tool employed to record data appearing on the outside of a mailpiece." For obvious reasons, this could still provide quite a lot of information regarding an individual under surveillance. 

The FBI, IRS, Department of Homeland Security, and the Postal Service's own investigative department, the United States Postal Inspection Service, have all requested information. However, the Washington Post claims that "state and local police forces" have also used the program. The good news for investigators—and the bad news for the rest of us—is that accessing the contents of the mail label is not subject to a judge's approval or a court order.

How often is the program used? The answer is quite a lot. A recent audit of the program revealed that the Post Office authorised more than 158,000 information requests over a four-year period. Meanwhile, recent information provided to legislators who were intrigued about the programme revealed that police agencies made "an average of about 6,700 requests per year," the Post writes. Those same legislators, including Ron Wyden (D-Ore.) and Elizabeth Warren (D-Mass.), have taken it upon themselves to ask for further transparency and better controls on the program. 

The program pales in comparison to another well-known mail-tracking program, Mail Isolation Control and Tracking, which is believed to photograph the exteriors of every item of mail that passes through the United States Postal Service. This program is allegedly designed for routing and organisation, but it can also be utilised for law enforcement purposes.
Read more »
Sp1d3r
Cyber Attacks CyberCrime Cybersecurity CyberThreat Data hack Data Safety Food Giand Microsoft Sp1d3r

Fast Food Giant Jollibee Suffers Major Cyberattack, 32 Million Affected

 


Jollibee Foods Corp., a fast-food company specializing in Filipino fare, is investigating a report of a data breach in its delivery service system, adding its name to a growing list of companies which have been targeted by hackers in recent years. Earlier today, Jollibee sent us a statement informing us that “a cybersecurity incident” had reportedly affected the company, “along with other companies.” 

The company stated in the statement that they had addressed the incident. A massive data breach has allegedly taken place at the Philippine fast-food chain, Jollibee. On June 20, 2024, an actor claimed responsibility for breaching the systems of Jollibee Foods Corporation, causing the Jollibee cyberattack to become known. Known as "Sp1d3r", the notorious attacker claimed that he was able to obtain the sensitive data of 32 million customers of a fast food chain and offered to sell the database for $40,000. 

An archive that was sold by an actor under the alias "Sp1d3r" has been found on Deep Web Konek. According to the archive, the data contains sensitive information on 32 million Jollibee customers, including their full names, mailing addresses, phone numbers, and e-mail addresses, among other things. A cybercriminal account known as “Sp1d3r” was posted on the BreachForums network on June 1, 2012, claiming that they had stolen the sensitive personal data of over 190 million people from QuoteWizard. 

According to the alleged database, the data included customer details, partial credit card numbers insurance quotes, and other personal information. The same threat actor also affected Advance Auto Parts, Inc., another American automobile aftermarket component supplier. Using the name Sp1d3r, the attacker claimed that three terabytes of customer information were stolen from Snowflake, a cloud storage service that the company used, and then sold it for $15 million to the company. 

Moreover, Sp1d3r is selling “extensive records” of food delivery orders, sales transactions, and service details, as indicated in its report. According to the company, the cyberattack may result in damages of up to $3 million. According to the company's response, it is currently actively investigating the incident, and response protocols have been deployed. However, they did not confirm the breach or the theft of data, nor did they deny it. Several big companies in the Philippines have been breached, including Maxicare, Jollibee Foods Corporation, and the Maritime Industry Authority (Marina), which exposed the personal information of their customers in an attempt to evade taxes. 

A data breach at Maxcare on June 19, which exposed the personal information of 13,000 members of the company, less than one per cent of its entire membership base, was confirmed by the company on June 19. As stated on its website, the firm consists of 20,000 physicians and specialists who are attached to over 1,300 hospitals, clinics, dental clinics, 140 rehabilitation centres, dialysis centres, and eye clinics, which serve as a platform for research. 

In the last few months, the company has grown to include over 1.8 million members across the country, from the corporate sector to small and medium-sized companies to the individual and family segments. It is believed that the exposed records belong to those who utilized Lab@Home, a third-party booking platform for home care providers. According to the threat actor, he had carried out a cyberattack and obtained access to 32 million customer information, such as names, addresses, phone numbers, emails, and hashed passwords, in a cyberattack. 

In addition, the hacker is also suspected of exfiltrating 600 million rows of data related to food delivery, sales orders, transactions, customer details, and other details regarding service providers. There is evidence supporting these claims provided in the TA through a sample of the data formatted in tabular format, which can be opened up using spreadsheet applications such as Microsoft Excel or Google Sheets. Although there are still a lot of questions surrounding the exact details of the alleged data breach, it is evident that the potential consequences of this breach are grave. 

Also, Deep Web Konek made known information regarding a data breach that allegedly occurred at the Philippines’ largest fast food chain, Jollibee Foods Corporation, and was disclosed by the group. A certain amount of data including the names and addresses of 32 million customers as well as 650 million records related to Jollibee's food delivery operations could have been exposed, according to the group. Among the data that has been compromised is reportedly sensitive information such as name, address, phone number, and e-mail address of the customers, along with hashed passwords. In addition, a vast number of records were exposed regarding delivery orders for food, transactions for sales and details concerning services. 

A report from the Cyber Security Information and Analysis Group said that the exposed data spans multiple tables, indicating a comprehensive and deep breach of Jollibee's systems. It has not been announced what the consequences of the breach will be Jollibee yet. The maritime industry authority of the Philippines reported on June 16 that, as a result of an attack and compromise of four of its web-based systems, the authority has been compromised. 

As a result, Marina said that it immediately dispatched officials and employees to its centre to put in place measures to ensure that the integrity of the system is maintained and protected. There is no doubt that Jollibee is investigating the claims made by "Sp1d3r". However, the threat actor has been implicated in several recent data breaches, including attacks on several customers of Snowflake, which is one of the most popular cloud data storage vendors. 

Jollibee's cyber attack is a stark reminder of the vulnerability of the digital world, where even the most successful and established businesses are susceptible to cyberattacks from notorious hackers, who may even become the perpetrators themselves. Customers must remain vigilant and follow any further guidance provided by Jollibee and cybersecurity experts as this may lead to further security breaches.
Read more »
Third Party Access Audit
Corporate data Cyber Security Cyberattacks CyberCrime Data Safety Third Party Access Audit

Securing Corporate Data: The Crucial Role of Third-Party Access Audits

 


Organizations' data and systems can be compromised by seemingly benign entities—third-party contractors, vendors, and outsourced service providers—when those entities are seemingly innocent. External entities that perform these tasks must have access to sensitive data and systems. However, improper management of these access rights often results in data breaches and other security incidents when they are not properly managed. 

