A flaw was detected in Google maps through which bank customers and thousands of other data’s were scammed, thus revealing data’s like CVV and ATM pins. Due to this, Google proclaimed in terminating down its Google + division, reports The Hindu. They even stated that bank’s numbers were replaced by their rogue numbers through conning.Maharashtra cyber police articulated that people call these numbers in google maps thinking to be legitimate, with scarce people identifying the scammer that is detecting them stealthily and cajoling to reveal sensitive information’s.Bank of India has levied users to refer only contact details and not 3rd party sources. The have also modified their data’s on Google maps, reports The Hindu.Google safety Centre Outlines tips to enhance customers safety in online sources, says a Google spokesperson.Maharashtra cyber police revealed that whenever people searched for Bank online, the 1st search would be a google link with contingencies for higher number of victims count.
Abine Blur Password Manager suffers a data breach exposing private data of 2.4 million users Significant information’s like email addresses, first and last names, last and second-to-last IP addresses were left exposed. These data’s were used to login to Blur and also to encrypt those passwords. Blur finalized that there was zero evidence for the exposure of usernames and passwords, auto-fill credit card details, masked emails, masked phone numbers, masked credit card numbers and payment details. On 31st December 2018, an online privacy company named as Abine that owns Blur and DeleteMe, figured out the online exposure of Blur password manager users. Blur became aware of this incident on 13 December, 2018 and post it, Blur firm instantly began to work on investigating the issue and for confirming the certainty of their data’s and systems security. After the ending of investigation, it was revealed on Monday that “A file containing information from users who had registered prior to January 2016 were exposed online”. Blur is collaborating with a leading security firm to prevent the existence of breaches in future.
2018 saw the advancement of hand-delivered, targeted ransomware attacks that are earning cyber criminals millions of dollars, according to the Sophos 2019 Threat Report. The report, produced by SophosLabs researchers found that capitalist cyber criminals are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom.The threat report explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.“The threat landscape is undoubtedly evolving; less skilled cyber criminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries. These new cyber criminals are effectively a cross-breed of the once esoteric, targeted attacker use manual hacking techniques, not for espionage or sabotage, but to maintain their dishonorable income streams. Cyber criminals are using readily available Windows systems administration tools as their route to advance through a system and complete their mission – whether it’s to steal sensitive information off the server or drop ransomware.
Two pals Matthew Hanley 23 and Conor Allsopp 21 were sentenced for 20 months due to their collaboration in the execution of a successful breach. The pair hijacked 156,959 customer
accounts which comprised of personal, banking and sensitive data’s.The total cost of the TalkTalk breach which caused distress and mayhem to thousands, is estimated around $77
million.TalkTalk reported the cyberattacks to police and National crime Agency alerted the customers with Hanley described the name “Determined and dedicated hacker”.
A Finnish cybersecurity company said that India has been affected by over 4.3 lakh attacks initiated from 5 different companies. Moreover, even Russia, US, China, Netherlands and Germany have targeted India with 436,090 attacks, being more than 12 times originating from India.Russia accounted for most cyber attacks succeeded by US, China, Netherlands and even from Germany with Austria, Netherlands, UK, Japan and Ukraine targeting India with 36,563 attacks.Leszek Tasiemski, the vice president of cyber security products said that it’s becoming lucrative for hacking due to digitalisation. We are enhancing measures for protecting the evolving threat landscape, he added.Honeypots are explicitly used for grabbing attention of future victims and they gain insights on attack types, targets, sources and much more.F- Secure said that victims and even elite hackers find so hard in figuring out as an Honeypot as they appear to be serving organizations purposes.They even enable F-Secure products via customers for extracting latest malware samples, shell scripts and sometimes upbringing even new hacking techniques.
Foreign state-sponsored hackers infiltrated the security elements of PAKISTANI AIR FORCE, reports a private cybersecurity firm.Cylance first reported that a group named as “The White
Company’, hacked various elements of Pakistan’s military and intelligence networks and says that more threats may strike the government.Spokesperson at the firm said that the attack could be launched from a Middle East with exact data’s about the attacks origin and the pilferage data’s unrevealed.Cylance and other private security firms have helped in detecting and publicizing various hack activities like the Stuxnet virus, developed by the US and Israel in 2006 for Sabotaging Iran’s nuclear program.Cylance said it shared about these threats with U.S government and PakCERT- a Non-Government organization like a computer emergency response teams.Officials at Cylance said that attack espionage was used for stealing sensitive Pakistani information, which was achieved through spear-phishing technique for gaining access to the secure data’s.Pakistan came under scrutiny as most of its banks were subjected to a wide-scale security breach.
