What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-08-04 17:40:00 | Les dispositifs médicaux jetés ont été trouvés pour avoir des troves d'informations sur les établissements de santé Discarded medical devices found to have troves of information on healthcare facilities (lien direct) |
Les pompes à perfusion sont vendues sur des marchés secondaires comme eBay se sont constatées encore des troves d'informations sensibles sur les hôpitaux qui les possédaient autrefois, ont constaté des chercheurs.Rapid7 Chercheur en sécurité Deral Heiland et plusieurs autres Examiné 13 marques d'appareils de pompe à perfusion, comme Alaris, Baxter etHospira, trouver des informations d'accès et des données d'authentification pour
Infusion pumps being sold on secondary markets like eBay were found to still carry troves of sensitive information about the hospitals that once owned them, researchers have found. Rapid7 principal security researcher Deral Heiland and several others examined 13 infusion pump device brands, like Alaris, Baxter and Hospira, finding access credentials and authentication data for |
Medical | ★★ | |
 |
2023-07-28 10:00:00 | Gestion des appareils mobiles: sécuriser le lieu de travail moderne Mobile Device Management: Securing the modern workplace (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. More mobile devices, more problems. The business landscape has shifted dramatically, as more endpoints connect to corporate networks from a wider variety of locations and are transmitting massive amounts of data. Economic forces and a lengthy pandemic have caused a decentralization of the workforce and increased adoption of a hybrid workplace model. Today, employees are more mobile than ever. The modern workforce and workplace have experienced a significant increase in endpoints, or devices connecting to the network, and managing these diverse endpoints across various geographic locations has grown in complexity. Here’s an analogy: imagine a bustling city, with its many roads, highways, and intersections. Each road represents a different endpoint, and the city itself symbolizes your corporate network. As the city grows and expands, more roads are built, connecting new neighborhoods and districts. Our corporate networks are like expanding cities. But along with digital transformation and a distributional shift of the workforce, the cybersecurity landscape is evolving at an equal pace. The multitude of endpoints that connect to the network is widening the attack surface that bad actors with malicious intent can exploit. From a cybersecurity perspective, more endpoints represent a significant business risk. Organizations need to understand the importance of managing and securing their endpoints and how these variables are intertwined for a complete endpoint security strategy. The evolution of Mobile Device Management Traditional Mobile Device Management has existed in some form since the early 2000s, when smartphones entered the marketplace. MDM has evolved over the last few decades, and in some way, Unified Endpoint Management (UEM) represents this modern evolution. Today, unified endpoint management has become a prominent solution for modern IT departments looking to secure their expanding attack surfaces. UEM is more than just managing endpoints. The “unified” represents one console for deploying, managing, and helping to secure corporate endpoints and applications. UEM offers provisioning, detection, deployment, troubleshooting, and updating abilities. UEM software gives IT and security departments visibility and control over their devices as well as their end-users, delivered through a centralized management console. For a more detailed discussion of mobile device security, check out this article. What is the difference between MDM and UEM? Unified Endpoint Management (UEM) and Mobile Device Management (MDM) are both solutions used to manage and secure an organization\'s devices, but their scope and capabilities differ. Mobile Device Management (MDM) is a type of security software used by an IT department to monitor, manage, and secure employees\' mobile devices deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. MDM is primarily concerned with device security, allowing organizations to enforce policies, manage device settings, monitor device status, and secure devices if lost or stolen. On the other hand, Unified Endpoint Management (UEM) is a more comprehensive solution that manages and secures not just mobile devices but all endpoints within an organization. This includes PCs, laptops, smartphones, tablets, and IoT devices. UEM solutions provide a single management console from which IT can control all these devices, | Threat Tool Vulnerability Medical | ★★★ | |
|
2023-07-26 20:17:00 | Le fournisseur de technologies de surveillance cardiaque confirme la cyberattaque Heart monitoring technology provider confirms cyberattack (lien direct) |
Un fournisseur de technologies pour la surveillance cardiaque et les électrocardiogrammes médicaux a confirmé mercredi qu'il répondait à une cyberattaque sur ses systèmes.Le site Web Pour l'entreprise, Cardiocomm, était en panne à partir de mercredi après-midi.L'incident était d'abord rapporté par TechCrunch.L'entreprise basée au Canada vend des produits pour l'enregistrement, la visualisation, l'analyse et le stockage d'électrocardiogrammes (ECGS)
A provider of technology for heart monitoring and medical electrocardiograms confirmed on Wednesday that it was responding to a cyberattack on its systems. The website for the company, CardioComm, was down as of Wednesday afternoon. The incident was first reported by TechCrunch. The Canada-based company sells products for recording, viewing, analyzing and storing electrocardiograms (ECGs) |
Medical | ★★ | |
 |
2023-07-25 11:00:00 | Hacker prétend avoir volé des dossiers médicaux sensibles du ministère de la Santé de l'Égypte Hacker Claims to Have Stolen Sensitive Medical Records from Egypt\\'s Ministry of Health (lien direct) |
Socradar et Falcon Feeds a rapporté que l'acteur de menace aurait commencé à vendre l'ensemble de données
SOCRAdar and Falcon Feeds reported that the threat actor allegedly started selling the dataset |
Threat Medical | ★★ | |
|
2023-07-25 10:00:00 | Ransomware Business Model - Qu'est-ce que c'est et comment le casser? Ransomware business model-What is it and how to break it? