Search This Blog

Showing posts with label Unauthorized. Show all posts

Data Exposed at County of Tehama, Here's All You Need to Know

As per the announcement made by the County of Tehama in California, a data security breach that allowed unauthorized access to files on its systems was handled. 

The County of Tehama started mailing to individuals whose data may have been linked to the event on November 17, 2022. The County of Tehama is giving free credit monitoring and identity theft prevention services to anybody whose Social Security numbers or driver's licence numbers were involved.

In addition, the organisation opened an investigation and alerted law authorities. After conducting an investigation, the County of Tehama came to the conclusion that between November 18, 2021, and April 9, 2022, an unauthorised person had gained access to its IT network.

Further findings from the inquiry revealed that the unauthorised user had accessed files on the County of Tehama Department of Social Services' computer systems.

A special, toll-free incident response line has also been set up by the County of Tehama to address any queries people may have. Call 855-926-1376 between 6:00 a.m. and 3:30 p.m., Pacific Time, Monday through Friday if anyone has any questions about this incident or thinks their information may have been compromised.

The County of Tehama advises those whose information may have been compromised to stay alert to the danger of fraud by examining their financial account statements and promptly informing their financial institution of any suspicious activity.

Indianapolis Housing Authority Hit by Ransomware

According to a senior agency official, a ransomware attack on the federal organization in Indianapolis which manages low-income housing has caused a delay in the distribution of rent payments to landlords.

During the attack, which started weeks ago, every employee of the Indianapolis Housing Agency blocked access to their email. That concerned its executive director, Marcia Lewis, who was unable to access her email for days before being able to do so again on Tuesday, according to a message she wrote to The Indianapolis Star.

The inability to send October rent payments to landlords under the federal housing choice voucher program, generally known as Section 8, on which 8,000 Indianapolis families rely, was caused by the ransomware attack on the Indianapolis Housing Agency. The organization oversees the administration of the Section 8 program in Indianapolis, which offers rental help to very low-income families, the elderly, and people with disabilities for housing on the private market.

Marcia Lewis stated that the attack was still continuing as of Wednesday and that an investigation by data security professionals, police enforcement, and the agency's IT service providers is in progress. The housing authority has not disclosed information regarding the purpose or identity of those responsible for the ransomware attack, which utilizes software to encrypt files within a victim organization in order to demand payment.

With the help of Section 8 or through residing in one of the organization's public housing complexes, almost 25,000 people rely on the Indianapolis Housing Agency for a variety of housing services.

Lewis claimed that as of Monday, the organization had successfully paid every Section 8 landlord's rent for the month of October. The company had to manually send out client power allowance checks and important vendor payments during the previous week since the IT system was unavailable.

The Indianapolis Star has previously written about the abuse that residents of Indianapolis Housing Agency buildings have experienced. Some of the issues residents have encountered include bed insect infestations, air conditioner outages on some of this summer's hottest days, or a lack of hot water at the beginning of October.

Landlords are prohibited from evicting residents for nonpayment by the agency under Section 8 laws set forth by the U.S. Department of Housing and Urban Development, including in the present instance.

FBI: Hackers use DeFi Bugs to Steal Cryptocurrency


Investors are being warned by the FBI that hackers are increasingly using Decentralized Finance (DeFi) platform security flaws to steal cryptocurrency.

According to the PSA, which was posted on the FBI's Internet Crime Complaint Center (IC3) today, nearly 97% of the $1.3 billion in bitcoin that was stolen between January and March 2022 came via DeFi sites. This represents a big increase from 72% in 2021 and roughly 30% in 2020, according to projections by the FBI.

The FBI urges people to be aware of the hazards, seek professional assistance if they are unsure, and research the security and general business practices of DeFi providers. Additionally, we all refer to DeFi providers as exchanges, markets, and other websites where you may buy, sell, trade, and borrow bitcoins and other digital assets.