Palo Alto Networks on November 21, 2018 discovered the “Cannon Trojan”, a new Russian hacking tool is targeting government systems in US and Europe through various stealthy attack modes, by using the AutoClose function that swiftly accomplishes its action through malicious codes. The virus acts a downloader.It is next delivered through an email as Word document. The Word document installs two malicious programs and then Cannon allows Hackers to gain the victims information.Palo Alto researchers believe Russian hacking group Fancy Bear or GRU whom were behind many successful attacks like Democratic National Committee and medicine data from both the International Association of Athletics federation and World Anti-Doping Agency were also behind this.The group has also been targeting US think tanks, government agencies and other business phishing campaigns. Due to lack of
strong security resources, even Minnesota Department of Health and Human services suffered cyber impacts. Healthcare sector suffered from several constraints, and even other sectors could suffer through the infusion of the contemporary evasive attacks.
Meltdown and Spectre vulnerabilities affected a large family of modern processors through which sensitive data’s can be gained. Since then more like Spectre NG, Spectre RSB, Spectre 1.1, Spectre 1.2, TL Bleed,Lazy FP, Net Spectre and Foreshadow were released.Speculative execution- a mandatory component of modern processors executes instructions based on assumptions that are considered with a hope to be true. If the assumptions are valid, the execution continues, otherwise discarded.The same team who found Meltdown and Spectre vulnerabilities have discovered 7 new transient attacks that impacts 3 main processors like Intel, AMD and ARM.Those 7 recently discovered attacks are listed below:
Jann Horn, a cybersecurity researcher exposed the unfixed vulnerability in Linux version since 3.16 to 4.18 which was under the Project Zero program. Now known as CVE-2018-17182, it is a cache invalidation bug that affects the memory management Linux module. The attacker can gain root access in the Linux-based computer by successful exploitation. Horn said that “While the bug itself is in code that is reachable even from relatively strongly sandboxed contexts, this blogpost only describes a way to exploit it in environments that use Linux kernels that haven’t been configured for increased security (specifically, Ubuntu 18.04 with kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37). The underprivileged user, using CVE-2018-17182 can be altering of memory and creating of an artificial denial of service attack can be done by the underprivileged user using CVE-2018-17182. The exploit was described by Horn as “Consumes an hour to run before popping a root shell.” Various distinct patched versions such as 4.18.9, 4.14.71, 4.9.128, and 4.4.157
An oracle zero day platform independent vulnerability, which affects versions till 5.2.20 and allows malicious files for bypassing and exploit OS were released by a resented researcher.The vulnerability arises due to memory corruption issues with the security researcher claiming that it either works or never works and works in Ubuntu 16.04 and 18.04 x86-64 configurations.The researcher took an oath and disclosed the data’s due to his wrath on Oracle when he reported similar issue last time. As of Nov 8th 2018, patch wasn’t available and hence metamorphosing virtual ethernet Card to PC net and changing network mode to NAT would help in restricting the exploit to a considerable extent until a best patch gets its inception.
IntSights researchers found about 1.5 million patient records exposed online through FTP servers, FHIR apps and other platforms that required no intrusive methods to obtain.
Hackers gained access to various online data’s through various google methods like technical documentation, subdomain documentation and through other exploiting methodologies
through which Hackers exposed 30% of online breaches pertaining to the Healthcare sector. Post investigation, it was revealed that 1.5 million records were exposed from 15 databases among 50. Similar scrutiny of DevOps sites found 23% of servers being open to internet. To add more fuel to the flame, it was discovered that Hova health- a telemedicine vendor beached 2.4 million patients data’s at a rate of 16,667 per hour. This was due to the misconfiguration of MongoDB database in August 2018. SMB (Server Message Block) ports were also accessed by researchers and was noted that their security features are damn fragile and they shouldn’t be exposed to the public. These were also the cause for Wanna-cry attacks of May 2017. Researchers further said that healthcare firms aren’t doing a great job in protecting patients data’s.