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The threat of ransomware attacks continues to strike organizations, government institutions, individuals, and businesses across the globe. These attacks have skyrocketed in frequency and sophistication, leaving a trail of disrupted operations, financial loss, and compromised data. Statistics reveal that there will be a new ransomware attack after every two seconds by 2031 while the companies lose between $1 and $10 million because of these attacks. As the security landscape evolves, cybercriminals change their tactics and attack vectors to maximize their profit potential. Previously, ransomware attackers employed tactics like email phishing, remote desktop protocol vulnerabilities, supply chain issues, and exploit kits to breach the system and implant the ransomware payloads. But now attackers have significantly changed their business model. Organizations need to adopt a proactive stance as more ransomware gangs emerge and new tactics are introduced. They must aim to lower their attack surface and increase their ability to respond to and recover from the aftermath of a ransomware attack. How is ransomware blooming as a business model? Ransomware has emerged as a thriving business model for cybercriminals. It is a highly lucrative and sophisticated method in which the attackers encrypt the data and release it only when the ransom is paid. Data backup was one way for businesses to escape this situation, but those lacking this had no option except to pay the ransom. If organizations delay or stop paying the ransom, attackers threaten to exfiltrate or leak valuable data. This adds more pressure on organizations to pay the ransom, especially if they hold sensitive customer information and intellectual property. As a result, over half of ransomware victims agree to pay the ransom. With opportunities everywhere, ransomware attacks have evolved as the threat actors continue looking for new ways to expand their operations\' attack vectors and scope. For instance, the emergence of the Ransomware-as-a-service (RaaS) model encourages non-technical threat actors to participate in these attacks. It allows cybercriminals to rent or buy ransomware toolkits to launch successful attacks and earn a portion of the profits instead of performing the attacks themselves. Moreover, a new breed of ransomware gangs is also blooming in the ransomware business. Previously, Conti, REvil, LockBit, Black Basta, and Vice Society were among the most prolific groups that launched the attacks. But now, the Clop, Cuban, and Play ransomware groups are gaining popularity as they exploit the zero-day vulnerability and impact various organizations. Ransomware has also become a professionalized industry in which attackers demand payments in Bitcoins only. Cryptocurrency provides anonymity and a more convenient way for cybercriminals to collect ransom payments, making it more difficult for law enforcement agencies to trace the money. Though the FBI discourages ransom | Threat Ransomware Malware Studies Tool Vulnerability Medical | ★★★ | |
|
2023-07-18 20:55:00 | Le laboratoire médical russe suspend certains services après une attaque de ransomware Russian medical lab suspends some services after ransomware attack (lien direct) |
Les clients du laboratoire médical russe Helix n'ont pas été en mesure de recevoir leurs résultats de test pendant plusieurs jours en raison d'une cyberattaque «grave» qui a paralysé les systèmes de la société au cours du week-end.Selon un déclaration Le laboratoire a été publié lundi, des pirates ont tenté d'infecter les systèmes de l'entreprise avec un ransomware.L'entreprise a dit
Customers of the Russian medical laboratory Helix have been unable to receive their test results for several days due to a “serious” cyberattack that crippled the company\'s systems over the weekend. According to a statement the lab issued Monday, hackers attempted to infect the company\'s systems with ransomware. The company told Russian state-owned news agency |
Ransomware Medical | ★★ | |
|
2023-07-18 18:46:00 | Législateurs: HHS ne protége pas adéquatement les dossiers de santé contre les forces de l'ordre Legislators: HHS is failing to adequately protect health records from law enforcement (lien direct) |
Les législateurs demandent au ministère de la Santé et des Services sociaux à empêcher les forces de l'ordre d'accéder aux dossiers de la reproduction et d'autres dossiers de santé sans mandat.Le lettre envoyée mardi par les sens. Ron Wyden (D-OR) et Patty Murray (D-Wa), La représentante Sara Jacobs (D-CA) et d'autres exhorte également le secrétaire du HHS, Xavier Becerra, à élargir les réglementations fédérales de santé à
Lawmakers are demanding the Department of Health and Human Services to bar law enforcement from accessing reproductive and other health records without a warrant. The letter sent Tuesday by Sens. Ron Wyden (D-OR) and Patty Murray (D-WA), Rep. Sara Jacobs (D-CA) and others also urges HHS Secretary Xavier Becerra to broaden federal health regulations to |
Studies Medical | ★★ | |
|
2023-07-17 10:00:00 | L'élément humain de la cybersécurité: nourrir une culture cyber-consciente pour se défendre contre les attaques d'ingénierie sociale The human element of Cybersecurity: Nurturing a cyber-aware culture to defend against social engineering attacks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As organizations across every sector come to rely more and more heavily on digital data storage, digital work platforms, and digital communications, cyber attacks are becoming increasingly common. Enterprising cyber attackers see opportunities abound with the widespread digital transformation across industries. Social engineering cyber attacks present a particularly potent threat to organizations. In this article, we will take a look at why training your employees to become aware of social engineering cyber attacks is key to protecting your business. We will explore the most common forms of social engineering attacks. Finally, we’ll also share key actionable advice to help educate and defend your employees against social engineering schemes. Why cybersecurity awareness is important Oftentimes the most vulnerable element in any organization’s cybersecurity defense system is an unaware employee. When someone does not know the common features of a social engineering cyber attack they can easily fall for even the most widespread cyber attack schemes. Educating employees on signs to look out for that might indicate a hidden cyberattack attempt and training employees on security policies and appropriate responses is essential to creating a resilient company-wide cybersecurity policy. Three common types of social engineering attacks To understand how to identify, trace, and respond to social engineering cyber attacks, it is important to get to know the most common forms that social engineering attacks can take. A social engineering attack occurs when a bad actor contacts an unsuspecting individual and attempts to trick them into providing sensitive information (such as credit card details or medical records) or completing a particular action (such as clicking on a contaminated link or signing up for a service). Social engineering attacks can be conducted over the phone, or via email, text message, or direct social media message. Let’s take a look at the three most common types of social engineering cyber attacks: Phishing Phishing is a type of social engineering attack that has bad actors posing as legitimate, and oftentimes familiar, contacts to extort valuable information from victims, such as bank account details or passwords. Phishing attacks can come in the form of emails claiming to be from legitimate sources- such as a government body, software company you use, or relative. Bad actors can hack someone’s legitimate account, making the communication seem more convincing, or they can impersonate an official organization, copying their logo and content style. Pretexting Pretexting attacks occur when a bad actor invents a story to gain an unsuspecting victim’s trust. The bad actor then uses this trust to trick or convince the victim into sharing sensitive data, completing an action, or otherwise accidentally causing harm to themselves or their affiliated organizations. Bad actors may use pretexting to manipulate an individual into downloading malware or compromised software, sending money, or providing private information, including financial details. Baiting | Threat Malware Hack Medical | ★★ | |
