It has been reported that three US hospitals have been forced to temporarily close their doors to “all but the most critical new patients” following a ransomware outbreak. This incident was first reported on 1 October with computers at the DCH Regional Medical Center in Tuscaloosa, Fayette Medical Center and Northport Medical Center all infected with ransomware “A criminal is limiting our ability to use our computer systems in exchange for an as-yet-unknown payment,” said DCH Health System. https://twitter.com/minamaya13/status/1179344115194122245 Offering insight and advice on this story are the following cybersecurity professionals:
ISBuzz Team
Customer identity is a precious asset and a highly prized commodity. As the financial services industry has become more digitised down the years, customers’ digital identity decides what they can do and what online services they have access to. This has been revolutionary for the customer experience. So long as the service provider is happy that customers are who they claim to be, they can access their account, make a transaction or take out a loan anywhere and at any time they want. Indeed, the speed and ease of this process has become a point of competition, with organisations vying…
It has been reported that a team of security researchers found they could tap into Webex and Zoom video meetings because many weren’t protected with a code. Researchers programmed a bot to cycle through lists of valid meeting IDs and get access to active conference calls. The vulnerability works because many companies and users don’t protect their meetings with a password, either for convenience or they had not checked their default settings, coupled with a limited pool of meeting IDs. By targeting the platforms’ APIs, they were able to automate the process.
Google has announced it is expanding new privacy and security features for Youtube, Maps and its Assistant. The new features allow users to use incognito mode in more properties, monitor saved passwords for compromises and manages how consumer data is used on YouTube.
According to this article, hackers responsible for cracking the Australian National University’s network focused on student information and were so sophisticated that experienced security experts were shocked. ANU vice-chancellor Brian Schmidt has described it as a “diamond heist”.
Earlier this week, (ISC)² – the world’s largest non-profit association of certified cybersecurity professionals – released the findings from its Cybersecurity Assessments in Mergers and Acquisitions report, which surveyed 250 U.S.-based professionals with mergers and acquisitions (M&A) expertise. The goal of the study was to discover how cybersecurity programs and breach history factor into the dollars and cents valuation of companies during a potential purchase. 96% of respondents indicated that cybersecurity readiness factors into the calculation when they are assessing the overall monetary value of a potential acquisition target. It has been reported that survey respondents unanimously agreed that cybersecurity audits are not only commonplace,…
A former Yahoo engineer has confessed to breaking into as many as 6,000 email accounts belonging to Yahoo users. Once he had access to an email inbox, he scoured other online accounts belonging to his victims — who were primarily young women — for private photos and videos The photos and videos were gathered from other sites like Facebook, Gmail, iCloud, and Dropbox. Ruiz stored copies on a home computer He attempted to cover his tracks by destroying the computer and hard drive on which the stolen files had been stored The story has been covered here: https://www.bbc.co.uk/news/technology-49892760 https://www.forbes.com/sites/leemathews/2019/10/01/ex-yahoo-staffer-hacked-thousands-of-accounts-to-steal-womens-private-photos-and-videos/?ss=cybersecurity#3be6de053f11
The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks. The proposed law, the “DHS Cyber Hunt and Incident Response Teams Act,” authorizes the Department of Homeland Security (DHS) to invest in and develop “incident response teams” to help organizations battle ransomware attacks. Part of that means that the DHS would create teams to protect state and local entities from cyber threats and restore infrastructure that has been affected by ransomware attacks.
Many cybersecurity professionals mistakenly believe virtual desktop infrastructure (VDI) is an effective way to combat cybercriminals, or at minimum slow them down. Conventional wisdom says that by separating desktop images from the desktop itself – requiring users to have permission to access server-hosted desktop images from thin or thick clients – you’re erecting a barrier that keeps sensitive corporation information safe. But the truth is, that barrier is flimsy, at best. It all comes down to this: VDI doesn’t isolate the remote sensitive resources from the devices used to access them. If hackers control the end-user’s device, they control the…
Arkose Labs · Over half of all logins (53%) on social media sites are fraudulent and 25% of all new account applications on social media are fraud (source: Arkose Labs Q3 Fraud and Abuse Report) · More than 75% of attacks on social media are automated bot attacks. Unlike other industries, account takeover attacks are more common for social media, with logins twice as likely to be attacked than account registrations. This is driven by the fraudsters looking to harvest rich personal data from the accounts of legitimate users. (source: Arkose Labs Q3 Fraud and Abuse Report) · One in 10 transactions are attacks, ranging…