Author: Josh Breaker-rolfe

A new study by Trellix and the Center for Strategic and International Studies (CSIS) has revealed that 86% of organisations believe they have fallen victim to a nation-state cyberattack.

The research surveyed 800 IT decision-makers in Australia, France, Germany, India, Japan, the UK and US.

It has also been revealed that 92% of respondents have faced, or suspect they have faced, a nation-state backed cyber attack in the past 18 months, or anticipate one in the future.

Russia and China were identified as the most likely suspects behind said attacks. 39% of organisations that believe they have been hit with a nation-state cyber attack believe Russia were the perpetrators.

 

The post 86% of organisations believe they have suffered a nation-state cyberattack appeared first on IT Security Guru.

A new bill with bipartisan support has been proposed by US lawmakers, with the intention of enhancing the cybersecurity of America’s healthcare and public health (HPH) sector.

The Healthcare Cybersecurity Act (S.3904) was proposed by US senators Jacky Rosen and Bill Cassidy on Thursday. The proposal is likely a reaction to the White House warning over the increased risk of cyberattacks hitting the US amidst the Russian invasion of Ukraine.

“Health centres save lives and hold a lot of sensitive, personal information, making them a prime target for cyber-attacks,” said Cassidy, “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

One of the act’s key goals is to improve collaboration between the US Department of Health and Human Services (HHS) and the US Cybersecurity and Infrastructure Security Agency (CISA).

The legislation would require CISA to complete a detailed study on cybersecurity risk facing the HPH sector, working with the HHS on a range of cybersecurity measures.

The post US proposes healthcare cybersecurity bill appeared first on IT Security Guru.

The new Trans-Atlantic Data Privacy Framework, announced over the weekend by the EU and the US, signals incoming clarification as to what data flows are allowed.

The announcement comes after a European court struck down the EU-US Privacy Shield one and a half years ago.

The Privacy Shield agreement, which set the terms for transatlantic transfers of personal data, was shut down by the European Court of Justice as US laws were found to not offer enough data protection safeguards to meet European standards. This led to legal uncertainty regarding what data flows are allowed.

This uncertainty has recently let to European regulators issuing orders against flows of personal data that passed through products such as Google Analytics.

 

The post EU and US confirm transatlantic data flow appeared first on IT Security Guru.

A third-party vendor of American Major League Baseball has been hit with a cyber-attack, resulting in the personal information of players and their family members being stolen.

Horizon Actuarial Services LLC, a consulting firm based in Maryland, suffered a ransomware attack in November of last year.

The company recently released a data incident notice, revealing that data in its Local 295 IBT Employer Group Welfare Fund and its Major League Baseball Players Benefit Plan had been breached and looted by cyber-criminals.

Horizon has reported that the breached affected 38,418 individuals. A separate report revealed that 13,156 individuals included in the Major League Baseball Players Benefit Plan were affected.

 

The post Major League Baseball players’ personal data stolen appeared first on IT Security Guru.

A new study from Cisco has found that a tenth of UK employees actively circumvent their organisation’s security measures.

The network technology company polled over 1000 UK professionals working for organisations that allow hybrid working, in order to better understand the potential security risks of the modern, flexible workplace.

The research has revealed that many hybrid workers do not see cybersecurity responsibility, with many actively finding workarounds or engaging in risky behaviours such as password reuse.

19% of employees said they reuse passwords for multiple accounts and applications, with only 15% using password managers.

The problem seems to stem from user friction in existing security measures. Only 44% of survey participants said they found it easy to securely access their IT equipment.

A majority said they would be willing to use biometric authentication, a reflection of how enterprise security is still catching up to consumer functionality.

 

The post One tenth of UK staff bypass corporate security appeared first on IT Security Guru.

City of London police have arrested seven individuals between the ages of 16-21 in connection with the Lapsus$ ransom attacks, according to the BBC.

All of those arrested have been released under investigation.

At this time, it is unclear whether the 16 year old alleged ringleader, operating out of his Mother’s house, is among these.

It has been revealed, however, that this individual has autism and attends a special education school in Oxford.

After falling out with his colleagues, the boy was doxxed, revealing both his personal details and the $14m in Bitcoin he had accumulated from the attacks.

Researchers traced him relatively easily after he made some crucial opsec errors.

 

The post Teens arrested amidst Lapsus$ crackdown appeared first on IT Security Guru.

Multiple researchers disclosed a vulnerability this week that would allow nearby attackers to unlock and even start some Honda and Acura cars.

To carry out the attack, threat actors would capture the R signals sent from a key fob to a car, then resending these signals to unlock the car and even start the engine from a short distance. 

According to researchers, the vulnerability is largely unfixed, especially in more outdated models.

Honda owners, however, may be able to protect themselves from this attack.

Researchers suggest that the vulnerability, tracked as CVE-2022-27254, can be mitigated somewhat by storing the car’s key fob in a signal-blocking “Faraday pouch”. This method will not, however, protect against attackers eavesdropping on signals when the fob is in use.

 

 

 

The post Honda bug allows hackers to unlock and start your car appeared first on IT Security Guru.

Ransomware payments reached all-time highs last year, with related data leaks and ransom demands also surging, according to Palo Alto Networks.

The stats were compiled from cases worked on by the security vendor’s Unit 42 security consulting business.

The 2022 Unit 42 Ransomware Threat Report published by Palo Alto Networks today claimed the average ransomware payment reached a record $541,010 in 2021, rising 78% year-on-year. Average ransom demands also rose by 144%, reaching an astronomical $2.2m.

Its 2022 Unit 42 Ransomware Threat Report published today claimed the average ransomware payment rose 78% year-on-year in 2021 to reach a record $541,010. Average ransom demands soared by 144% to reach $2.2m.

The report revealed that the Conti group was responsible for the majority of the cases Unit 42 worked on last year, making up about one fifth of the total.

 

The post Ransomware payments peaked in 2021 appeared first on IT Security Guru.

Cybersecurity researchers investigating the ultra-prolific LAPSUS$ group have traced the attacks to a 16 year old living at his mother’s house near Oxford, England.

In a shocking turn of events, the four researchers investigating the attacks have said they believe the teenager is the mastermind behind the operation.

LAPSUS$ has gained significant notoriety in the past month as they have hacked several organisations, including tech giants Samsung, Microsoft, NVIDIA and Okta.

The 16 year old has not been named both because he is a minor, and he is yet to be officially accused of wrongdoing by law enforcement.

We do know, however, that he goes by the alias “White” and “breachbase” online.

 

The post Researchers trace LAPSUS$ hacks to English teenager appeared first on IT Security Guru.

A medical Q&A service provider is facing criticism about its security processes after a cloud misconfiguration appeared to leak sensitive images of thousands of patients.

A team at Safety Detectives reportedly discovered the Amazon S3 bucket, before tracing it to a Japanese firm called Doctors Me. There was reportedly no authentication controls in place, leaving the bucket wide open.

Doctors Me offers a service enabling users to upload images of medical conditions to receive anonymous, online diagnoses from clinicians.

The cloud storage misconfiguration exposed 300,000 files to the mercy of potential threat actors.

The 30GB of leaked data included over 12,000 unique images, including sensitive photos of children and infants.

Researchers at Safety Detectives have made a statement on the incident:

“Criminals could potentially identify Doctors Me customers and any other dependents who have their face or unique identifiable characteristics (i.e. unique tattoos) pictured on the bucket. Hackers could also identify users if one of their medical pictures was uploaded to multiple other platforms,” it said.

The post 12,000 sensitive patient images leaked appeared first on IT Security Guru.