|
2023-07-17 09:30:00 | Vendeur de la technologie de la santé à payer 31 millions de dollars après les allégations de pots-de-vin Health Tech Vendor to Pay $31m After Kickback Allegations (lien direct) |
Nextgen Healthcare a été accusé d'avoir violé la loi sur les fausses réclamations
NextGen Healthcare was accused of violating False Claims Act |
Medical | ★★ | |
 |
2023-07-14 13:30:00 | Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe (lien direct) | Voici comment les cybercriminels ont ajusté leurs tactiques en réponse aux politiques de sécurité plus strictes de Microsoft, ainsi que d'autres résultats intéressants du nouveau rapport de menace d'Eset \\
Here\'s how cybercriminals have adjusted their tactics in response to Microsoft\'s stricter security policies, plus other interesting findings from ESET\'s new Threat Report |
Threat Studies Medical | ★★★★ | |
|
2023-07-11 19:19:00 | Les procureurs britanniques disent que Teen Lapsus $ était derrière des hacks sur Uber, Rockstar British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar (lien direct) |
Un tribunal de la Couronne britannique a levé mardi une restriction de reportage, permettant la dénomination de l'adolescent Arion Kurtaj qui est accusé d'avoir piraté les jeux Rockstar à Uber, Revolut et Video Games Rockstar Games dans un court laps de temps en septembre dernier.Kurtaj, maintenant âgé de 18 ans, n'a pas été jugé adapté à être jugé par des professionnels de la santé.Le jury
A British Crown Court on Tuesday lifted a reporting restriction, allowing the naming of teenager Arion Kurtaj who is accused of hacking Uber, Revolut, and video game developer Rockstar Games in a short period of time last September. Kurtaj, now 18, has been deemed not fit to stand trial by medical professionals. The jury will |
Medical | Uber | ★★★ |
|
2023-07-04 13:00:00 | CISA émet un avertissement pour la vulnérabilité du système de dispositifs cardiaques CISA issues warning for cardiac device system vulnerability (lien direct) |
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) averti d'une vulnérabilité sévère dans un appareil cardiaque de la société de dispositifs médicaux Medtronic.Le problème & # 8211;suivi comme CVE-2023-31222 & # 8211;Procure un score CVSS «critique» de 9,8 sur 10 et affecte le logiciel Paceart Optima de l'entreprise qui fonctionne sur un serveur Windows de Healthcare Organisation \\.L'application
The Cybersecurity and Infrastructure Security Agency (CISA) warned of a severe vulnerability in a cardiac device from medical device company Medtronic. The issue – tracked as CVE-2023-31222 – carries a “critical” CVSS score of 9.8 out of 10 and affects the company\'s Paceart Optima software that runs on a healthcare organization\'s Windows server. The application |
Vulnerability Medical | ★★ | |
|
2023-06-28 10:00:00 | La cybersécurité n'est pas un outil ou un logiciel;est un état d'esprit: combler l'écart pour les changeurs de carrière Cybersecurity is not a tool or software piece; is a state of mind: Bridging the gap for career changers (lien direct) |
Introduction In recent years, the field of cybersecurity has witnessed a significant influx of professionals from non-Information Technology (IT) backgrounds who are making the leap into this dynamic industry. As a cybersecurity technical developer and instructor, I have had the privilege of delivering many customers in-person and virtual training courses and meeting numerous individuals seeking to transition into cybersecurity from diverse non-IT related fields. I can remember Cindy, a lawyer in a large firm, not really finding fulfillment after a “boring” eighteen months at the firm. Also, Ann, an actress with over 17 successful years of movie and theater experience, wanting to get into the industry for higher income to support her daughter. Then Richard, a radiologist tired of the customer abuse he was receiving and wanting more in life. Everything starts with the right mindset at the onset; and not every career in cybersecurity is deeply technical. Cybersecurity is a broad field and cybersecurity professionals may do their jobs in a variety of ways. This includes the following roles - keeping in mind that at least two of them are not 100% technical. They can have roles that protect a company’s internal networks and data from outside threat actors as information security professionals. They can have roles in risk management where they can confirm businesses take appropriate measures to protect against cybercrime. They can have roles where they can confirm businesses comply with local, state, and federal cybersecurity and data protections laws. Aside from being super solid on the OSI Model, hands-on TCP/IP, networking skills, a couple of industry certifications, a drive to self-study, some basic coding and a couple of bootcamps, an aspiring cybersecurity professional must also consider their skills. They bring things to the table from the fields where they come from, which are useful, fully transferable and appreciated! Sometimes as “seasoned professionals” we forget to investigate fresh ways to pivot in incident response (IR) scenarios for example. Technical skills can, with some education, hands-on practice, and self-study, be mastered, but the main ones that you will need for the transition are not going to be found in the classroom, or in the computer screen. These are the face-to-face interactions we have with friends, family, coworkers, and strangers. In other words, the soft skills; those skills that cannot be coded or productized but indeed can be monetized. Transitioning from entertainment/law/health and many other industries to the cybersecurity field does bring valuable transferable skills. In this article I aim to explore the many valuable skills career changers bring to the table and highlight seven essential skills they must possess to successfully embark on this exciting and amazing journey. Attention to detail: Actors pay great attention to detail, focusing on nuances in dialogue, characterization, and stage directions. In cybersecurity, meticulousness is essential when reviewing code, identifying vulnerabilities, conducting security assessments, and analyzing logs. Her ability to spot inconsistencies and pay attention to minute details can be valuable. Radiology technicians work with complex medical imaging equipment, where precision and attention to detail are crucial. This skill translates well to the cybersecurity field, where professionals need to analyze large amounts of data, identify vulnerabilities, and detect potential threats with accuracy. Lawyers pay great attention to detail when reviewing legal documents, contracts, and evidence. This attention to detail can be valuable in cybersecurity, where professionals must review policies, analyze security controls, and identify potential vulnerabilities. They can also contribute to ensuring cybersecurity practices align with legal and regulatory standards. | Threat Tool Vulnerability Medical | ★★★ | |
 |
2023-06-27 17:00:00 | Pourquoi le mandat SBOM de la FDA \\ change le jeu pour la sécurité OSS Why the FDA\\'s SBOM Mandate Changes the Game for OSS Security (lien direct) |
Les nouvelles directives de la FDA Software Bill of Materials (SBOM) pour les dispositifs médicaux pourraient avoir un impact large sur l'industrie des soins de santé et l'écosystème open source plus large.