According to a Security Scorecard study (via Security magazine) published in February 2024, third parties pose a continuing security risk to organizations. According to the report, 98% of all companies have been compromised by a third party, and 29% of all breaches have been attributed to third-party attacks. Consequently, organizations should consider implementing efficient and effective third-party risk management strategies to safeguard their assets from the threat of external threats. 

Keeping an organization's security, compliance, and operational concerns in mind is essential when it comes to auditing the access rights of external vendors and contractors. In addition to protecting data integrity, confidentiality, and availability, it also serves multiple other important functions within an organization. Security Posture Enhanced by Auditor: Audits ensure that only authorized third parties can access sensitive systems, and as a result, security incidents can be prevented by monitoring activity for abnormal behaviour. Data Access Control over data access is part of several compliance standards across regulated industries. 

By conducting regular third-party access audits, companies can ensure compliance with regulations such as GDPR, HIPAA, and SOX, document access specifics, and prevent potential legal and financial repercussions. To ensure the continuity of business, organizations need to enforce access controls that align with the roles of third parties to prevent unauthorized changes or disruptions that may hurt their operations. Critical systems will benefit from this approach in terms of operational integrity. 

Third-Party Access Auditing: Third-party access auditing helps prevent the risk of security breaches and privacy incidents, which could result in significant financial losses, legal fees, and fines in the future due to remediation costs and legal fees. In addition to protecting their data, organizations can protect their financial health from the negative impacts of data breaches by proactively managing and auditing third-party access. It is important to maintain stakeholder trust and reputation by conducting regular audits that demonstrate users' commitment to data security, which in turn strengthens stakeholder trust. The process assists in preventing breaches of customer trust, which can result in loss of customer trust as well as damage to users' reputations, thereby fostering long-term customer relationships. 

There is a potential risk associated with third-party access, which is why organizations need to manage and audit these permissions continuously. This article will provide users with five key steps they can follow to effectively audit their third-party access. Identify and catalogue third-party accounts by identifying and cataloguing them. Users' enterprise resource planning (ERP) systems could contain vendor accounts, while their project management tools may contain contractor accounts. The need to list these accounts, describe their access levels, and make clear the data or systems they can interact with is extremely important. 

Check the scope of access, and ensure that it is necessary. This involves reviewing the third party's roles and responsibilities concerning the scope of access. There must be no more access granted to third parties than is necessary to fulfil their contractual obligations and they should follow the principle of least privilege. It is vital to understand how third-party entities manage employee lifecycles. Engage with these entities to learn, in particular, how they manage the creation, modification, and termination of access rights. Having an audit trail is imperative because a mistake in deactivating the access of an ex-employee could result in unauthorized access and potential security breaches. 

Establish a regular audit trail. Invest in implementing a system that will audit the access of third parties regularly, such as a platform for identity governance and administration. It involves logging all access events as well as reviewing these logs to detect any unauthorized or abnormal patterns of access. It is important to determine how frequently these audits should be conducted based on the sensitivity of the information being accessed and the history of the third party. The third-party access policy should be integrated into the overall security policy of users' organizations. 

For a firm's security policy to function effectively, third-party access controls and auditing also need to become a standard part of it. Using this policy control, users can ensure that any access granted to third parties is subject to the same security measures and scrutiny as any access granted to internal users. Access by third parties raises several red flags Organizations must keep an eye out for certain warning signs that may indicate that third-party access rights are being misused or mismanaged. The use of generic email accounts or shared log-ins should be avoided by third parties. 

This can cause challenges in attributing actions to specific users since a generic email address or shared login allows them to use multiple accounts. Accessing data unexpectedly during unusual hours, accessing data unexpectedly or making too many attempts to log in can all be indicators that the account of a third party has been compromised. Offboarding Processes Lack: Make sure that there are processes in place that will make sure not only that new third-party access is obtained, but that these third-party access processes will make sure it is effectively offboarded when the contract expires or changes. 

A third-party attack poses a significant risk that is often overlooked until it leads to a breach of the security system. To mitigate this risk, organizations can rely on robust auditing practices to ensure that they are handling it correctly. It is not just about protecting sensitive data, it is also about maintaining the integrity of the IT environment and maintaining customers' and stakeholders' trust in it, as well as ensuring that data is kept confidential. Achieving and managing third-party access is imperative for businesses today. It is both a security measure and an imperative for business operations.
Read more »
OnStar Smart Driver
Automobile Car Data Cyber Security Data Brokers data misuse Data Privacy Data Safety Data Stolen EFF GPS OnStar Smart Driver

The Hidden Cost of Connected Cars: Your Driving Data and Insurance

 

Driving to a weekend getaway or a doctor's appointment leaves more than just a memory; it leaves a data trail. Modern cars equipped with internet capabilities, GPS tracking, or services like OnStar, capture your driving history. This data is not just stored—it can be sold to your insurance company. A recent report highlighted how ordinary driving activities generate a data footprint that can be sold to insurers. These data collections often occur through "safe driving" programs installed in your vehicle or connected car apps. Real-time tracking usually begins when you download an app or agree to terms on your car's dashboard screen. 

Car technology has evolved significantly since General Motors introduced OnStar in 1996. From mobile data enhancing navigation to telematics in the 2010s, today’s cars are more connected than ever. This connectivity offers benefits like emergency alerts, maintenance notifications, and software updates. By 2030, it's predicted that over 95% of new cars will have some form of internet connectivity. Manufacturers like General Motors, Kia, Subaru, and Mitsubishi offer services that collect and share your driving data with insurance companies. Insurers purchase this data to analyze your driving habits, influencing your "risk score" and potentially increasing your premiums. 

One example is the OnStar Smart Driver program, which collects data and sends it to manufacturers who then sell it to data brokers. These brokers resell the data to various buyers, including insurance companies. Following a critical report, General Motors announced it would stop sharing data with these brokers. Consumers often unknowingly consent to this data collection. Salespeople at dealerships may enroll customers without clear consent, motivated by bonuses. The lengthy and complex “terms and conditions” disclosures further obscure the process, making it hard for consumers to understand what they're agreeing to. Even diligent readers struggle to grasp the full extent of data collection. 

This situation leaves consumers under constant surveillance, with their driving data monetized without their explicit consent. This extends beyond driving, impacting various aspects of daily life. To address these privacy concerns, the Electronic Frontier Foundation (EFF) advocates for comprehensive data privacy legislation with strong data minimization rules and clear, opt-in consent requirements. Such legislation would ensure that only necessary data is collected to provide requested services. For example, while location data might be needed for emergency assistance, additional data should not be collected or sold. 