The FBI's warning is due to a Chainalysis analysis from April that revealed how, per Q1 2022 statistics, DeFi cryptocurrency platforms are currently more targeted than ever.

In the majority of occurrences, the hackers rely on using security flaws in their platform's code or unauthorized access to drain cryptocurrency to addresses under their command.

According to Chainalysis, the threat actors responsible for these attacks used dangerous laundering services, like unlawful exchanges and coin tumblers on the dark web, to re-launder the majority of the stolen funds in 2022.

The FBI's alert provides investors with guidance that begins with basic cautions about performing due diligence before investing and then suggests the following:

Before investing, research DeFi platforms, protocols, and smart contracts and be aware of the dangers associated with DeFi investments.

Verify whether the DeFi investment platform has undergone one or more code audits done by impartial auditors. A code audit normally entails carefully examining and studying the platform's underlying code to find any flaws or vulnerabilities that might impair the platform's functionality.

Be wary of DeFi investment pools with short join windows and quick smart contract rollouts, especially if they don't perform the advised code audit.

Be mindful of the potential risks crowdsourced solutions pose for finding and patching vulnerabilities. Open source code repositories give anyone, even those with malicious intent, unauthorized access.

This year, no DeFi-taken monies have been reimbursed, indicating that attackers are less interested in protecting their stolen assets than they were in 2021 when almost 25% of all cryptocurrency stolen via DeFi platforms was eventually recovered and given to the victims.

The FBI established a link between the Lazarus and BlueNorOff (also known as APT38) North Korean threat organizations and the April attack of Axie Infinity's Ronin network bridge, now the largest crypto hack ever.

The $611 million breach of the decentralized merge protocols and network Poly System in August 2021 was the most significant cryptocurrency theft to date.

Akasa Air Confirmed a Data Breach to CERT-In

Some Akasa Air passengers' private information, including names, gender, email addresses, and phone numbers, was exposed to unauthorized individuals, the airline said on Sunday. The newest carrier in India claimed it reported the incident on its own to the government-authorized nodal organization entrusted with handling cases of this sort, the Indian Computer Emergency Response Team CERT-In.

Ashutosh Barot, a cyber security researcher located in Mumbai who serves as Deputy Manager at a premier international consulting business, was the subject of the investigation. On August 7, the day Akasa Air conducted its maiden commercial flight, he discovered the leak while taking a break from work. He claimed he made an attempt to contact Akasa Air the very following day by sending a personal message on Twitter.

"I was given the airline's standard email address. Since the issue involves the leakage of critical information about website visitors, I asked them to put me in touch with the security in charge", he added.

Barot informed a journalist after the airline failed to respond, and the journalist subsequently contacted Akasa Air.

"System security and the safety of client information are of the utmost importance to Akasa Air, and our goal is to always deliver a secure and dependable customer experience. The security of all our systems has been further enhanced through the implementation of additional measures," according to Anand Srinivasan, co-founder, and chief information officer of Akasa Air. Although stringent protocols are in place to prevent incidents of this nature, we have taken these additional steps nonetheless.

The business said that by entirely shutting down the system components involved in the hack, it was able to block unauthorized access.  It stated that after implementing new safeguards to solve the issue, log-in and sign-up services had resumed. Additionally, Akasa stated that it is doing more evaluations to fortify its systems against similar attacks in the future.

In addition to the aforementioned information, it was made clear that no trip-related data, travel records, or payment data were exposed.

The airline announced that it has conducted extra checks to guarantee that the security of all its systems is further strengthened. The airline expects to run 150 weekly flights by the end of September.

Anand Srinivasan, the airline's chief information officer, said in a statement to the media on Sunday night that Akasa Air will "continue to maintain" its "strong" security processes and, if necessary, work with partners, researchers, and security professionals to fortify its systems.

Data of 1.3M Patients of Novant Health was Leaked on Meta

More than 1.3 million users have received notices from healthcare provider Novant Health that their private health data (PHI) had unintentionally been leaked to Facebook parent firm Meta.