The new FDA software bill of materials (SBOM) guidelines for medical devices could have broad impact on the healthcare industry and the broader open source ecosystem. |
Medical | ★★ | |
 |
2023-06-27 14:42:43 | Dispositifs médicaux connectés - la prochaine cible pour les attaques de ransomwares Connected Medical Devices-the Next Target for Ransomware Attacks (lien direct) |
Les nouvelles directives de la FDA Software Bill of Materials (SBOM) pour les dispositifs médicaux pourraient avoir un impact large sur l'industrie des soins de santé et l'écosystème open source plus large.
The new FDA software bill of materials (SBOM) guidelines for medical devices could have broad impact on the healthcare industry and the broader open source ecosystem. |
Ransomware Medical | ★★★ | |
 |
2023-06-22 17:57:08 | Maintenant, les extorqueurs noirs menacent de divulguer des photos de chirurgie plastique volées Now BlackCat extortionists threaten to leak stolen plastic surgery pics (lien direct) |
Partage d'un patient cancéreux \\ Snaps nues plus tôt n'était pas assez pour ces scumbags gang ransomware Blackcat prétend avoir infecté un centre de chirurgie plastique, volé "lots" de dossiers médicaux très sensibles, et a juré de divulguer des photos des patients si la clinique ne paie pas.…
Sharing a cancer patient\'s nude snaps earlier wasn\'t enough for these scumbags Ransomware gang BlackCat claims it infected a plastic surgery center, stole "lots" of highly sensitive medical records, and has vowed to leak patients\' photos if the clinic doesn\'t pay up.… |
Medical | ★★★ | |
 |
2023-06-14 13:46:07 | Medigauter par Claroty et Siemens Healthineers collaborent à la cybersécurité de bout en bout Medigate by Claroty and Siemens Healthineers Collaborate in End-to-End Cybersecurity (lien direct) |
Medigaute par Claroty et Siemens Healthineers collaborent à la cybersécurité de bout en bout.Siemens Healthineers ACTSAFE Solution Uside Medigate par Claroty Software;Le partage de données de sécurité des dispositifs médicaux stimule les clients \\ 'Gestion des risques et efficacité opérationnelle
-
nouvelles commerciales
Medigate by Claroty and Siemens Healthineers Collaborate in End-to-End Cybersecurity. Siemens Healthineers ActSafe solution leverages Medigate by Claroty software; medical device security data sharing boosts customers\' risk management and operational efficiency - Business News |
Medical | ★★ | |
|
2023-06-07 07:47:24 | La nouvelle étude de Veracode révèle que la sécurité des logiciels dans les organismes du secteur public est insuffisante (lien direct) | La nouvelle étude de Veracode révèle que la sécurité des logiciels dans les organismes du secteur public est insuffisante. Le rapport State of Software Security Public Sector 2023 de Veracode révèle des failles de sécurité dans 82 % des applications gouvernementales. Le secteur public est plus performant que le secteur privé dans certains domaines. Veracode a publié une étude révélant que les applications développées par les organisations du secteur public présentent généralement un nombre plus élevé de (...) - Investigations | Studies Medical | ★★★ | |
 |
2023-05-25 16:12:22 | La violation des données chez Apria Healthcare affecte 2 millions de personnes maintenant informés Data Breach At Apria Healthcare Affects 2 Million People Now Notified (lien direct) |
Apria Healthcare, un fabricant d'équipements médicaux pour la maison, envoie des notifications de violation à environ deux millions de personnes dont les informations peuvent avoir été volées dans des violations de données en 2019 et 2021. Près de deux millions de personnes aux États-Unis comptent sur APRIA, ce qui fait de l'APRIA, ce qui fait de l'APRIA, ce qui fait de l'APRIA, ce qui réalise APRIA, ce qui fait de l'APRIA, ce qui a faitC'est l'un des meilleurs fournisseurs de respiratoires à domicile [& # 8230;]
Apria Healthcare, a manufacturer of medical equipment for the home, is sending out breach notifications to roughly two million people whose information may have been stolen in data breaches in 2019 and 2021. Close to two million people in the United States rely on Apria, making it one of the top providers of home respiratory […] |
Data Breach Medical | ★★ | |
|
2023-05-25 08:29:13 | Ministère de la Justice rapié par l'ICO pour une fuite de données à l'ancienne Ministry of Justice rapped by ICO for old fashioned data leak (lien direct) |
Oubliez des seaux AWS, des sacs d'informations médicales et personnelles sur les détenus et leurs gardes laissés dans \\ 'non sécurisé \' zone de prison nous reculons dans le monde analogique pour cette histoire de malheur queImplique des sacs et des sacs de données sensibles non scellées dans une zone «non garantie» d'une prison.La pénalité financière pour cela?Une gifle sur le poignet du ministère de la Justice de la Grande-Bretagne…
Forget AWS buckets, bags of medical and personal info on inmates and their guards left in \'unsecured\' area of prison We step back into the analogue world for this tale of woe that involves bags and bags of sensitive data being left unsealed in an “unsecured” area of a prison. The financial penalty for doing so? A slap on the wrist for Britain\'s Ministry of Justice.… |
Medical | ★★ | |
|
2023-05-23 19:33:00 | L'assureur santé indique que des informations sur les patients ont été volées dans une attaque de ransomware Health insurer says patients\\' information was stolen in ransomware attack (lien direct) |
L'un des plus grands assureurs de santé de la Nouvelle-Angleterre a informé mardi des clients actuels et anciens que les données, y compris les antécédents médicaux et les diagnostics des patients, ont été copiées et prises lors d'une attaque de ransomware.Point32Health - qui supervise le plan de santé des soins de santé et Tufts de Harvard - a déclaré d'abord Découvert L'incident le 17 avril le 17 avrilet a lancé une enquête
One of New England\'s largest health insurers notified current and former customers Tuesday that data including patient medical history and diagnoses was copied and taken during a ransomware attack. Point32Health - which oversees Harvard Pilgrim Health Care and Tufts Health Plan - said it first discovered the incident on April 17 and launched an investigation |
Ransomware Medical | ★★ | |
|