Consumers need to be aware of how their data is processed and have control over it. Opt-in consent rules are crucial, requiring companies to obtain informed and voluntary permission before processing any data. This consent must be clear and not hidden in lengthy, jargon-filled terms. Currently, consumers often do not control or even know who accesses their data. This lack of transparency and control highlights the need for stronger privacy protections. By enforcing opt-in consent and data minimization, we can better safeguard personal data and maintain privacy.
Read more »
Technology
Apple CyberCrime Cybersecurity Cyberthreats Cyerattacks Data Safety iPhones Meta NVIDIA Technology

Nvidia Climbs to Second Place in Global Market Value, Surpassing Apple

 


This month, Nvidia has achieved a historic achievement by overtaking Apple to become the world's second most valuable company, a feat that has only been possible because of the overwhelming demand for its advanced chips that are used to handle artificial intelligence tasks. A staggering $1.8 trillion has been added to the market value of the Santa Clara, California-based company's shares over the past year, increasing its market value by a staggering 147% this year. 

Nvidia has achieved a market capitalisation of over $3 trillion as a result of this surge, becoming the first semiconductor company to achieve this milestone. The value of Nvidia's shares has skyrocketed over the past few years, making it the second most valuable company in the world and larger than Apple, thanks to its surge in value. As a consequence of the excitement regarding artificial intelligence, which is largely based on Nvidia chips, the company has seen its shares rise dramatically over the past few years.

The popularity of the company has resulted in it becoming the largest company in Silicon Valley, which has led it to replace Apple, which has seen its share price fall due to concerns regarding iPhone sales in China and other concerns. Several weeks from now, Nvidia will be split ten times for ten shares, a move that could greatly increase the appeal of its stock to investors on a personal level. Nvidia’s surge over Apple’s market value signals a shift in Silicon Valley, where the co-founded company by Steve Jobs has dominated the field since the iPhone was launched in 2007. While Apple gained 0.78 per cent, the world’s most valuable company, Microsoft gained 1.91 per cent in value. 

As a result of the company’s graphics processing units fuelling a boom in artificial intelligence (AI), Nvidia’s rally continues an extraordinary streak of gains for the company. There has been a 260 per cent increase in revenue for the company in recent years, as tech titans such as Microsoft, Meta, Google, and Amazon race to implement artificial intelligence. 

Last month, Nvidia announced a 10-for-1 stock split as a way of making stock ownership more accessible to employees and investors. In the first half of this year, Nvidia shares have more than doubled in value after almost tripling in value in 2023. With the implementation of the split on Friday, the company will be able to appeal to a larger number of small-time investors, as the company's shares will become even more attractive. 

As a consequence of Microsoft, Meta Platforms, and Alphabet, all of these major tech companies are eager to enhance their artificial intelligence capabilities, which is why Nvidia's stock price has surged 147% in 2024. According to recent revenue estimates, the company's stock has gained close to $150 million in market capitalisation in one day, which is more than the entire market capitalization of AT&T. As well as a 4.5% increase in the PHLX chip index, many companies have benefited from the current optimism surrounding artificial intelligence, including Super Micro Computer, which builds AI-optimized servers using Nvidia chips. 

During his visit to the Computex tech fair in Taiwan, former Taipei resident Jensen Huang, chairman & CEO of Nvidia, received extensive media coverage that highlighted both his influence on the company's growing importance as well as his association with the event. Compared to Apple, there are challenges facing Apple due to weak demand for iPhones in China and stiff competition from its Chinese competitors. According to some analysts, Apple misses out on incorporating AI features compared to other tech giants because the company has been so slow in incorporating them. 

According to LSEG data, Nvidia's stock trades today at 39 times expected earnings, but the stock is still considered less expensive than a year ago, when the stock traded at more than 70 times expected earnings, indicating it's less expensive than it used to be.
Read more »
Software Issues
CVEs Cyber Security Data Data Safety data security Safety Software Software Issues

Why CVEs Reflect an Incentives Problem

 

Two decades ago, economist Steven Levitt and New York Times reporter Stephen Dubner published "Freakonomics," a book that applied economic principles to various social phenomena. They argued that understanding how people make decisions requires examining the incentives they respond to. Using a range of sociological examples, they demonstrated how incentives can lead to unexpected and sometimes counterproductive outcomes.

Reflecting on these unintended consequences brings to mind a growing issue in cybersecurity: the rapid increase in software vulnerabilities tracked as Common Vulnerabilities and Exposures (CVEs). Last year, a record 28,902 CVEs were published, averaging nearly 80 vulnerabilities per day—a 15% rise from 2022. 

These software flaws are costly, with two-thirds of security organizations reporting an average backlog of over 100,000 vulnerabilities and patching fewer than half. The surge in CVEs is partly because we’ve improved at discovering vulnerabilities, and partly due to inadequate safeguards in the creation and tracking mechanisms for CVEs. It’s crucial to consider the incentive structure that motivates the identification and assignment of vulnerabilities.

While the system for assigning and scoring CVEs is widely used, it has significant flaws. Established by MITRE in 1999, the CVE system provides a standardized method for identifying and cataloguing software vulnerabilities, helping organizations prioritize and mitigate them. However, the incentive mechanisms behind CVE assignment and scoring present challenges that can undermine this system’s effectiveness.

Some security researchers seek a reputation within the cybersecurity community by gaming the CVE system. This drive for recognition or professional advancement can result in a focus on the quantity over quality of submissions, cluttering the system with trivial or noncritical issues and diverting attention from more severe vulnerabilities. The ability to file CVEs anonymously or with minimal evidence also introduces opacity, allowing for erroneous, exaggerated, or malicious submissions. This lack of accountability necessitates rigorous verification processes to maintain trust in the system.

The Common Vulnerability Scoring System (CVSS) has been criticized for not accurately reflecting the actual risk posed by vulnerabilities in real-world environments. High-scoring vulnerabilities may receive undue attention, while more critical, exploitable flaws in specific contexts are deprioritized. For instance, security researcher Dan Lorenc highlighted a day when 138 CVEs were published, two with a critical priority score of 9.8, but none were true vulnerabilities. This raises the question: Are we seeing more CVEs because there are more vulnerabilities, or because the rewards for reporting them have increased?

To address these issues, we need to rethink the incentive structure of CVE reporting. Here are some suggestions:

1. Reward quality over quantity: Implement rewards based on the quality and impact of reported vulnerabilities, encouraging researchers to focus on significant exploits rather than sheer numbers.

2. Enhance verification and accountability: Introduce a tiered verification process requiring substantial proof of a vulnerability’s existence and impact before assigning a CVE, while still protecting researchers' identities.

3. Redefine CVSS to reflect real-world risk: Revamp the CVSS to better indicate real-world risk and exploitability, possibly incorporating feedback from organizations that have experienced exploit attempts.

