AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/22/2023

Cybersecurity firm executive pleads guilty to hacking hospitals

The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company’s business. Vikas Singla, who worked for Securolytics, a network security company that provided services to the healthcare industry, pleaded guilty to hacking into the systems of GMC Northside Hospital hospitals in Duluth and Lawrenceville, as prosecutors said in a June 2021 indictment. During his attack on September 27, 2018, he disrupted the health provider’s phone and network printer services, and he stole the personal information of more than 200 patients from a Hologic R2 Digitizer digitizing device connected to a mammogram machine on GMC’s Lawrenceville hospital.

 

UK regulator demands websites let users ‘Reject All’ cookies

Britain’s data protection regulator has warned some of the country’s most visited websites that they risk being fined unless they stop coercing visitors into accepting advertising cookies. The Information Commissioner’s Office (ICO) announced on Tuesday that the top websites in the United Kingdom had 30 days to comply with the country’s privacy laws or they would “face the consequences.” The issue is how these websites allow people to opt-out of advertising cookies, with the ICO saying they had a legal duty to make it as easy to “Reject All” advertising cookies as to “Accept All.”

 

Lookout Alerts U.S. Employees and Businesses of Significant Phishing Threat This Week

This week, Lookout, Inc., is warning employees and businesses that phishing attacks across enterprise and personal devices are expected to more than double this week, based on historical data. With more corporate data residing in the cloud today and an increased number of employees working remotely, mobile has become the endpoint of choice for the modern workforce. However, since these devices have traditionally been neglected as part of a company’s overall security strategy, they have also become the most susceptible target for external hackers to gain access to corporate cloud infrastructure through social engineering and credential theft.

 

Nothing’s iMessage app was a security catastrophe, taken down in 24 hours

It turns out companies that stonewall the media’s security questions actually aren’t good at security. Last Tuesday, Nothing Chats—a chat app from Android manufacturer “Nothing” and upstart app company Sunbird—brazenly claimed to be able to hack into Apple’s iMessage protocol and give Android users blue bubbles. We immediately flagged Sunbird as a company that had been making empty promises for almost a year and seemed negligent about security. The app launched Friday anyway and was immediately ripped to shreds by the Internet for many security issues. It didn’t last 24 hours; Nothing pulled the app from the Play Store Saturday morning. The Sunbird app, which Nothing Chat is just a reskin of, has also been put “on pause.”

 

Microsoft’s bug bounty turns 10. Are these kinds of rewards making code more secure?

Microsoft’s bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond. While these days, the vulnerability disclosure and reward program seems like a no-brainer for a huge software concern, ten years ago “the bug bounty initiative was not free from internal resistance,” recalled Aanchal Gupta, Microsoft corporate VP and deputy CISO.

 

USB worm unleashed by Russian state hackers spreads worldwide

A group of Russian-state hackers known for almost exclusively targeting Ukranian entities has branched out in recent months either accidentally or purposely by allowing USB-based espionage malware to infect a variety of organizations in other countries. The group—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn’t care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible.

Related Posts