To prevent these, researchers recommend the use of 2FA, proper Pen-Testing, incessant monitoring and placing the security controls in a proper place to help organizations remain
secure under the umbrella of cyber rains. As a final note, researchers concluded that “Healthcare organizations increased their attack surfaces and have provided cybercriminals
new aspects to abduct ePHI. Still no proper investments towards cybersecurity tools or procedures have been implemented”.
The credit card processing system of Baylor Scott and White Medical Center-Frisco was hacked for about a week in September, exposing the financial data of patients.
A hack on credit card processing system caused a breach of 47,948 patients data with their information’s like names. Medical record numbers, account data, credit card numbers,
insurance provider information, CCV numbers, credit card type, recurring payment details, account balances, transaction status, invoice numbers and much more being exposed for a
week, notified by Baylor Scott and Center-Frisco on December 11, 2018. After detecting the issue on September 29th, instant notification was sent to the vendor and was later followed
with substantial investigations to figure out the cause of breach. The reason was found out to be some inappropriate access. All victims have been offered free credit monitoring for 1 year. The online payment function of Baylor Scott and White medical Center-Frisco is still dormant even on December 11th. These attacks are uncountable just like the count of stars on sky. As many healthcare provider have multiple vendors, it is indispensable to build a sane relationship through perfect security assessments.
The majority of systems were brought back online Monday morning, but officials are still working with forensics and law enforcement to determine the scope of the cyberattack.
On December 11, 2018, a malware attack purged the data’s of the University of Maryland medical system in an persuasion to penetrate the IT systems, at 4.30 A.M on Sunday.
UMMS’ IT team helping patients across Maryland and serving beyond 150 locations, disabled the services of more than 250 IT systems to stop malware from passing to other systems.
However under EMS protocols, some patients privileges were escalated to other facilities and through redress measures like identification, isolation and infiltration of threats, the UMMS systems were brought back online and with proper working condition, reports Jon Burns-Senior Vice president and Chief Information Officer of UMMS. According to Officials, distinct healthcare’s like East Ohio Regional Hospital, Ohio Valley medical Center, Rhode Island based Thundermist health center have suffered disastrous cyber breaches. To control these disguised morons, the health system is hiring competent external forensics team and expediting law enforcement collaborations to determine the attack origin.
Pagosa Springs Medical Center failed to terminate a former employee’s access to electronic patient data and also failed to obtain a business associate agreement with its scheduling vendor
The department of Health and Human services office for civil rights settled with Pagosa Springs Medical Center for $111,400 for waning to end an ex-employee’s access whom continued to have remote contact to PSMC’s electronic protected health information consisting the ePHI of 557 patients.Corrective action plans like updating the security management and business associate agreement, its policies and procedures, designating an individual who must bear the responsibility for ensuring all the third party vendors enter into a business associate agreement under HIPAA (health Insurance Portability and accountability Act) and all these must be followed for two years under the settlement.OCR Director Roger Severino said that Its basic sense that left employees connection must be discarded from their termination. Under HIPAA, covered entities must secure their business with all vendors.
Identity access management must be imbibed with identity access management to determine access to data is with whom and other employee stuff.Severino has reiterated that HIPAA will surge at OCR and this isn’t the 1st but 2nd OCR settlement related to the devoid of business associate agreement.
Suspicion over a reputed state actor for breaching the computer network of the Australian parliament has been making the hot news, says the country’s prime minister to law makers. Australian Prime Minister Scott Morrison said that our security agencies have spotted this issue and are striving towards securing these systems as well as in protecting users. A federal election is awaiting for Australia within 3 months. With regards to this, the Australian Prime Minister said that Government technical veterans are willing to provide cybersecurity support to any political party, if needed. Morrison didn’t reveal the culprit, stating disinterest to say in a public forum. The Sydney morning Herald newspaper reported that intrusions carry the Chinese digital fingerprints. However, Chinese foreign ministry disapproved of these citing as “baseless speculations”. However, an anonymous man named as Eialhi Priest has been making unapproved claims on social media platforms with a smirk that, he is the actual culprit. CyberScoop were unable to validate Eliahi’s words and are waiting to receive official response from Australian authorities.