Incentives play a crucial role in motivating the discovery and disclosure of vulnerabilities. To address the current issues in CVE reporting, we must reconsider how incentives shape behaviour. Until then, we can expect another record-breaking year for CVEs.
Read more »
Security Lapse
CyberCrime Cyberdata Cybersecurity CyberThreat Data Safety Privacy Security Lapse

Security Lapse at First American Exposes Data of 44,000 Clients

 


It has been reported that First American Financial Corporation, one of the largest title insurance companies in the United States, was compromised in December when the company's computer systems were taken down due to a cyberattack that compromised the information of almost 44,000 individuals. Since its founding in 1889, this organization has been providing financial and settlement services to real estate professionals, buyers, and sellers involved in the purchasing and selling of residential and commercial properties. According to the company's report, it generated $6 billion in revenue last year, resulting in over 21,000 employees. 

First American Financial Services announced on December 21 that it had taken some of its systems offline today to contain the impact of a cyberattack, as the financial services company provided little information as to the nature of the attack in a statement provided in the statement. After identifying unauthorized activity on its network, the financial services firm initially revealed that certain systems were taken offline to contain the incident, when it was notified by the firm on December 21 that the incident had occurred. 

First American announced the following day that they had taken their email systems offline as well and that First American Title and FirstAm.com subsidiaries had also been affected by the same. Almost a week later, on January 8, 2024, the financial services firm announced that it was starting to restore some of its systems, but the full restoration of the company's systems wasn't announced until a week later. In December, First American informed the Securities and Exchange Commission (SEC) that the company had suffered a data breach resulting from a computer incident, as well as that certain non-production systems had been encrypted as a result of the data breach. 

As of May 28, an updated form filed by the company indicates that their investigation into the incident has been completed. A company update reads: "After reviewing our investigation and findings, we have determined that as a result of the incident, we may have been able to access the personally identifiable information of nearly 44,000 individuals without their permission," the statement reads. According to the title insurance provider, “the Company will provide appropriate notification to potentially affected individuals and offer those individuals credit monitoring and identity protection services at no charge to them.” 

Five months later, on May 28, the company announced it would not be providing credit monitoring and identity protection services to potentially affected individuals at no cost to them. The US Securities and Exchange Commission (SEC) has confirmed that the attackers gained access to some of its systems and were able to access sensitive information collected by the organization after an investigation into the incident was conducted.

A full report of the incident has been prepared. In the meantime, the investigation has been completed and the incident has been resolved by the company. First American has concluded that as a result of our investigation and findings, personal information regarding about 44,000 individuals may have been accessed without authorization," the company stated. 

There will be no costs for affected individuals to use credit monitoring and identity protection services if proper notification is provided to them. The company will provide appropriate notifications to potentially affected individuals. First American Insurance Company, which is considered the second-largest title insurance company in the nation, collects personal and financial information of hundreds of thousands of individuals each year through title-related documents and then stores it in its EaglePro application, which was developed in-house, according to DFS of New York. 

There was a security vulnerability that was discovered by First American senior management in May 2019 that allowed anyone who had access to EaglePro's link to access the application without requiring any authentication to access not just their documents, but those of individuals involved in unrelated transactions as well." Similarly, Fidelity National Financial, a title insurance provider in the United States, was also the target of a "cybersecurity issue" in November of last year. 

Various levels of disruption to the company's business operations meant that some of its systems were also taken offline to contain the attack, as a result of which some operations were disrupted. An SEC filing made in January confirmed that the attackers had stolen the data of approximately 1.3 million customers using malware that did not self-propagate and that did not spread through network resources.
Read more »
Safety
Cyber Security Data Data Safety data security Safety

Ransomware Attack Struck This Medical Device Manufacturer

 

LivaNova employees have been impacted by a ransomware attack, with the LockBit group claiming responsibility.

The UK-based medical device manufacturer, LivaNova, has notified current and former employees about a “cybersecurity incident” that compromised their personal data.

The stolen information includes:

- Name
- Telephone number
- Email
- Address
- Social Security number
- Date of birth
- Financial account information
- Health insurance information
- Online credentials
- Work-related information such as employee ID, compensation, disability status, and evaluations

The ransomware attack, which occurred on October 26th, 2023, disrupted LivaNova’s IT systems. The LockBit ransomware group has claimed responsibility, asserting on December 9th that they have 2.2TB of the company’s data.

In response, LivaNova’s breach notification to affected individuals stated that they “quickly took steps to protect its systems and data and to mitigate the impact of the incident, including shutting down certain systems and requiring personnel to change their passwords.”

To support affected individuals, the company is offering two years of free identity protection and credit monitoring services.
Read more »
Vulnerabilities and Exploits
Cyberattacks CyberCrime CyberThreat Data Safety Vulnerabilities and Exploits

New Apple Wi-Fi Vulnerability Exposes Real-Time Location Data

 


Aside from Find My, maps, routes, and emergency SOS, Apple's location services are quite handy, and they have many useful features. A research team at the University of Maryland has uncovered a critical vulnerability in Apple's location services, which might allow an unauthorized person to access the location information of millions of routers and potentially even information about a person's movements in a matter of seconds. 

It has been reported that Erik Rye and Dave Levin from the University of Maryland have found that Apple's location services are working strangely, according to Krebs on Security. It is possible to sneak information from one place to another using a passing Apple device, such as a computer on the other side of the world, over the air, without any other connection to the internet at all. 

Using Bluetooth Low Energy (BLE) broadcasts and microcontrollers programmed to function as modems, Fabian Bräunlein, co-founder of Positive Security, devised a way of transmitting a limited amount of arbitrary data from devices without an internet connection to Apple's iCloud servers. Using a Mac application, he can retrieve data from the cloud and subsequently use a Mac application to retrieve that data from the cloud. His proof-of-concept service Send Me was dubbed in a blog post that he wrote on Wednesday. 

As a crowd-sourced location-tracking system, the Find My network on Apple devices functions as a crowdsourced location-tracking tool when it is enabled. Participating devices broadcast via BLE to nearby attentive Apple devices, which relay the data back to Cupertino's servers through their network connection to Cupertino's servers via their network connection. Through Find My iPhone, an iOS/macOS version of the company's Find My app, authorized device owners will be able to receive location reports about enrolled hardware using iCloud. 

To reduce energy consumption, smartphone manufacturers are trying to use alternatives to GPS and its constant queries. To determine the precise location of a device, it is necessary to analyze the data from surrounding Wi-Fi networks and calculate a device's location based on the number of networks that are detected and how strong the signal is at the moment. In Apple’s and Google’s databases, active Wi-Fi networks are used as names for active networks (Wi-Fi-based Positioning Systems, also known as WPS) to make calculations a great deal of time. 

