AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/15/2024

Romanian hospital ransomware crisis attributed to third-party breach

The Romanian national cybersecurity agency (DNSC) has pinned the outbreak of ransomware cases across the country’s hospitals to an incident at a service provider. It said an unnamed service provider reported an issue prior to the flood of hospitals alerting the agency to the attacks. The service provider operates the Hipocrate Information System (HIS) – a multipurpose healthcare management platform used by hospitals across the country. All hospitals caught up in the ransomware scourge are thought to have been breached via the HIS.


Backdoors that let cops decrypt messages violate human rights, EU court says

The European Court of Human Rights (ECHR) has ruled that weakening end-to-end encryption disproportionately risks undermining human rights. The international court’s decision could potentially disrupt the European Commission’s proposed plans to require email and messaging service providers to create backdoors that would allow law enforcement to easily decrypt users’ messages. This ruling came after Russia’s intelligence agency, the Federal Security Service (FSS), began requiring Telegram to share users’ encrypted messages to deter “terrorism-related activities” in 2017, ECHR’s ruling said. A Russian Telegram user alleged that FSS’s requirement violated his rights to a private life and private communications, as well as all Telegram users’ rights.


U.S. Internet Leaked Years of Internal, Customer Emails

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser. Headquartered in Minnetonka, Minn., U.S. Internet is a regional ISP that provides fiber and wireless Internet service. The ISP’s Securence division bills itself “a leading provider of email filtering and management software that includes email protection and security services for small business, enterprise, educational and government institutions worldwide.”


Over 800 Phony “Temu” Domains Lure Shoppers into Credential Theft

Temu is the latest brand chosen by scammers for their phishing scams. Checkpoint’s Harmony Email’s cybersecurity researcher Jeremy Fuchs, has noted that hackers are using Temu’s giveaway rewards to entice users to give away their credentials, with over 800 new domains registered as “Temu” in the last three months. For your information, Temu is an international e-commerce store having 40% of its user base in the USA. It offers discounted goods shipped directly to consumers. Temu was launched in 2022 and is available in 48 countries, including Europe, the Middle East, Southeast Asia, and Australia.


Microsoft, OpenAI Confirm Nation-States are Weaponizing Generative AI in Cyber-Attacks

Nation-state threat actors are making use of generative AI tools, including large language models (LLMs) like ChatGPT, in their cyber operations, new research by Microsoft and OpenAI has confirmed. Threat groups from Russia, China, North Korea and Iran are leveraging generative AI to support campaigns rather than using these tools to develop novel attack or abuse techniques. Attackers are “probing” AI’s current capabilities and security controls, with Microsoft and OpenAI stating they will continue to monitor how threat actors’ use of these tools evolves.

Related Posts