Wednesday, April 2, 2025

Legacy Medical Devices Remain Easy Targets for Cyber Threats

 

Do you think that your health data secure?


Most of the people don't really think about this question. But imagine, what would you do if your health data ended up on the internet one day? Once it's exposed, you can't undo it. That's scary and disturbing, isn't it?


Anyone who worked with medical systems knows that it is quite difficult to patch the vulnerabilities on these systems. Main reasons are: 1) Many of the systems run on outdated software that no longer supports new patches. 2) Updates are too risky because they can interrupt care or cause devices to fail during use. So, many of these devices stay unpatched and highly vulnerable to cyber attacks.


Researchers from Claroty's Team82 analyzed over 2.25 million Internet of Medical Things (IoMT) devices and more than 647,000 operational technology (OT) devices across 351 healthcare organizations. They found that 99% of these organizations had vulnerabilities with publicly available exploits, as listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. (Yes, 99%. We can say (almost) "all of them")


You can find the report in the following link:

https://bit.ly/4j1es7d


https://bit.ly/3FOYOgp


Headlines:

"...the firm was able to analyze the security state of more than 2.25 million IoMT devices and more than 647,000 OT devices across 351 healthcare organizations – and found that 99% of the organizations are vulnerable to publicly available exploits..."


Monday, March 24, 2025

Are We Ready for Post Quantum Cryptography (PQR)?

Is your organization prepared for the quantum computing era and the shift to Post-Quantum Cryptography (PQC)?

Well... What does this question mean?


Post-Quantum Cryptography (PQC) refers to cryptographic algorithms that are designed to be secure against attacks from quantum computers. Quantum computers have the potential to break widely used encryption methods (like RSA and ECC).


Our digital world heavily relies on RSA system. RSA (Rivest-Shamir-Adleman) is a widely used public-key cryptosystem that relies on the mathematical problem of factoring large prime numbers. The algorithm involves two keys: a public key, used for encryption, and a private key, used for decryption. However, the rise of quantum computers threatens this system.


Recognizing the urgency, the UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035.


https://bit.ly/4kXiZsO


Headlines:

"'Quantum computing is set to revolutionize technology, but it also poses significant risks to current encryption methods,' stated NCSC's CTO, Ollie Whitehouse."


"As quantum technology advances, upgrading our collective security is not just important – it's essential."


"The NCSC recommends adopting NIST-approved PQC algorithms for migration, which were standardized by the U.S. organization last year, and are expected to become the foundation for post-quantum security globally."


"The United States has established a similar timeline for migrating to PQC through the National Security Memorandum 10 (NSM-10), which also sets 2035 as the target year for completing the transition across federal systems."


Monday, March 17, 2025

SideWinder APT Targets Critical Infrastructures

An advanced persistent threat (APT) group known as SideWinder (allegedly Indian origin) is targeting critical infrastructure sectors within Asia, the Middle East, and Africa, with a focus on maritime, nuclear, and logistics operations.

SideWinder is demonstrating increased sophistication in its cyberattacks, enhancing its tools and techniques to evade security software and maintain persistent access to compromised networks. The group utilizes spear-phishing campaigns, delivering malicious documents that exploit the CVE-2017-11882 Microsoft Office vulnerability to deploy the StealerBot malware, a modular toolkit designed for stealing sensitive information.


Headlines:

"The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy infrastructure in South Asia and Africa, as well as telecommunication, consulting, IT service companies, real estate agencies, and hotels.


"'They are constantly monitoring detections of their toolset by security solutions,' Kaspersky said. 'Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours.'"



Monday, February 17, 2025

Arizona Woman Running a Laptop Farm for North Korean IT Workers

 

Going digital is changing -almost- everything, and that's mostly a good thing. But it also means that it brings new dangers to our lives. One area we really need to look at is how we hire people. The old ways of doing things might not be safe anymore in this digital world. We have to think about these new risks and find ways to protect ourselves. Otherwise, we're going to keep seeing stories like the one about the woman in Arizona. She set up a whole system to create fake online workers, a "laptop farm" as they called it. She made a ton of money, over $17 million, by pretending these fake workers were real people working in the US. And, unbelievably, some of that money ended up going to North Korea. This kind of thing shows us just how important it is to update how we hire people. We need to find ways to make sure we're hiring real people and not falling for these kinds of scams. If we don't change how we do things, these problems are just going to get worse.


https://bit.ly/3CWVuin


Headlines:

"An Arizona woman who created 'laptop farm' in her home to help fake IT workers pose as US-based employees has pleaded guilty in a scheme that generated over $17 million for herself... and North Korea."


"According to court documents, Chapman ran a laptop farm out of her home from October 2020 to October 2023. During this time she hosted computers for overseas IT workers — who were posing as American citizens and residents — to ensure the devices had local IP addresses, making them appear to be in the US."


"Those who successfully obtained employment as part of the scam then received payroll checks at Chapman's home with direct deposits sent to her US bank accounts before ultimately being laundered and funneled to North Korea, and then potentially contributing to the DPRK's weapons programs, the court document says."


"Some of the overseas workers were hired at Fortune 500 companies, including a top-five television network, a premier Silicon Valley technology company, an aerospace and defense manufacturer, an American car manufacturer, a luxury retail chain, and a US-hallmark media and entertainment company."


"In total, more than 300 US companies were scammed,..."

Tuesday, February 4, 2025

Chinese AI DeepSeek Database Is Exposed


A Chinese company DeepSeek AI Database is exposed recently and over 1 million log lines and secret keys are leaked.


Choose your AI wisely. Choose your software wisely. Cheap software might end up costing you far more in the long run. While no choice is entirely risk-free, it's best to use software from countries that uphold strong democratic values, justice, and human rights. Your data is being collected and sold to third parties. This is almost unavoidable. If it must happen, it's (relatively) safer in the hands of democratic countries. (Consider it the lesser of two evils.)


https://bit.ly/4hmIqBQ


[Headlines]


"Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.


The ClickHouse database 'allows full control over database operations, including the ability to access internal data,' Wiz security researcher Gal Nagli said.


The exposure also includes more than a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information, such as API Secrets and operational metadata. DeepSeek has since plugged the security hole following attempts by the cloud security firm to contact them.


The database, hosted at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, is said to have enabled unauthorized access to a wide range of information. The exposure, Wiz noted, allowed for complete database control and potential privilege escalation within the DeepSeek environment without requiring any authentication."


"Furthermore, DeepSeek's apps became unavailable in Italy shortly after the country's data protection regulator, the Garante, requested information about its data handling practices and where it obtained its training data..."


"Bloomberg, Financial Times, and The Wall Street Journal have also reported that both OpenAI and Microsoft are probing whether DeepSeek used OpenAI's application programming interface (API) without permission to train its own models on the output of OpenAI's systems, an approach referred to as distillation."