Researchers discovered that Apple's WPS system had an oddity: it sent the necessary data to the user's device, which enabled the user to make these calculations locally, as opposed to sending the necessary data to the server on the user's computer. Apple's WPS server also appears to be sending out up to 400 other known Wi-Fi networks in the approximate vicinity of the device as part of its location database that has been crowdsourced by users of the app. 

From this list, the requested device searches for eight possible variants and then calculates its location by that data. WPS technology on Apple's iOS device, the router on which the network is based, and the MAC address of the device are all identified using the so-called BSSID (Basic Service Set Identification) and are usually accompanied by a MAC address, which is usually static. ESP32 microcontrollers running OpenHaystack-based firmware were used by Bräunlein as the basis of his data exfiltration scheme because it was able to broadcast a hardcoded default message and to listen to new data over the serial port. 

The signals will be picked up by nearby Apple devices that are using Find My Broadcasting and transmitted to Apple's servers if they have this feature enabled. It is necessary to use an Apple Mail plugin that is running with elevated privileges to obtain the location data from a macOS device, as Apple requires authentication to access location data stored on Macs. For the user to be able to view unsanctioned transmissions, OpenHaystack must also be installed as well as DataFetcher, which was developed by Bräunlein under the Mac OS X platform. 

This is not exactly a high-speed attack since Send Me does not have a lot of speed. Considering that the microcontroller can send three bytes per second and can retrieve sixteen bytes in five seconds, along with latency ranging from one to sixty minutes depending on the number of devices in the vicinity, there are certainly faster channels of data transmission than what is available through the microcontroller. The fact that Send Me can be used by sophisticated adversaries does not make it impossible for an adversary could find a way to exploit it.

Bräunlein added that Send My uses Apple's network infrastructure to create Amazon Sidewalk, Amazon's network for IoT devices based on Apple's network infrastructure, into Amazon's Sidewalk. A satellite network and a global mobile network can be used to carry data around the world, he pointed out, proving that the threat is not a new one. The Send My application may prove useful in situations, however, such as those where the networks are intentionally shielded from access or where they are not accessible.

Apple's design of the Find My network emphasizes privacy, aiming to maintain the anonymity of finders, prevent the tracking of owner devices, and ensure the confidentiality of location reports. However, security researcher Fabian Bräunlein asserts that this design approach complicates Apple's ability to safeguard against certain abuses. This vulnerability has sparked interest among other security researchers, who are now probing the robustness of Apple's privacy measures in various contexts. On Tuesday, security firm Intego revealed that AirTags, despite Apple's preventative measures, can potentially be used as covert tracking devices. 

Furthermore, a German security researcher known as stack smashing has successfully hacked and reflashed AirTags, showcasing another dimension of potential security risks. Upon discovering this vulnerability, the researchers reached out to Apple, Google, Starlink, and several other manufacturers. Although Apple has yet to announce any significant changes to its handling of Wi-Fi networks, it has updated a support document to provide users with an opt-out option for this data collection. 

To opt-out, users need to append the character string "_nomap" to the end of their network's name (SSID). This method is also applicable to Google and its Wireless Positioning System (WPS). For Microsoft networks, users must enter their MAC address into a form so the manufacturer can add it to a block list within their database, a process that may take up to five days. The increasing scrutiny of Apple's privacy measures highlights the broader implications of interconnected device security and the ongoing challenges in balancing user privacy with functionality. This situation underscores the necessity for continuous vigilance and adaptability in addressing emerging security threats in the digital age. As the landscape of technology evolves, so too must the strategies employed to protect user data and privacy.
Read more »
Privacy
Cyberattacks CyberCrime Cybersecurity CyberThreat Data Safety Health Check McGuinness MediSecure Privacy

Patient Privacy at Risk: Experts React to Health Company Data Leak

 


A report released by MediSecure states that it is the victim of a 'large-scale ransomware' data breach that is affecting the health and personal information of millions of individuals. According to the statement, the attack impacts personal and health information. Several of its third-party vendors are suspected of contributing to the breach, which has been reported to have originated from the vendor and it has stated that it is working with Michelle McGuinness, the National Cyber Security Coordinator, to manage the consequences of the breach. 

It was McGuinness's response to the recent data breach at MediSecure that led to an inability to access the company's data, so it is still unclear how much and what kind of data was impacted by the breach. As a result of a large-scale ransomware data breach targeting Australian healthcare company MediSecure, federal police are investigating the incident. The MediSecure website and phone hotline were both unavailable on Thursday. A statement from the company revealed that a cyberattack had caused the company to be offline.

In 2009, this Melbourne-based company established itself to provide electronic prescription services to healthcare providers. As a result of the breach, the company has informed regulators including the Office of the Australian Information Commissioner that it is assisting the Australian Digital Health Agency and the National Security Coordinator to manage the impact.   For further information, MediSecure has been contacted. Australia's National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, told reporters on Thursday that the breach involved an anonymous “commercial health information organization.” 

Earlier in the week, the minister shared her experience on social networking site X, which is similar to Twitter. On Thursday, the government convened a National Coordination Mechanism to discuss the incident after she had been briefed about it earlier in the week. There has not been any data appearing online at the moment, and no ransomware group has claimed responsibility for the hack, O’Neil said. McGuinness is assisting with the company's management of the incident. 

In the eyes of Sadiq Iqbal, a cybersecurity adviser at Check Point Software Technologies, he was particularly concerned about the ransomware attack because it affected a significant healthcare provider that provided critical services. It was noted by McGuinness that the original compromise was isolated, and there is no evidence that the healthcare sector has been exposed to an increased risk of cyber-attack. It is a timely reminder for all organizations in the industry to review their cybersecurity practices in light of the breach, experts believe. 

According to Professor Nigel Phair from Monash University in Victoria, organizations must ensure they only collect, store and utilise the minimum amount of information they need to operate. There has been a major breach of the network at St Vincent's Health, the nation's largest not-for-profit health and aged care provider. Hackers could steal data from its network six months after St Vincent's Health suffered a cyberattack.

Additionally, it comes nearly two years after Australian health insurer Medibank suffered a data breach that compromised the personal information of nearly 10 million customers, including their names, birth dates, addresses, and telephone numbers, after nearly 10 million Australians complained of privacy breaches. An alleged perpetrator of the cyber breach was detained in Russia, which has been reported to be one of the biggest breaches ever to happen. It was announced late last year that Australia would no longer ban companies from making ransomware payments! Instead, the Australian government will introduce mandatory reporting requirements as a compromise.
Read more »
Ransomware attack
Cyber Attacks CyberCrime Cybersecurity Data Safety Hospital System Ransomware attack

Ransomware Attack Leaves Michigan Hospitals in Chaos Nine Days On

 


It is continuing to cause problems for Michigan Ascension hospitals as a result of a cyberattack, which has forced some ambulances to be diverted to other hospitals in the event of medical emergencies, delayed diagnostic imaging, and affected prescription filling. There is no response from Ascension's spokesperson as to how the attack is still impacting the company's operations, as he did not respond to my request on Monday. 

