Tuesday, April 22, 2025

UK Fines Law Firm 60,000 Pounds for Ransomware Data Breach


Two things:

1) DO NOT ignore two-factor authentication for any user. Just one weak link can cause you £60,000 (or more).

2) Report breaches on time, in accordance with the law(s) you are required to obey.


The U.K. ICO (Information Commissioner's Office) fined a law firm £60,000 after a 2022 ransomware attack leaked sensitive client data, including DNA tests and information about children and victims. The investigation found that the law firm failed to protect data properly, used an outdated account without two-factor authentication, and waited too long to report the breach. The ICO said protecting personal information is a legal duty, and the firm’s mistakes led to serious risks. The firm can appeal the fine but has not commented yet.


https://bit.ly/3YFvYFO


Headlines:

"Firm Failed to Close Outdated User Account, Waited 43 Days to Notify Regulators"


"Hackers in a 2022 ransomware attack stole 32.4 gigabytes of data from the law firm and later posted on the darkweb. The breach affected 791 people and contained information about 306 clients including DNA testing data, details on children and victims of sexual offenses."

Wednesday, April 2, 2025

Legacy Medical Devices Remain Easy Targets for Cyber Threats

 

Do you think that your health data secure?


Most of the people don't really think about this question. But imagine, what would you do if your health data ended up on the internet one day? Once it's exposed, you can't undo it. That's scary and disturbing, isn't it?


Anyone who worked with medical systems knows that it is quite difficult to patch the vulnerabilities on these systems. Main reasons are: 1) Many of the systems run on outdated software that no longer supports new patches. 2) Updates are too risky because they can interrupt care or cause devices to fail during use. So, many of these devices stay unpatched and highly vulnerable to cyber attacks.


Researchers from Claroty's Team82 analyzed over 2.25 million Internet of Medical Things (IoMT) devices and more than 647,000 operational technology (OT) devices across 351 healthcare organizations. They found that 99% of these organizations had vulnerabilities with publicly available exploits, as listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. (Yes, 99%. We can say (almost) "all of them")


You can find the report in the following link:

https://bit.ly/4j1es7d


https://bit.ly/3FOYOgp


Headlines:

"...the firm was able to analyze the security state of more than 2.25 million IoMT devices and more than 647,000 OT devices across 351 healthcare organizations – and found that 99% of the organizations are vulnerable to publicly available exploits..."


Monday, March 24, 2025

Are We Ready for Post Quantum Cryptography (PQR)?

Is your organization prepared for the quantum computing era and the shift to Post-Quantum Cryptography (PQC)?

Well... What does this question mean?


Post-Quantum Cryptography (PQC) refers to cryptographic algorithms that are designed to be secure against attacks from quantum computers. Quantum computers have the potential to break widely used encryption methods (like RSA and ECC).


Our digital world heavily relies on RSA system. RSA (Rivest-Shamir-Adleman) is a widely used public-key cryptosystem that relies on the mathematical problem of factoring large prime numbers. The algorithm involves two keys: a public key, used for encryption, and a private key, used for decryption. However, the rise of quantum computers threatens this system.


Recognizing the urgency, the UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035.


https://bit.ly/4kXiZsO


Headlines:

"'Quantum computing is set to revolutionize technology, but it also poses significant risks to current encryption methods,' stated NCSC's CTO, Ollie Whitehouse."


"As quantum technology advances, upgrading our collective security is not just important – it's essential."


"The NCSC recommends adopting NIST-approved PQC algorithms for migration, which were standardized by the U.S. organization last year, and are expected to become the foundation for post-quantum security globally."


"The United States has established a similar timeline for migrating to PQC through the National Security Memorandum 10 (NSM-10), which also sets 2035 as the target year for completing the transition across federal systems."


Monday, March 17, 2025

SideWinder APT Targets Critical Infrastructures

An advanced persistent threat (APT) group known as SideWinder (allegedly Indian origin) is targeting critical infrastructure sectors within Asia, the Middle East, and Africa, with a focus on maritime, nuclear, and logistics operations.

SideWinder is demonstrating increased sophistication in its cyberattacks, enhancing its tools and techniques to evade security software and maintain persistent access to compromised networks. The group utilizes spear-phishing campaigns, delivering malicious documents that exploit the CVE-2017-11882 Microsoft Office vulnerability to deploy the StealerBot malware, a modular toolkit designed for stealing sensitive information.


Headlines:

"The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy infrastructure in South Asia and Africa, as well as telecommunication, consulting, IT service companies, real estate agencies, and hotels.


"'They are constantly monitoring detections of their toolset by security solutions,' Kaspersky said. 'Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours.'"



Monday, February 17, 2025

Arizona Woman Running a Laptop Farm for North Korean IT Workers

 

Going digital is changing -almost- everything, and that's mostly a good thing. But it also means that it brings new dangers to our lives. One area we really need to look at is how we hire people. The old ways of doing things might not be safe anymore in this digital world. We have to think about these new risks and find ways to protect ourselves. Otherwise, we're going to keep seeing stories like the one about the woman in Arizona. She set up a whole system to create fake online workers, a "laptop farm" as they called it. She made a ton of money, over $17 million, by pretending these fake workers were real people working in the US. And, unbelievably, some of that money ended up going to North Korea. This kind of thing shows us just how important it is to update how we hire people. We need to find ways to make sure we're hiring real people and not falling for these kinds of scams. If we don't change how we do things, these problems are just going to get worse.


https://bit.ly/3CWVuin


Headlines:

"An Arizona woman who created 'laptop farm' in her home to help fake IT workers pose as US-based employees has pleaded guilty in a scheme that generated over $17 million for herself... and North Korea."


