Security daily (19-06-2020)

Philadelphia-area health system says it 'isolated' a malware attack

A “malware attack” has hit computer systems at Crozer-Keystone Health System, a large health care provider in the Philadelphia suburbs, a spokesman for the organization said Friday. “After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took immediate action and began remediating impacted systems,” Crozer-Keystone’s Rich Leonowitz said in an emailed statement. Crozer-Keystone owns four hospitals and four outpatient centers in Delaware County, Pennsylvania, according to its website. It was not immediately clear how, if at all, the cybersecurity incident impacted those facilities. Leonowitz declined to answer questions on the matter. “Having isolated the intrusion, we took necessary systems offline to prevent further risk,” Leonowitz’s statement continued. “We completed this work in collaboration with cybersecurity professionals across our health care system and are currently conducting a full investigation of the issue.” A set of hackers behind the NetWalker ransomware claimed responsibility for the attack. On their victim-shaming website, the hackers […] The post Philadelphia-area health system says it 'isolated' a malware attack appeared first on CyberScoop. (CyberScoop)

Australia blames a state actor for major disruptions. China is already denying it.

Government agencies and private companies in Australia are experiencing a “sophisticated” cyberattack carried out by a nation-state, according to Prime Minister Scott Morrison. In an announcement Friday, Morrison informed the public that “all levels of government” and a number of critical businesses and essential services are dealing with malicious activity that is accelerating in severity after beginning months ago. Specific details about the incident are scarce, and Morrison has declined to name the government behind the attacks, the motive or the exact nature of the incident. There has not been a major compromise of personal data, he said. “We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” he said. “There aren’t too many state-based actors who have those capabilities.” Senior government officials told Australia’s ABC News that China is the main suspect in the attack, adding that […] The post Australia blames a state actor for major disruptions. China is already denying it. appeared first on CyberScoop. (CyberScoop)

Woman who deliberately deleted firm’s Dropbox is sentenced

58-year-old Danielle Bulley may not look like your typical cybercriminal, but the act of revenge she committed against a company had just as much impact as a conventional hacker breaking into a business’s servers and causing havoc. Read more in my article on the Hot for Security blog. (Graham Cluley)

Aussie surfer’s hacked Instagram sent sexually explicit images to her 40,000 followers

18-year-old Blaze Angel Roberts is a talented surfer with 40,000 Instagram followers. Unfortunately, her popularity also seems to have drawn the unwanted attention of hackers, who successfully tricked her into clicking on a phishing link, and handing over the password to her email account. (Graham Cluley)

IBM Maximo Asset Management servers patched against attacks

As the name suggests, IBM Maximo is typically used by really big companies to track really huge numbers of assets... (Naked Security)

FBI uses T-shirt, tattoo and Vimeo clips to track down alleged arsonist

Amazing what online search, social media profiles, a DMV database and cameras everywhere can turn up about us. (Naked Security)

Ripple20 bugs set off wave of security problems in millions of devices

Security researchers have discovered a handful of game-changing vulnerabilities that spell trouble for dozens of connected device vendors and their customers. (Naked Security)

How to Identify Antivirus Software Installed on a Target's Windows 10 PC

Determining the antivirus and firewall software installed on a Windows computer is crucial to an attacker preparing to create a targeted stager or payload. With covert deep packet inspection, that information is easily identified.

This attack assumes the Wi-Fi password to the target network is already known. With the password, an attacker can observer data traversing the network and enumerate installed security software. Popular antivirus and firewall solutions become easily identifiable when benign web traffic is filtered out.

We'll learn how to capture and decrypt Wi-Fi traffic without... more (Null Byte « WonderHowTo)

Australian PM Morrison Warns Of Sophisticated State Hack

(News ≈ Packet Storm)

Detroit Man Cuffed For Hacking University Of Pittsburgh Medical Center

(News ≈ Packet Storm)

Top French Court Upholds $56 Million Google Privacy Breach Fine

(News ≈ Packet Storm)

Four Zero-Days Spotted In Attacks On Researchers' Fake Networks

(News ≈ Packet Storm)

Elon Musk Bitcoin Vanity Addresses Used To Scam Users Out Of $2 Million

(News ≈ Packet Storm)

Former DIA Analyst Sentenced to Prison Over Data Leak

A former Defense Intelligence Agency analyst leaked classified information to two journalists - one of whom he was dating - shedding light on insider threats. (Threatpost)

News Wrap: Malicious Chrome Extensions Removed, CIA ‘Woefully Lax’ Security Policies Bashed

Insider threats, the CIA's bad security policies, and malicious Chrome extensions were the topics of discussion during this week's news wrap podcast. (Threatpost)

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

An unpatched vulnerability in the web server of device firmware gives attackers root privileges, researchers said. (Threatpost)


/security-daily/ 20-06-2020 23:44:24