Southern Californian school districts and Los Angeles International Airport have faced cyber attacks (DDoS) and dreadful physical violence by two men (an American and a British), reports he U.S prosecutors on Tuesday. The perpetrators were identified as George Duke Cohan, a 19 year old British whom taunted the Switzerland based email providers on Twitter. Another one is a 20 year old North Carolina guy named Timothy Dalton Vaughn, who is accused of launching DDoS attack on a Californian motorsport company and persuading for bitcoin to terminate the attack. The threats made by these two men even panicked the Mayor of London. Vaughn and Duke-Cohan also jointly worked over a week for initialising DDOS attack on ProtonMail, an encrypted email service.
The New York nonprofit insurer inadvertently revealed the Medicare beneficiary identifications numbers of about 81,000 customers in 2016; 6,000 were New Jersey residents.
Gurbir Grewal- New Jersey attorney general fined health insurance vendor EmblemHealth a fine of $100,000 for its breach on health data’s on more than 6,000 New Jersey residents
during 2016. In October 2016, a letter was sent by the vendor to customers with their Medicare beneficiary identification numbers composed of 9 digits social security numbers was termed as “Package ID”.The investigation figured out that EmblemHealth was at mistake, as the employee who took care of the Evidence of Coverage mailings left the organization without excluding the patient’s HICNs, and was replaced by another folk with minimum experience in that department.Whenever highly sensitive personal information are asked by companies to consumers like social security numbers, the information will be stored securely and used discretely, says Paul Rodriguez- Acting Director of New Jersey’s Division of Consumer Affairs, in a statement.“Sensitive personal information have to be prevented from getting disclosed and health insurers must be entrusted in it”, says Grewal in a statement. .A whopping sum of $575,000 was settled already by EmblemHealth with new York in March 2018. The fine reflects the quantity of New York residents impacted.This is just the second settlement between New Jersey and a Healthcare vendor in this month. The first was Attorney General settled with the vendor due to the cause of 2016 Virtua health patient data breach on November 2nd by a extravagant sum of $200,000.
A unique malware variant was used a hacking group for the past 3 years to spy on “foreign diplomatic entities” functioning in Iran, expanding its heritage as an espionage group whom were the ones to initially zero down the telecoms entirely on Middle East. The Chafer cyber espionage group deployed a malware known as Remexi to extract user credentials, record keystrokes, browser history and secretly take screenshots on targeted machines through the end of 2018, reports Kaspersky research published on Wednesday. Few hints are acknowledged about the operation, comprising solid evidences on how the malware proliferates. However, Kaspersky’s latest research develops on earlier Symantec findings which determined that Chafer attacked telecommunication companies, an airline in the Middle East and at least one business in the U.S. The group now appears to be targeting Windows machines located inside Iran, Kaspersky said this week. Chafer was first spotted by Symantec in 2015. Since then, hacking tools like EternalBlue pilfered from National Security Agency were used by Chafer whom have also used EternalBlue to target its own campaigns
A cyberattack on IT Lighthouse, an EMR hosting vendor, breached the data of Redwood Eye Center patients, prompting the eye specialist to switch vendors.
16,055 patients records comprising of names, health insurance information, medical treatment details and many more have been notified to the California Attorney General of a potential breach by California based Redwood Eye Center on Dec 7th, 2018. The type of breach is identified as ransomware that was caused on 20th Sept at IT Lighthouse. Redwood hired a 3rd party vendor, a digital forensic consultant and a software specialist to inspect the case and since then, Redwood has amended its medical records hosting vendor and has improvised its security program. However there have indications of large breaches reported to have occurred in the past few months on places like the Center for Vitreo-Retinal Diseases on Illinois with 20,000 breached patient records, Thundersmit Health center being hit last week with a horrendous virus and the previous week, two Ohio hospitals experienced a security breach. As a saving grace factor, the emergency care patients were sent to the adjacent hospitals. All these disastrous incidents indicate the disturbing fact that Ransomware and other such attacks are still on the rise.