2023-05-23 10:00:00 | L'intersection de la télésanté, de l'IA et de la cybersécurité The intersection of telehealth, AI, and Cybersecurity (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Artificial intelligence is the hottest topic in tech today. AI algorithms are capable of breaking down massive amounts of data in the blink of an eye and have the potential to help us all lead healthier, happier lives. The power of machine learning means that AI-integrated telehealth services are on the rise, too. Almost every progressive provider today uses some amount of AI to track patients’ health data, schedule appointments, or automatically order medicine. However, AI-integrated telehealth may pose a cybersecurity risk. New technology is vulnerable to malicious actors and complex AI systems are largely reliant on a web of interconnected Internet of Things (IoT) devices. Before adopting AI, providers and patients must understand the unique opportunities and challenges that come with automation and algorithms. Improving the healthcare consumer journey Effective telehealth care is all about connecting patients with the right provider at the right time. Folks who need treatment can’t be delayed by bureaucratic practices or burdensome red tape. AI can improve the patient journey by automating monotonous tasks and improving the efficiency of customer identity and access management (CIAM) software. CIAM software that uses AI can utilize digital identity solutions to automate the registration and patient service process. This is important, as most patients say that they’d rather resolve their own questions and queries on their own before speaking to a service agent. Self-service features even allow patients to share important third-party data with telehealth systems via IoT tech like smartwatches. AI-integrated CIAM software is interoperable, too. This means that patients and providers can connect to the CIAM using omnichannel pathways. As a result, users can use data from multiple systems within the same telehealth digital ecosystem. However, this omnichannel approach to the healthcare consumer journey still needs to be HIPAA compliant and protect patient privacy. Medicine and diagnoses Misdiagnoses are more common than most people realize. In the US, 12 million people are misdiagnosed every year. Diagnoses may be even more tricky via telehealth, as doctors can’t read patients\' body language or physically inspect their symptoms. AI can improve the accuracy of diagnoses by leveraging machine learning algorithms during the decision-making process. These programs can be taught how to distinguish between different types of diseases and may point doctors in the right direction. Preliminary findings suggest that this can improve the accuracy of medical diagnoses to 99.5%. Automated programs can help patients maintain their medicine and re-order repeat prescriptions. This is particularly important for rural patients who are unable to visit the doctor\'s office and may have limited time to call in. As a result, telehealth portals that use AI to automate the process help providers close the rural-urban divide. Ethical considerations AI has clear benefits in telehealth. However, machine learning programs and automated platforms do put patient data at i | Medical | ChatGPT ChatGPT | ★★ |
|
2023-05-22 10:00:00 | Partager les données de votre entreprise avec Chatgpt: à quel point est-elle risquée? Sharing your business\\'s data with ChatGPT: How risky is it? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As a natural language processing model, ChatGPT - and other similar machine learning-based language models - is trained on huge amounts of textual data. Processing all this data, ChatGPT can produce written responses that sound like they come from a real human being. ChatGPT learns from the data it ingests. If this information includes your sensitive business data, then sharing it with ChatGPT could potentially be risky and lead to cybersecurity concerns. For example, what if you feed ChatGPT pre-earnings company financial information, company proprietary software codeor materials used for internal presentations without realizing that practically anybody could obtain that sensitive information just by asking ChatGPT about it? If you use your smartphone to engage with ChatGPT, then a smartphone security breach could be all it takes to access your ChatGPT query history. In light of these implications, let\'s discuss if - and how - ChatGPT stores its users\' input data, as well as potential risks you may face when sharing sensitive business data with ChatGPT. Does ChatGPT store users’ input data? The answer is complicated. While ChatGPT does not automatically add data from queries to models specifically to make this data available for others to query, any prompt does become visible to OpenAI, the organization behind the large language model. Although no membership inference attacks have yet been carried out against the large language learning models that drive ChatGPT, databases containing saved prompts as well as embedded learnings could be potentially compromised by a cybersecurity breach. OpenAI, the parent company that developed ChatGPT, is working with other companies to limit the general access that language learning models have to personal data and sensitive information. But the technology is still in its nascent developing stages - ChatGPT was only just released to the public in November of last year. By just two months into its public release, ChatGPT had been accessed by over 100 million users, making it the fastest-growing consumer app ever at record-breaking speeds. With such rapid growth and expansion, regulations have been slow to keep up. The user base is so broad that there are abundant security gaps and vulnerabilities throughout the model. Risks of sharing business data with ChatGPT In June 2021, researchers from Apple, Stanford University, Google, Harvard University, and others published a paper that revealed that GPT-2, a language learning model similar to ChatGPT, could accurately recall sensitive information from training documents. The report found that GPT-2 could call up information with specific personal identifiers, recreate exact sequences of text, and provide other sensitive information when prompted. These “training data extraction attacks” could present a growing threat to the security of researchers working on machine learning models, as hackers may be able to access machine learning researcher data and steal their protected intellectual property. One data security company called Cyberhaven has released reports of ChatGPT cybersecurity vulnerabilities it has recently prevented. According to the reports, Cyberhaven has identified and prevented insecure requ | Threat Tool Medical | ChatGPT ChatGPT | ★★ |
|
2023-05-16 08:30:00 | PharMerica Breach Hits Over 5.8 Million Customers (lien direct) | Données médicales et d'assurance exposées dans une attaque de ransomware
Medical and insurance data exposed in ransomware attack |
Ransomware Medical | ★★ | |
 |
2023-05-15 14:10:40 | Ransomware gang steals data of 5.8 million PharMerica patients (lien direct) | Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...]
Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...] |
Ransomware Data Breach Medical | ★★ | |
 |
2023-05-11 13:15:13 | CVE-2023-29863 (lien direct) | Medical Systems Co. Medisys Weblab Products V19.4.03 a été découvert qu'il contenait une vulnérabilité d'injection SQL via le paramètre TEM: Instruction dans les fichiers WSDL.
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. |
Vulnerability Medical | ||
|
2023-05-03 20:38:00 | La vulnérabilité des équipements de séquençage d'ADN ajoute une nouvelle torsion aux cyber-menaces de dispositifs médicaux DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats (lien direct) |
Une vulnérabilité dans un séquenceur d'ADN met en évidence la surface d'attaque élargie des organisations de soins de santé, mais montre également que la déclaration des vulnérabilités des dispositifs médicaux fonctionne.
A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works. |
Vulnerability Medical | ★★★ | |
|
2023-05-01 10:00:00 | Le rôle de l'IA dans les soins de santé: révolutionner l'industrie des soins de santé The role of AI in healthcare: Revolutionizing the healthcare industry (lien direct) |
Le contenu de ce post est uniquement la responsabilité de l'auteur. & nbsp;AT & amp; t n'adopte ni n'approuve aucune des vues, des positions ou des informations fournies par l'auteur dans cet article. & Nbsp; Introduction L'intelligence artificielle (AI) est le mimétisme de certains aspects du comportement humain tels que le traitement du langage et la prise de décision en utilisant de grands modèles de langage (LLM) et le traitement du langage naturel (PNL). Les LLM sont un type spécifique d'IA qui analyse et génèrent un langage naturel à l'aide d'algorithmes d'apprentissage en profondeur.Les programmes d'IA sont faits pour penser comme les humains et imiter leurs actions sans être biaisés ou influencés par les émotions. LLMS fournit des systèmes pour traiter les grands ensembles de données et fournir une vue plus claire de la tâche à accomplir.L'IA peut être utilisée pour identifier les modèles, analyser les données et faire des prédictions basées sur les données qui leur sont fournies.Il peut être utilisé comme chatbots, assistants virtuels, traduction du langage et systèmes de traitement d'image. Certains principaux fournisseurs d'IA sont des chatppt par Open AI, Bard par Google, Bing AI par Microsoft et Watson AI par IBM.L'IA a le potentiel de révolutionner diverses industries, notamment le transport, la finance, les soins de santé et plus encore en prenant des décisions rapides, précises et éclairées avec l'aide de grands ensembles de données.Dans cet article, nous parlerons de certaines applications de l'IA dans les soins de santé. Applications de l'IA dans les soins de santé Il existe plusieurs applications de l'IA qui ont été mises en œuvre dans le secteur des soins de santé qui s'est avérée très réussie. Certains exemples sont: Imagerie médicale: Les algorithmes AI sont utilisés pour analyser des images médicales telles que les rayons X, les analyses d'IRM et les tomodensitométrie.Les algorithmes d'IA peuvent aider les radiologues à identifier les anomalies - aider les radiologues à faire des diagnostics plus précis.Par exemple, Google & rsquo; S AI Powered DeepMind a montré une précision similaire par rapport aux radiologues humains dans l'identification du cancer du sein. & nbsp; Médecine personnalisée: L'IA peut être utilisée pour générer des informations sur les biomarqueurs, les informations génétiques, les allergies et les évaluations psychologiques pour personnaliser le meilleur traitement des patients. . Ces données peuvent être utilisées pour prédire comment le patient réagira à divers cours de traitement pour une certaine condition.Cela peut minimiser les effets indésirables et réduire les coûts des options de traitement inutiles ou coûteuses.De même, il peut être utilisé pour traiter les troubles génétiques avec des plans de traitement personnalisés.Par exemple, Genomics profonde est une entreprise utilisant des systèmes d'IA pour développer des traitements personnalisés pour les troubles génétiques. Diagnostic de la maladie: Les systèmes d'IA peuvent être utilisés pour analyser les données des patients, y compris les antécédents médicaux et les résultats des tests pour établir un diagnostic plus précis et précoce des conditions mortelles comme le cancer.Par exemple, Pfizer a collaboré avec différents services basés sur l'IA pour diagnostiquer les maladies et IBM Watson utilise les PNL et les algorithmes d'apprentissage automatique pour l'oncologie dans l'élaboration de plans de traitement pour les patients atteints de cancer. Découverte de médicaments: L'IA peut être utilisée en R & amp; D pour la découverte de médicaments, ce qui rend le processus plus rapidement.L'IA peut supprimer certaines | Prediction Medical | ChatGPT ChatGPT | ★★ |
 |
2023-04-29 10:04:00 | CISA met en garde contre les défauts critiques dans les instruments de séquençage d'ADN d'Illumina \\ CISA Warns of Critical Flaws in Illumina\\'s DNA Sequencing Instruments (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié un avertissement consultatif médical des systèmes de contrôle industriel (ICS) d'un défaut critique ayant un impact sur les dispositifs médicaux Illumina.