Nevertheless, a statement issued by the system on May 15 indicated that it had switched to manual paperwork in the wake of the attack. The hospital systems, physician offices, and care centres of Michigan Ascension remain operational after a disruptive cyberattack against Ascension hospitals was announced last week by the company.

Patients are awaiting the return of the hospital systems. Among the victims of this incident was Dan Newman, who went to the Ascension Borgess facility in Portage on Monday, May 13, expecting to receive specialized blood work. He was surprised to discover that there were no patients in the waiting room when he arrived. His bloodwork cannot happen according to the schedule because the computer systems are down, according to the lady at the counter. 

It has been nine days since a ransomware attack crippled the entire Ascension hospital system on May 8 with the result of a ransomware attack, and Newman and other patients are still waiting for services to resume. In addition, patients are experiencing issues with filling prescriptions, accessing their patient portal, and getting some tests performed. "There was nothing they could do," Newman said, since the disruption began last week on Wednesday, May 8, and Ascension operates more than a dozen hospitals across Michigan, including those in Kalamazoo, Saginaw, Novi and others. 

Even though all Ascension Michigan hospitals, physician offices, and care centres across Michigan are open, the company said on May 12, that they could not even look at the computer to see what the specialist had ordered. However, diagnostic imaging and testing have been temporarily delayed in some facilities. Despite the challenges posed by the ransomware incident, patient safety remains the company's top priority, as the company emphasized on May 12. Ascension intended to keep patients informed of the ongoing disruption by using paper-based systems. 

Ascension said it was thankful to patients for their understanding during the "unexpected event." It was also called a "ransomware incident." The doctor's offices and care centres at Ascension Michigan are operating with normal business hours, according to the company, although patients may experience longer wait times and delays as a result of the disruption. In May of this year, Ascension observed unusual behaviour on a selected technology network system. 

In the course of investigating the ransomware attack, the company has been forced to suspend access to systems and patient care across 15 states since then. Hospitals have faced the task of restoring systems and determining if any of the patient information has been impacted while transforming to manual systems for documenting patients' visits in the process of restoring systems. Ascension said the delay in appointments and elective surgeries that were previously scheduled are likely to cause delays and take longer than expected.

In a press release issued on May 15, an Ascension spokesperson suggested that patients bring notes on their symptoms as well as a list of current medication, including prescription numbers or bottle labels to avoid delays in treatment. In Michigan, every Ascension emergency room remains open and accepting walk-ins, and ambulatory diversion continues to be an "average operation, a fluid practice that is influenced by several factors, including the severity of the cases, the availability of services, and the number of providers," the statement stated. 

According to a spokesperson for Ascension Health, the hospital's emergency rooms are constantly in contact with emergency medicine providers to ensure that patients' cases are handled more effectively without compromising the quality of the service. Nine days after a ransomware attack, Michigan hospitals are still experiencing significant operational disruptions. Ascension Health stated on Wednesday that patients will be contacted directly if any rescheduling of surgical, diagnostic, or other doctor's appointments is necessary. 

On Monday, Ascension did not provide an immediate response to requests for information regarding which Michigan facilities are currently diverting ambulatory cases or temporarily delaying diagnostic imaging and testing. The healthcare system has involved law enforcement and various government agencies, including the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the American Hospital Association (AHA). U.S. hospitals and healthcare systems have become major targets for ransomware groups in recent years. 

These cyberattacks can severely disrupt healthcare services and have inflicted financial damages amounting to millions of dollars on some health systems. Cyber-attacks, in general, have increased dramatically as the world becomes more digitized. Several experts have observed a significant rise in cyberattacks globally, particularly in 2023. A study supported by Apple, conducted by Professor Stuart Madnick, revealed that data breaches have reached an all-time high for organizations in the United States. Data breaches occur when unauthorized individuals access sensitive consumer information, which may then be shared or sold. 

An Ascension spokesperson emphasized last week that patient safety remains their utmost priority despite the challenges posed by the recent ransomware incident. The spokesperson commended the dedication and resilience of their doctors, nurses, and care teams, who are currently relying on manual and paper-based systems during the ongoing disruption of normal operations. Ascension is collaborating with forensic experts from three cybersecurity firms—Mandiant, CYPFER, and Palo Alto Networks Unit 42—to investigate the attack and restore their systems. This was confirmed in a system-wide update provided last week.
Read more »
Ransomware
Ascension Cyber Security Cyberattacks CyberCrime Cyberhackers CyberThreat Data Safety Healthcare Ransomware

From Crisis to Continuity: Ascension Ransomware's Ongoing Toll on Healthcare

 


In response to a recent ransomware attack that affected the care of eight Detroit-area hospitals, Ascension Michigan is providing more information about how a recent ransomware attack is affecting patient care. In May, St. Louis-based Ascension reported a major attack on its nationwide healthcare services, which resulted in some hiccups in the care nationwide. 

Ascension has been working hard to resolve those issues. There are hospitals in Novi, Rochester Hills, Southfield, Madison Heights, Warren, Detroit, East China Township and Grand Blanc that are all located in Southeast Michigan. It is still a fact that some of the patient documentation and records are still being handled manually and on paper since the attack occurred, which is still in effect in some cases.

A statement from Ascension Michigan late Monday, May 13, said that all 15 Michigan hospitals, physician offices, and care centres remain open, but things are not as normal as they seem. Even though Ascension hospitals and facilities are open and continuing to care for patients, the system says that some of their patient services are being affected. Some procedures, appointments, and tests have been postponed because of the cyberattack. 

To cope with the cyberattack, some Ascension hospitals are diverting patients to other hospitals. According to the system, appropriate steps are being taken to handle emergencies appropriately. In a statement issued by Ascension, the company said, “Safety remains our top priority as we navigate this cybersecurity incident.” Ascension operates 140 hospitals and 40 senior centres in 19 states and Washington, D.C. Based in St. Louis, the company runs 140 hospitals and 40 senior centers. 

A statement has been issued by Ascension that the patient portal MyChart and electronic health records have gone offline. Paper records are used in the system and orders for medication, diagnostic tests, and other records are completed manually by the doctor. According to the St. Louis-based parent company, which announced a ransomware attack about a week ago, the system is making some progress after working around the clock over the weekend. 

Besides the Saint Thomas hospital system that it runs throughout the state, the company also operates several other healthcare facilities, including physical therapy offices, sleep centres, and heart hospitals as well. Throughout the event on May 8, Ascension was providing updates on the situation. The following day, the company issued a statement stating it was working with several law enforcement agencies to investigate a suspected ransomware attack that was detected on the company's servers. 