Facebook marketers can add JavaScript a monitoring script known as Meta Pixel to their website to monitor the effectiveness of their advertising. Unauthorized patient records access and disclosure started in May 2020, when Novant launched Facebook ad-based marketing campaigns to promote the COVID-19 vaccine.

The company said that Novant Health was employing a misaligned pixel on both its website as well as the Novant Health MyChart patient interface and the pixel carried code that allowed businesses to track website activity.

The healthcare company placed the Meta Pixel code on its website to track these advertisements and evaluate their effectiveness.

After a reporter contacted and questioned about the use of MetaPixel, the pixel was introduced to the portals in May 2020 and disabled in May 2022, after Novant Health learned of the potential data exposure.

Depending on a user's activity on the Novant Health website and MyChart interface, it was possible PHI would have been shared to Meta, Novant Health decided in June 2022.

Email addresses, phone numbers, computer IP addresses, contact information patients entered into Advanced Care Planning or Emergency Contacts, appointment information, the doctor they chose, and data like button/menu selections and or content typed into free text boxes were all potentially impacted information.

64 healthcare service providers in the United States use the MyChart portal, which enables their users to schedule medical appointments, ask for prescription refills, get in touch with their clinicians, and more.

Unfortunately, this means that due to the tracker's improper setting, even people who haven't actually used Novant's services may nonetheless have been exposed.

"Advertisers shouldn't send private data about individuals through our business tools. This is against our policies, and to avoid it from happening, we instruct advertising on how to set up business tools correctly. Our technology is built to weed out any potentially sensitive information it can find. We'll keep trying to get in touch with Novant," a Meta spokeswoman stated.

Only those who received notices may consider themselves victims of a breach, according to the company, which claims it has identified the affected persons following a thorough investigation that was finished on June 17, 2022. Novant claimed that it's not aware of any "improper or attempted use" of the information by Meta or any other third party. 

Researcher Demonstrated How Tesla Key Card Feature Can be Exploited to Steal Cars


A researcher demonstrated how a Tesla key card functionality launched last year might be misused to add an unauthorised key that enables an attacker to access and start a vehicle. 

Martin Herfurt, an Austria-based member of the Trifinite research group that specialises in Bluetooth security, conducted the study. Herfurt's research focused on key card access modifications made by Tesla in August 2021, which removed the necessity for customers to place the key card on the central console after using it to open the vehicle. 

The researcher discovered that when a Tesla is opened through NFC using the key card, there is a 130-second window during which an attacker within the Bluetooth range of the targeted vehicle may add their own key. The attack exploits Tesla's VCSEC protocol, which manages communication between the automobile, the phone app, and the key fob. 

Findings by the researcher: 

During such an assault, the infotainment system makes no attempt to warn the victim that a new key has been inserted. According to the researcher, he tried the attack on the Tesla Model 3 and Model Y, but he believes it should also work on the newer Model S and Model X. At the recent Pwn2Own 2022 hacking competition, hackers won $75,000 for an attack targeting Tesla's infotainment system. Herfurt intended to show off his attack at Pwn2Own, but relay attacks were not permitted. 

In reality, he claimed to have identified the authorisation timer attack vector in September 2021 but had been keeping it for Pwn2Own. The researcher stated that he did not inform Tesla about his recent findings before revealing them since he considered the company needed to be aware of the problem. 
Following his disclosure, he received confirmation from others who reported a very issue to Tesla months ago that Tesla was aware of the vulnerability. 

According to the researcher, Tesla recommends using the PIN2Drive function, which requires customers to input a PIN before driving away, but he produced a video last week demonstrating how an attacker may overcome PIN2Drive. Tesla is yet to react to a comment request.

Herfurt is working on TeslaKee, a new smartphone application that is said to safeguard Tesla vehicles from these sorts of relay attacks. Herfurt demonstrated another approach to stealing a Tesla in May. The attacker utilised two Raspberry Pi devices to relay the radio signal between the Phone Key and an automobile over a considerable distance.