Les problèmes ont un impact sur le logiciel Universal Copy Service (UCS) dans l'illuminaMiseqdx, NextSeq 550DX, ISCAN, ISEQ 100, MINISEQ, MISEQ, NEXTSEQ 500, NextSeq 550, NextSeq 1000/2000 et Novaseq 6000 ADN
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA |
Industrial Medical | ★★ | |
|
2023-04-24 10:56:00 | Sécuriser l'écosystème Edge Research mondial publié & # 8211;Rapport gratuit disponible Securing the Edge Ecosystem Global Research released – Complimentary report available (lien direct) |
AT&T Cybersecurity is committed to providing thought leadership to help you strategically plan for an evolving cybersecurity landscape. Our 2023 AT&T Cybersecurity InsightsTM Report: Edge Ecosystem is now available. It describes the common characteristics of an edge computing environment, the top use cases and security trends, and key recommendations for strategic planning. Get your free copy now. This is the 12th edition of our vendor-neutral and forward-looking report. During the last four years, the annual AT&T Cybersecurity Insights Report has focused on edge migration. Past reports have documented how we interact using edge computing (get the 2020 report) benefit from edge computing (get the 2021 report) secure the data, applications, and endpoints that rely on edge computing (get the 2022 report) This year’s report reveals how the edge ecosystem is maturing along with our guidance on adapting and managing this new era of computing. Watch the webcast to hear more about our findings. The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry. At the onset of our research, we set out to find the following: Momentum of edge computing in the market. Collaboration approaches to connecting and securing the edge ecosystem. Perceived risk and benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. As with any piece of primary research, we found some surprising and some not-so-surprising answers to these three broad questions. Edge computing has expanded, creating a new ecosystem Because our survey focused on leaders who are using edge to solve business problems, the research revealed a set of common characteristics that respondents agreed define edge computing. A distributed model of management, intelligence, and networks. Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud. Software-defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments). Understanding these common characteristics are essential as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process and deliver data with velocity, volume, and variety, unlike anything we’ve previously seen. Business is embracing the value of edge deployments The primary use case of industries we sur | Ransomware Cloud Medical | ★★★ | |
|
2023-04-21 20:33:00 | Shields Health Breach expose 2,3 millions d'utilisateurs \\ 'Données Shields Health Breach Exposes 2.3M Users\\' Data (lien direct) |
Les systèmes de l'entreprise d'imagerie médicale ont été compromis par un acteur de menace, exposant les licences de conducteur \\ 's \\ et d'autres informations d'identification.
The medical imaging firm\'s systems were compromised by a threat actor, exposing patients\' driver\'s licenses and other identifying information. |
Threat Medical | ★★ | |
|
2023-04-19 15:30:00 | Systèmes d'appel d'infirmière, pompes de perfusion Nurse Call Systems, Infusion Pumps Riskiest Connected Medical Devices (lien direct) |
Les conclusions proviennent d'un nouveau rapport par Asset Visibility and Security Company Armis
The findings come from a new report by asset visibility and security company Armis |
Medical | ★★ | |
|
2023-04-12 16:00:00 | Crowdsstrike étend Falcon pour inclure l'IoT CrowdStrike Expands Falcon to Include IoT (lien direct) |
Crowdsstrike Falcon Insight pour l'IoT couvre l'Internet des objets, l'IoT industriel, la technologie des opérations, ainsi que les dispositifs médicaux.
CrowdStrike Falcon Insight for IoT covers Internet of Things, Industrial IoT, Operations Technology, as well as medical devices. |
Industrial Medical | ★★ | |
|
2023-04-06 13:45:00 | Sécuriser les dispositifs médicaux est une question de vie et de mort Securing Medical Devices is a Matter of Life and Death (lien direct) |
Les défis de la cybersécurité de l'Internet des choses médicales (IOMT) sont encore largement sans réponse
The cybersecurity challenges of the Internet of Medical Things (IoMT) are still largely unanswered |
Medical | ★★★ | |
|
2023-03-31 21:32:00 | La refonte de cybersécurité des dispositifs médicaux de la FDA \\ a de vraies dents, disent les experts [The FDA\\'s Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say] (lien direct) | Les problèmes physiques et de cyber-sécurité entourant les dispositifs médicaux comme IV Pumps sont enfin traités de manière significative par une nouvelle politique qui entre en vigueur cette semaine.
The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week. |
Medical | ★★★ | |
|
2023-03-30 15:30:00 | La FDA protège les dispositifs médicaux contre les cyber-menaces avec de nouvelles mesures [FDA Protects Medical Devices Against Cyber-Threats With New Measures] (lien direct) | Les nouvelles applications de dispositifs médicaux devraient "surveiller, identifier et résoudre" les problèmes de cybersécurité
New medical devices applications should "monitor, identify, and address" cybersecurity issues |
Medical | ★★★ | |
|
2023-03-29 21:09:00 | La FDA peut désormais rejeter de nouveaux dispositifs médicaux par rapport aux normes de cyber [FDA can now reject new medical devices over cyber standards] (lien direct) |
La Food and Drug Administration [affirmée] (https://www.fda.gov/regulatory-information/search-fda-puidance-cuments/cybersecurity-medical-devices-refuse-accept-policy-cyber-devices-Systèmes et systèmes liés à la section) Mercredi que les fabricants de dispositifs médicaux doivent désormais prouver que leurs produits répondent à certaines normes de cybersécurité afin d'obtenir l'approbation de l'agence.Les directives ont été présentées dans le projet de loi sur les crédits omnibus signé en décembre dernier, qui a autorisé la FDA à imposer des exigences de sécurité aux fabricants et à attribuer 5 $
The Food and Drug Administration [affirmed](https://www.fda.gov/regulatory-information/search-fda-guidance-documents/cybersecurity-medical-devices-refuse-accept-policy-cyber-devices-and-related-systems-under-section) Wednesday that medical device manufacturers must now prove their products meet certain cybersecurity standards in order to get the agency\'s approval. The guidelines were laid out in the omnibus appropriations bill signed into law last December, which authorized the FDA to impose security requirements on manufacturers and allocated $5 |
Medical | ★★ | |
|
2023-03-22 14:15:16 | CVE-2023-1566 (lien direct) | Une vulnérabilité a été trouvée dans Sourcecodeter Medical Certificate Generator App 1.0.Il a été déclaré comme critique.Cette vulnérabilité affecte le code inconnu du fichier Action.php.La manipulation de l'ID d'argument conduit à l'injection de SQL.L'attaque peut être initiée à distance.L'exploit a été divulgué au public et peut être utilisé.VDB-223558 est l'identifiant attribué à cette vulnérabilité.