"According to court documents, Chapman ran a laptop farm out of her home from October 2020 to October 2023. During this time she hosted computers for overseas IT workers — who were posing as American citizens and residents — to ensure the devices had local IP addresses, making them appear to be in the US."


"Those who successfully obtained employment as part of the scam then received payroll checks at Chapman's home with direct deposits sent to her US bank accounts before ultimately being laundered and funneled to North Korea, and then potentially contributing to the DPRK's weapons programs, the court document says."


"Some of the overseas workers were hired at Fortune 500 companies, including a top-five television network, a premier Silicon Valley technology company, an aerospace and defense manufacturer, an American car manufacturer, a luxury retail chain, and a US-hallmark media and entertainment company."


"In total, more than 300 US companies were scammed,..."

Tuesday, February 4, 2025

Chinese AI DeepSeek Database Is Exposed


A Chinese company DeepSeek AI Database is exposed recently and over 1 million log lines and secret keys are leaked.


Choose your AI wisely. Choose your software wisely. Cheap software might end up costing you far more in the long run. While no choice is entirely risk-free, it's best to use software from countries that uphold strong democratic values, justice, and human rights. Your data is being collected and sold to third parties. This is almost unavoidable. If it must happen, it's (relatively) safer in the hands of democratic countries. (Consider it the lesser of two evils.)


https://bit.ly/4hmIqBQ


[Headlines]


"Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.


The ClickHouse database 'allows full control over database operations, including the ability to access internal data,' Wiz security researcher Gal Nagli said.


The exposure also includes more than a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information, such as API Secrets and operational metadata. DeepSeek has since plugged the security hole following attempts by the cloud security firm to contact them.


The database, hosted at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, is said to have enabled unauthorized access to a wide range of information. The exposure, Wiz noted, allowed for complete database control and potential privilege escalation within the DeepSeek environment without requiring any authentication."


"Furthermore, DeepSeek's apps became unavailable in Italy shortly after the country's data protection regulator, the Garante, requested information about its data handling practices and where it obtained its training data..."


"Bloomberg, Financial Times, and The Wall Street Journal have also reported that both OpenAI and Microsoft are probing whether DeepSeek used OpenAI's application programming interface (API) without permission to train its own models on the output of OpenAI's systems, an approach referred to as distillation."

Monday, January 27, 2025

50,000 Fortinet Firewalls Vulnerable to Zero-day


Everybody agrees that the organizations have to have a vulnerability management system but is that enough? Well... NO! Having a vulnerability management system without a robust patch management means to sit back and wait for the attackers compromise your systems. It will only increase your headache and pain. (Remember: Ignorance is bliss 😜 )

A zero-day exploit for Fortinet firewalls was announced in mid-January this year (2025) but it seems that too many firewall administrators are still not aware of this threat. Approximately 50,000 Fortinet boxes on the world are still exposed to that zero-day exploit. (CVE-2024-55591) (According to the reports of Shadowserver: https://bit.ly/42wNjDI)


Nearly 50,000 Fortinet firewalls remain vulnerable to a zero-day exploit (CVE-2024-55591) discovered in mid-January 2025, according to Shadowserver (https://bit.ly/42wNjDI).


While vulnerability management is essential for identifying weaknesses, it's only half the battle. Without a patch management system to deploy timely fixes, these vulnerabilities become open invitations for attackers.


If you don't want to see your organization on the internet hacker news the next day then DO have a robust vulnerability AND patch management system.


https://bit.ly/42utKMl


"Data from the Shadowserver Foundation shows 48,457 Fortinet boxes are still publicly exposed and haven't had the patch for CVE-2024-55591 applied, despite stark warnings issued over the past seven days."


"Fortinet offered some relief, however, stating that if the usual security best practices have been followed since then, the risk of compromise is small. Devices purchased after December 2022 are all also unaffected."



Wednesday, January 15, 2025

UN Aviation Agency ICAO Confirms Recruitment Database Security Breach

Hackers target a broad spectrum of organizations for their attacks, from telecom companies to hospitals. Their victim was United Nations this time.

Approximately, 42,000 records were stolen from the database of the United Nations' International Civil Aviation Organization (ICAO).


https://bit.ly/3PBiOVx


"The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database."


"According to Natohub's claims, the allegedly stolen documents contain names, dates of birth, addresses, phone numbers, email addresses, and education and employment information.

Another threat actor said the leaked archive contains 2GB of files with information on 57,240 unique emails."


"'The compromised data includes recruitment-related information that applicants entered into our system, such as names, email addresses, dates of birth, and employment history. The affected data does not include financial information, passwords, passport details, or any documents uploaded by applicants,' ICAO said."


"Threat actors also hacked UN networks in Vienna and Geneva in July 2019 using a Sharepoint exploit, gaining access to staff records, health insurance, and commercial contract data."