The company also confirmed the next day that the unusual activity had been caused by ransomware. Several organizations, including the American Hospital Association, have pointed to Black Basta, a well-known Russian-speaking ransomware gang, as being responsible for the attack. The company has not yet commented on who is behind the attack. The U.S. government requires health companies to report breaches that affect more than 500 people within 60 days. 

The Department of Health and Human Services is responsible for health care delivery. Ascension has not yet been listed in the agency's complaint portal which indicates that it is investigating this attack. Although there have been 23 other cases of these sorts in Tennessee over the past few years, the report does mention 23 others. Among black market data, health data is worth more than credit card numbers and social security numbers on the black market. 

Over the past five years, there has been at least a double-digit increase in cyberattacks targeting U.S. healthcare companies. Throughout each of Ascension Michigan's emergency departments, walk-in patients are welcome to receive care, according to the statement. The "diversion process" in some cases has been implemented in Ascension facilities, in which ambulances bypass these facilities and go to another location instead of going to an Ascension facility. 

Several factors may affect the decision to divert patients, as well as several factors in your community, such as the severity and frequency of the case, the service lines available, and the availability of the facility. Ascension said it had communicated with emergency medical service providers regarding the facility's availability. 

According to a press statement issued by Ascension, patients suffering from medical emergencies are advised to call 911 and first responders will send them to the appropriate hospital based on their needs. According to the statement released by Ascension, the project will affect different Michigan hospitals in different ways. Ascension Ransomware Incident Continues to Impact Patient Services In the aftermath of the recent Ascension ransomware attack, patients scheduled for elective surgeries are advised to adhere to their original appointments unless otherwise notified by Ascension staff. However, due to the transition to manual systems for patient documentation, patients may experience prolonged wait times and potential delays during their visits. 

To expedite the process, patients are encouraged to bring detailed notes on their symptoms and a comprehensive list of current medications, including prescription numbers or bottles. Diagnostic tests, crucial for patient care, have faced temporary delays in some facilities as resources are redirected to prioritize inpatient and emergency services. Patients requiring rescheduled diagnostic imaging and testing will be promptly contacted by Ascension. 

Despite the operational challenges posed by the attack, Ascension Michigan's doctor’s offices and care sites remain open during regular business hours, with scheduled appointments proceeding as planned in most cases. Patients will be notified promptly if rescheduling becomes necessary. Similarly, patients are advised to carry comprehensive documentation of their symptoms and medications to facilitate smooth consultations. Pharmacy services within the Ascension network continue to operate, albeit with certain limitations. 

While prescriptions can still be filled, patients are requested to provide their prescription bottles from prior fills. Furthermore, Ascension pharmacies are unable to process credit card payments at this time. Ascension has not provided a definitive timeline for the restoration of normal system operations. Additionally, the organization is conducting an ongoing investigation, in collaboration with the FBI, to ascertain the extent of any potential compromise to patients' personal information. 

Affected patients will be duly notified if their data has been impacted. Of notable significance, the ransomware incident occurred amidst an ongoing joint venture between Ascension and Henry Ford Health, aimed at integrating eight southeast Michigan Ascension hospitals and an addiction treatment facility in Brighton into the Henry Ford Health System. This venture, announced in the previous fall, is anticipated to be finalized and branded Henry Ford Health in the summer of 2024.

It is important to clarify that this venture does not constitute a merger or acquisition, as stated by both healthcare entities. In conclusion, while Ascension works diligently to restore normalcy to its operations, patients are encouraged to remain vigilant and patient amidst any potential disruptions to their healthcare services.
Read more »
online frauds
Arrests Cyber Fraud Cyberattacks Cybersecurity Precautions Data Safety digital safety Information Security online frauds

Government Struggles with Low Arrest Rate Amidst 31 Lakh Cyber Fraud Complaints

 

From the high-profile AIIMS cyber attack to widespread data leaks like that of the ICMR, the National Cyber Crime Portal (NCRP) has seen an alarming rise in cyber fraud complaints. Since 2020, the portal has received 31 lakh complaints as of February 2024. 

However, the most concerning issue, as highlighted by the Central government's official communication, is the staggeringly low number of arrests in these cases. Despite over 66,000 cases being registered by various law enforcement agencies, the total number of arrests stands at just 500, amounting to less than 1% of the reported cases. 

This discrepancy has been a recurring topic in meetings within the Ministry of Home Affairs and the Ministry of Finance. During a recent Financial Stability and Development Council (FSDC) meeting, several stakeholders voiced their frustration over the minimal progress in arrests. A significant part of the problem lies in the increasing prevalence of fraudulent loan lending apps, which have severely impacted India's financial infrastructure. 

These apps disproportionately affect low-income groups, leading to significant financial losses as money is often funneled out of the country. According to a senior official present at the FSDC meeting, many of these apps operate from China, posing a dual threat to both financial institutions and the economic stability of vulnerable populations. The official noted that some Indian nationals involved in these crimes inadvertently aid China-based operators, thereby becoming victims themselves. 

In response to these growing concerns, the central government has urged tech giants like Google and Meta to deploy experts to combat the menace. There is a heightened alarm over advertisements run by organized threat actors, many of whom operate internationally. A central cyber agency's analysis revealed that numerous mobile applications were conducting ad campaigns on Meta platforms, leading to a slew of suicides linked to harassment and extortion by illegal app operators and loan recovery agents. 

The misuse of app permissions for harvesting credentials and data adds another layer of risk, potentially enabling future cybercrimes. The FSDC meeting underscored the urgency of addressing these issues, with multiple stakeholders pushing for the Ministry of Home Affairs to take immediate action. Sources indicate that the Ministry is now expected to convene a meeting with various agencies to expedite investigations and increase the number of arrests. 

This coordinated effort aims to enhance the pace and effectiveness of law enforcement responses to cyber fraud, thereby protecting India's financial ecosystem and its most vulnerable citizens.
Read more »
Vulnerabilities and Exploits
Cyber Attackers Data Safety DHCP. TunnelVision VPN Vulnerabilities and Exploits

Unpatchable VPN Vulnerability Exposes Data to Attackers: What You Need to Know

 

In a recent revelation that has sent shockwaves through the cybersecurity community, researchers have unearthed a significant vulnerability in virtual private networks (VPNs) dubbed TunnelVision. This flaw, described as deep and unpatchable, poses a substantial threat to data security, allowing malicious actors to intercept sensitive information without leaving a trace. The implications of this discovery are profound, shedding light on the inherent limitations of VPNs as a stand-alone security solution and underscoring the urgent need for a more robust and comprehensive approach to cybersecurity. 