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223558 is the identifier assigned to this vulnerability. |
Guideline Vulnerability Medical | ||
 |
2023-03-20 18:30:00 | When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule (lien direct) | > En février 2023, X-Force a publié un blog intitulé & # 8220; Direct Kernel Object Manipulation (DKOM) Attacks contre les fournisseurs ETW & # 8221;Cela détaille les capacités d'un échantillon attribué au groupe Lazare se sont exploités pour altérer la visibilité des opérations de logiciels malveillants.Ce blog ne remaniera pas l'analyse de l'échantillon de logiciel malveillant Lazarus ou du traçage d'événements pour Windows (ETW) comme [& # 8230;]
>In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […] |
Malware Medical | APT 38 | ★★★ |
|
2023-03-17 16:57:59 | Healthcare Firm ILS Alerts 4.2 Million People Of Data Breach (lien direct) | A data breach at Independent Living Systems (ILS), a Miami-based supplier of healthcare administration and managed care solutions, exposed 4,226,508 people’s data. This year’s largest revealed healthcare data breach, according to the number of affected individuals. ILS owns and manages Florida Community Care, a network of long-term care providers serving Medicaid beneficiaries throughout the state, […] | Data Breach Medical | ★★★ | |
|
2023-03-16 12:45:00 | Healthcare software firm ILS announces data breach affecting more than 4 million people (lien direct) |
The sensitive healthcare data of more than four million people was accessed by hackers who broke into the network of Independent Living Systems (ILS), a healthcare software company based in Miami. The company has provided third-party administrative services to health plans, providers, hospitals, and pharmaceutical and medical device companies for nearly two decades. ILS began |
Data Breach Medical | ★★ | |
 |
2023-03-14 19:57:32 | Cancer patient sues medical provider after ransomware group posts her photos online (lien direct) | >The suit comes about six weeks after the ransomware threatened to post sensitive material online if they weren't paid. | Ransomware Medical | ★★★ | |
|
2023-03-14 13:09:20 | 1 Million People Affected By Zoll Medical Data Breach (lien direct) | Zoll Medical, a medical technology developer, recently announced that it had suffered a data breach. The company said that the breach was detected at the end of January when it found some unusual activity on its internal network. After investigation, it found that the personal information of approximately one million individuals might have been compromised. […] | Data Breach Medical | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Threat Ransomware Data Breach Spam Malware Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-14 12:01:00 | Medical device giant says cyberattack leaked sensitive data of 1 million people (lien direct) |
Medical device maker Zoll said a cyberattack in January exposed the sensitive information of more than 1 million people. In documents [provided](https://apps.web.maine.gov/online/aeviewer/ME/40/ab192c35-667d-4bc9-ad18-fa710bd10b15.shtml) to Maine's Attorney General, Zoll said the incident started on January 28 when they “detected unusual activity” on their internal network. The company added that information was accessed on February 2. Zoll said |
Medical | ★★★ | |
 |
2023-03-13 11:16:54 | Zoll Medical Data Breach Impacts 1 Million Individuals (lien direct) | >Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. | Data Breach Medical | ★★ | |
|
2023-03-13 09:15:10 | CVE-2023-0888 (lien direct) | An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks | Vulnerability Medical | ||
|
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
 |
2023-03-07 16:30:00 | Anomali Cyber Watch: Mustang Panda Adopted MQTT Protocol, Redis Miner Optimization Risks Data Corruption, BlackLotus Bootkit Reintroduces Vulnerable UEFI Binaries (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Cryptojacking, Phishing, Ransomware, Secure boot bypass, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
MQsTTang: Mustang Panda’s Latest Backdoor Treads New Ground with Qt and MQTT
(published: March 2, 2023)
In early 2023, China-sponsored group Mustang Panda began experimenting with a new custom backdoor dubbed MQsTTang. The backdoor received its name based on the attribution and the unique use of the MQTT command and control (C2) communication protocol that is typically used for communication between IoT devices and controllers. To establish this protocol, MQsTTang uses the open source QMQTT library based on the Qt framework. MQsTTang is delivered through spearphishing malicious link pointing at a RAR archive with a single malicious executable. MQsTTang was delivered to targets in Australia, Bulgaria, Taiwan, and likely some other countries in Asia and Europe.
Analyst Comment: Mustang Panda is likely exploring this communication protocol in an attempt to hide its C2 traffic. Defense-in-depth approach should be used to stop sophisticated threats that evolve and utilize various techniques of defense evasion. Sensitive government sector workers should be educated on spearphishing threats and be wary of executable files delivered in archives.
MITRE ATT&CK: [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1583.004 - Acquire Infrastructure: Server | [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1588.002 - Obtain Capabilities: Tool | [MITRE ATT&CK] T1608.001 - Stage Capabilities: Upload Malware | [MITRE ATT&CK] T1608.002 - Stage Capabilities: Upload Tool | [MITRE ATT&CK] T1566.002 - Phishing: Spearphishing Link | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1204.002 - User Execution: Malicious File | [MITRE ATT&CK] T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | [MITRE ATT&CK] T1036.004 - Masquerading: Masquerade Task Or Service | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1480 - Execution Guardrails | [MITRE ATT&CK] T1622 - Debugger Evasion | |
Threat Ransomware Malware Tool Vulnerability Medical | ★ | |
 |
2023-03-06 23:30:00 | Lazarus Group Attack Case Using Vulnerability of Certificate Software Commonly Used by Public Institutions and Universities (lien direct) | Since two years ago (March 2021), the Lazarus group’s malware strains have been found in various Korean companies related to national defense, satellites, software, media press, etc. As such, ASEC (AhnLab Security Emergency Response Center) has been pursuing and analyzing the Lazarus threat group’s activities and related malware. The affected company in this case had been infiltrated by the Lazarus group in May 2022 and was re-infiltrated recently through the same software’s 0-Day vulnerability. During the infiltration in May 2022,... | Threat Malware Vulnerability Medical | APT 38 | ★★★ |
To see everything:
Our RSS (filtrered)
