Russian Hackers Hold Nursing Home Patients’ Data Ransom for $14M

December 9th, 2019

There is a reason hackers have started targeting hospitals and medical practices.  Not only is their cyber security known to be woefully lacking (despite the best efforts of the U.S. Department of Health and Human Services [HHS] and HIPAA regulations), but the electric Patient Health Information (ePHI) can literally be life and death.  Meaning?  The […]

Cyborg Ransomware Delivers Via Fake ‘Windows Update’ Email

December 9th, 2019

Researchers at Trustwave recently discovered a malicious spam campaign.  The email comes as an executable file via email with a tell-tale two sentence subject line that reads “Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!” There is only one sentence to the actual email itself. Disguised as a .jpg, the file really contains […]

Looting Adds Insult to Injury for Durham Clinic

November 19th, 2019

Looters broke into a Durham health clinic sometime after the downtown gas explosion on April 10th that affected over 20 businesses, injured 25 people, and caused the death of two people. The subsequent theft of clinic property has prompted the clinic to notify patients that their information, including diagnoses and treatment information may have been […]

PureBasic-based Ransomware Discovered

November 14th, 2019

PureLocker, an unusual form of ransomware that attacks enterprise servers, has gone undetected for some time but has recently been revealed by cybersecurity analysts at Intezer and IBM X-Force.  What makes PureLocker so unique is that it’s written in PureBasic programming language.  Malicious software written in PureBasic is difficult for most security systems to detect.  […]

HIPAA Violations Top $100 Billion

November 13th, 2019

HIPAA Violations have been making headlines recently, and for good reason. Fines for violations can be crippling to companies, and the more mobile our data becomes, the greater the risk for security breech. According to the Health and Human Services website, as of September 30, 2019 the OCR has settled or imposed a civil money […]

“Project Nightingale” Raises Data Security Concerns

November 13th, 2019

Ascension is sharing private healthcare information with Google.  The project, dubbed “Project Nightingale,” was put into play to help Ascension centralize its patient database for the over 2600 hospitals in its healthcare system.  Patient information, including names, test results, and dates of birth are also being collected by Google to help develop a new software […]

Social Media Ad Spend Rising to Third Largest Advertising Channel

November 13th, 2019

Global social media ad spending is projected to grow by as much as 20% this year, bringing it up to the number three slot of largest advertising channels according to Zenith’s Advertizing Expenditure Forecast. Zenith is a media ad agency parented by Publicis Media. $84 billion is slated for global social media spending, exceeding print […]

Encryption Breaking Malware “Reductor” Threatens Windows Users

October 8th, 2019

Researchers at Kaspersky have uncovered a new highly sophisticated, high impact malware threat that breaks encryption:  Reductor.  According to the researchers, the malware “compromises encrypted web communications in an impressive way” and gives the threat actors behind it “capabilities that few other actors in the world have.” Reductor compromises the encrypted HTTPS communication, which enables […]

FBI Releases Malware Threat Warning

October 5th, 2019

The Federal Bureau of Investigation (FBI) released a warning to U.S. businesses and organizations Wednesday regarding high-impact threats across the country.  Numerous cyberattacks have been documented recently involving ransomware.  Despite the ever-evolving attack strategies, the FBI highlights three main attack techniques that are being used by criminals to avoid detection and infiltrate businesses and organizations: […]

Autumn Aperture: Don’t Enable Macros

October 5th, 2019

According to Danny Adamitis and Elizabeth Wharton from Prevailion, spear phishing emails have been targeting the U.S. utilizing an obscure file format to beat antiviral software.  They call this campaign “Autumn Aperture”.  Attackers are sending word documents to recipients with content specialized to the victim’s recent activities.  This level of specialization results in a significantly […]

Malware Attack Closes Alabama Hospitals

October 2nd, 2019

Not one but THREE hospitals in the DCH Health System in Alabama are unable to accept new patients today due to ransomware: DCH Regional Medical Center in Tuscaloosa, Northport Medical Center in Northport, and Fayette Medical Center.  Cybercriminals have demanded an undisclosed amount of money for the unlock code. “A criminal is limiting our ability […]

‘Checkm8’: A Permanent Bootrom Vulnerability

September 30th, 2019

A security researcher who goes by the Twitter handle “axi0mX” announced on Friday that there is a permanent Bootrom vulnerability “checkm8” in Apple iOS.  The flaw enables bypassing the security protections present in most Apple mobile devices.  Downside: cannot be patched.  Upside: physical access is needed  to exploit it and a system restart erases any […]

Airbus Victim of Multiple Attacks

September 30th, 2019

Airbus, a European aerospace company, had found itself the victim of several possible Chinese hacker attacks searching for proprietary data and insider secrets. According to sources, AFP spoke to seven security and industry sources, all of whom confirmed a spate of attacks in the past 12 months but asked for anonymity because of the sensitive nature […]

NOT Your Prince Charming: Old Scam Makes Updated Revival

September 30th, 2019

“Advance fee” or “419” scams have been around for years.  The scam works via an attempt to contact the victim so they can be gifted an exuberant amount of funds left unclaimed by a deceased individual who has the same last name as the victim or is their long-lost relative.  Or in the case of […]

Snowden & Publisher Sued for Book Proceeds

September 18th, 2019

The Justice Department is suing Edward Snowden and his publisher MacMillan and Holtzbrinck. Snowden, a former contractor for the CIA and NSA government agencies, released his book Permanent Record today.  The Justice Department says that Snowden failed to “clear” the book with them, and they are now attempting to recover “all proceeds earned by Snowden […]

Microsoft Security Patch Released 9/10/19

September 11th, 2019

Microsoft issued security updates yesterday to plug roughly 80 security issues holes in its Windows operating systems and software. Over 25% of those updates are critical.  This is the fourth time this year that Microsoft has had to fix bugs in its Remote Desktop Feature. Two of the bugs resolved in this month’s patch batch […]

Over 400 Million Facebook Users’ Phone Numbers Found Online

September 11th, 2019

A server without password protection gave anyone access to more than 419 million Facebook users’ private information globally.   Each accessible record contained a user’s Facebook ID, phone number, and location.  Some even had the user’s name. This latest in a long string of incidents for Facebook exposed millions of users to significant risk to spam […]

Chrome Security Fix

September 4th, 2019

Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW.  Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786. Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader.  The […]

Google Researchers Warn iPhone Users to Keep Security Up

September 3rd, 2019

  Google researchers released a report earlier today that warns your iPhone can be hacked just by visiting one innocent-looking website. A previous iPhone hacking campaign discovered by Google’s ProjectZero had identified at least five unique iPhone exploit chains that were capable of remotely jailbreaking an iPhone and loading spyware on it. Those exploit chains were […]

Cyber-Insurance Companies: Are They Fueling Ransomware Frequency Spikes?

September 3rd, 2019

ProPublica says cyber-insurance companies are making the push to pay ransom demands because it saves them money in the long run.  A $500,000 payout makes better financial sense than  a recovery campaign that could cost millions.  The recent even in Lake City, Florida is a good example.  Ransomware attacks were covered under the city’s cyber-insurance […]