By manipulating DHCP option 121, attackers can reroute data traffic within the encrypted VPN tunnel to a malicious gateway under their control. This interception occurs stealthily, without triggering any alarms or alerts, as the VPN software remains unaware that its contents have been rerouted. Consequently, organizations may remain oblivious to the breach until it's too late, allowing threat actors to siphon off data undetected. 

What makes TunnelVision particularly insidious is its ability to evade detection by traditional security measures. Unlike conventional attacks that leave behind telltale signs of intrusion, TunnelVision operates covertly within the encrypted VPN tunnel, making it virtually invisible to standard intrusion detection systems and VPN monitoring tools. As a result, organizations may be blindsided by the breach, unaware that their data is being compromised until it's too late to take action. 

The discovery of TunnelVision has profound implications for organizations that rely on VPNs to secure their networks and safeguard sensitive information. It exposes the inherent vulnerabilities of VPNs as a single point of failure in the security infrastructure, highlighting the need for a more holistic and layered approach to cybersecurity. Simply put, VPNs were never designed to serve as a comprehensive security solution; they are merely a means of establishing encrypted connections between remote users and corporate networks. 

To mitigate the risks posed by TunnelVision and similar vulnerabilities, organizations must adopt a multifaceted cybersecurity strategy that encompasses strong encryption, enhanced network monitoring, and a zero-trust security model. By encrypting data before it enters the VPN tunnel, organizations can ensure that even if intercepted, the data remains protected from prying eyes. Additionally, implementing rigorous network monitoring protocols can help detect and respond to anomalous behaviour indicative of a breach. 

Moreover, embracing a zero-trust security model, which assumes that no entity—whether inside or outside the network perimeter—is inherently trustworthy, can help organizations better defend against sophisticated attacks like TunnelVision. The discovery of TunnelVision serves as a wake-up call for organizations to reevaluate their cybersecurity posture and adopt a more proactive and comprehensive approach to threat mitigation. By addressing the underlying vulnerabilities in VPNs and implementing robust security measures, organizations can better protect their sensitive data and safeguard against emerging threats in an increasingly hostile digital landscape
Read more »
Patient Data
Cybersecurity Data Breach Data Safety data security Hacker attack Healthcare Breach IT system Patient Data

DocGo Confirms Cyberattack: Patient Health Data Breach

 

In a recent turn of events, DocGo, a prominent mobile medical care firm providing healthcare services across the United States and the United Kingdom, has fallen victim to a cyberattack. The breach, confirmed by the company in a filing with the U.S. Securities and Exchange Commission (SEC), has raised concerns about the security of patient health data and the impact on DocGo's operations. 

Here's what we know so far: According to the SEC filing, DocGo discovered unauthorized activity within its systems and promptly initiated an investigation with the assistance of third-party cybersecurity experts. While the company has not disclosed the specific nature of the cyberattack, it is common practice for organizations to shut down affected IT systems to prevent further compromise. 

As part of their investigation, DocGo determined that the hackers gained access to a "limited number of healthcare records" belonging to the company's U.S.-based ambulance transportation business. This breach has raised serious concerns about the security of patient health information and the potential impact on individuals affected by the attack. In response to the breach, DocGo is actively reaching out to individuals whose data may have been compromised. The company assures that no other business units have been affected, and they have not found evidence of continued unauthorized access. 

Despite the breach, DocGo believes that the incident will not have a significant impact on its operations and finances. One of the key concerns following a cyberattack of this nature is the possibility of ransomware involvement. If the attackers deployed ransomware and a ransom demand is not met, there is a risk that the stolen data could be used as leverage for future extortion attempts against DocGo. However, as of now, no threat actors have claimed responsibility for the breach. The breach at DocGo underscores the importance of robust cybersecurity measures in protecting sensitive medical data. 

Healthcare organizations must remain vigilant against evolving cyber threats and prioritize the security of patient information. Additionally, swift and transparent communication with affected individuals is crucial in mitigating the potential impact of a data breach. As the investigation into the cyberattack continues, DocGo is likely to implement additional security measures to prevent future incidents and safeguard patient health data. 

However, the full extent of the breach and its implications for affected individuals remain to be seen. The cyberattack on DocGo serves as a stark reminder of the persistent threat posed by cybercriminals to organizations across all sectors, including healthcare. It highlights the need for continuous monitoring, robust cybersecurity protocols, and proactive response strategies to mitigate the risks associated with data breaches
Read more »
TTP
Cloud Cloud Servers Cyber Security Data Safety data security Data server Microsoft New Zealand TTP

Empowering Indigenous Data Sovereignty: The TTP-Microsoft Partnership

 

The recent partnership between Te Tumu Paeroa (TTP), the office of the Māori Trustee, and Microsoft for the forthcoming data centres in Aotearoa New Zealand marks a groundbreaking development with potential global implications for indigenous data sovereignty. This agreement, described as "groundbreaking," is based on TTP's Māori data sovereignty framework, which has been under development for the past three years. 

As anchor tenants for Microsoft's data centres, TTP will play a pivotal role in safeguarding Māori data as a precious asset in an increasingly digital world. Ruth Russell, Te Tumu Paeroa’s Kaitautari Pārongo Matua (Chief Information Officer), emphasized the significance of protecting Māori data, describing it as a "taonga" or treasure. Anchor tenancy enables TTP to host data in Aotearoa, ensuring it remains within the country's sovereign borders. 

The agreement aims to deepen connections between landowners and their whenua (land) and facilitate faster recovery from major weather events while supporting innovation on key issues such as climate change. TTP's services include trust administration, property management, income distribution, and client fund management, making this partnership crucial for enhancing Māori data sovereignty. One of the primary benefits of the new cloud service is that data stored at the centre will not leave New Zealand's sovereign borders, ensuring compliance with local laws and regulations. 

This advanced data residency feature offered by Microsoft instills confidence that data resides in the desired territory, aligning with TTP's framework and recognizing the sovereignty of Māori data. Dan Te Whenua Walker from Microsoft highlights the opportunity for Māori to leverage artificial intelligence (AI) while acknowledging some uncertainties regarding its cultural implications. He emphasizes the importance of TTP's framework in guiding the adoption of AI, ensuring it aligns with Māori aspirations and values. DDS IT, responsible for migrating data to Microsoft's cloud servers, considers this partnership a unique opportunity. The data migration process involves transferring data between locations and formats, with the full transfer expected to take between 12 to 24 months. 

Moreover, the new data centre is set to be the most sustainable globally, emphasizing energy efficiency and environmental considerations. The partnership between TTP and Microsoft represents a significant step towards advancing Māori data sovereignty and leveraging technology to benefit indigenous communities. By hosting data within Aotearoa's sovereign borders and adhering to Māori principles of kaitiakitanga (guardianship), this collaboration sets a precedent for indigenous data governance worldwide.
Read more »
Subscribe to: Posts (Atom)