Author: Josh Breaker-rolfe

A programming issue at the Texas Department of Insurance (TDI) exposed the personal information of nearly two million Texans for nearly three years.

The department revealed that information such as Social Security numbers, addresses, dates of birth and phone numbers was made publicly available from March 2019 to January 2022.

The information belongs to 1.8 million Texan workers who have filed compensation claims.

The TDI issued a public notice on March 24, saying that it became aware of a security issue with a TDI web application that manages workers’ compensation information on January 4 2022. The issue allowed anyone with an internet connection access to a protected part of the application.

 

The post Two million Texans have their details exposed appeared first on IT Security Guru.

US authorities have warned that the Democratic People’s Republic of Korea (DPRK) is sending IT workers to get freelance jobs at companies worldwide, with the goal of obtaining privileged access that could be used to open the door for cyber intrusions.

Thousands of “highly skilled IT workers” have been directed or forced to target freelance jobs at organisations in wealthier nations by the North Korean state.

It’s believed that said workers use a variety of methods to conceal their nationality in order to sidestep US and UN sanctions.

The post North Korean devs go undercover to aid DPRK hackers appeared first on IT Security Guru.

Omnicell, a US based multinational healthcare company, has confirmed it suffered a data breach in the a wake of a suspected ransomware attack.

The company disclosed the ransomware attack on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission (SEC).

In the filing, Omnicell stated: “Our IT systems and third-party cloud services are potentially vulnerable to cyber-attacks, including ransomware, or other data security incidents, by employees or others, which may expose sensitive data to unauthorized persons. On May 4, 2022, we determined that certain of our information technology systems were affected by ransomware impacting certain internal systems.”

Expanding on the possible impacts of the breach Omnicell said: “Data security incidents could lead to the loss of trade secrets or other intellectual property, or to the public exposure of sensitive and confidential information of our employees, customers, suppliers and others.”

 

The post Omnicell healthcare company hit by ransomware appeared first on IT Security Guru.

The European Parliament announced a “provisional agreement” with the aim of bolstering cybersecurity and resilience of both public and private sector entities in the European Union.

It’s expected that the revised directive, dubbed “NIS2” (short for network and information systems), will take the place of pre-existing legislation originally established in 2016.

The revision puts in place ground rules that require companies in energy, transport, financial markets, health, and digital infrastructure sectors to abide by management measures and reporting obligations.

The new legislation includes provisions such as flagging cybersecurity incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks. Failure to adhere to these rules will result in fines.

The post EU announces provisional cybersecurity directive appeared first on IT Security Guru.

Rodrigo Chaves, President of Costa Rica, has declared a national emergency following a series of cyberattacks on government bodies.

According to BleepingComputer, Conti has published the majority of the 672 GB of data appearing to belong to Costa Rican government agencies.

Chaves signed the declaration into law on Sunday, May 8th, the same day that the former Minister of Finance effectively became the nation’s 49th and current president.

Conti ransomware had claimed the attacks on the country last month.

The country’s public health agency Costa Rican Social Security Fund (CCSS) had earlier stated that “a perimeter security review is being carried out on the Conti Ransomware, to verify and prevent possible attacks at the CCSS level.”

The post Cyber attacks cause national emergency in Costa Rica appeared first on IT Security Guru.

New research from the email security firm Inky has revealed that more than 1000 emails were sent from NHS inboxes over a six month period.

The firm has claimed that the campaign, beginning October 2021, escalated “dramatically” in March of this year.

After the findings were reported to the NHS on April 13, Inky reported that the volume of attacks fell significantly to just a “few”.

“The majority were fake new document notifications with malicious links to credential harvesting sites that targeted Microsoft credentials. All emails also had the NHS email footer at the bottom,” Inky explained.

The post 1000s of phishing emails sent from NHS inboxes appeared first on IT Security Guru.

The National Cyber Security Centre (NCSC), working alongside the Institute of Engineering and Technology (IET) and the UK’s Centre for the Protection of National Infrastructure (CPNI), has developed new document providing best practices for those involved in the design, management, operation and security of building-related systems.

The Code of Practice: Cyber Security in the Built Environment focuses on the security principles stakeholders should apply to a range of technologies in the built environment.

“A building being designed today is, as you can expect, lightyears away from one designed only a few decades ago, and even more so from those designed and built in previous centuries that still stand in our towns and cities,” explained NCSC CTO for economy and society, Rich M.

 

The post NCSC updates build environment best practices appeared first on IT Security Guru.

The Securities and Exchange Commission (SEC) has made serious improvements to its in-house cryptocurrency and cybersecurity skills.

The move comes as an attempt to improve investor confidence and enhance the transparency of listed companies.

20 additional positions have been added to the regulator’s newly renamed Crypto Assets and Cyber Unit. Previously known as the Cyber Unit, the function sits in the Division of Enforcement, growing to 50 dedicated positions.

While the SEC touted the previous successes of the unit, claiming it had brought about over 80 enforcement actions related to fraudulent and unregistered crypto assets since 2017, the regulator recognised the growing threat the investors from scams involving NFTs, decentralised finance platforms, crypto assets and exchanges and stable coins.

The post SEC bolsters cyber and crypto assets team appeared first on IT Security Guru.

Spyware has been found on the mobile phones of Pedro Sánchez, prime minister of Spain, and Margarita Robles, the country’s minister of defence.

The Spanish government revealed in a press conference given Monday morning that the phones had been infected withy Pegasus spyware, extracting data from both devices.

Félix Bolaños, the minister for the presidency, said that the PM’s phone was targeted in May and June 2021, while Robles’s was illegally monitored in June 2021.

Bolaños has not named a culprit, but has said that the attack was most likely “carried out by non-official bodies and without state authorization,” as Spanish ;aw requires for monitoring activity to have judicial authorisation.

The matter is now being investigated by the Audiencia Nacional, Spain’s top criminal court.

 

The post Spyware discovered on Spanish PM’s phone appeared first on IT Security Guru.

Authorities in the United States have offered a $10m reward for anyone that can help locate or identify six members of a state-sponsored Russian hacking group responsible for NotPetya.

The call for information was issued by the Department of State’s Rewards for Justice (RFJ).

The six officers of the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) – Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko and Petr Nikolayevich Pliskin – have allegedly worked for GRU Unit 74455, also known as Sandworm.

“These individuals were members of the criminal conspiracy responsible for the June 27 2017, destructive malware infection of computers in the United States and worldwide using malware known as NotPetya,” the State Department notice read.

The post US pledges $10m for Sandworm information appeared first on IT Security Guru.