What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-23 19:33:00 | L'assureur santé indique que des informations sur les patients ont été volées dans une attaque de ransomware Health insurer says patients\\' information was stolen in ransomware attack (lien direct) |
L'un des plus grands assureurs de santé de la Nouvelle-Angleterre a informé mardi des clients actuels et anciens que les données, y compris les antécédents médicaux et les diagnostics des patients, ont été copiées et prises lors d'une attaque de ransomware.Point32Health - qui supervise le plan de santé des soins de santé et Tufts de Harvard - a déclaré d'abord Découvert L'incident le 17 avril le 17 avrilet a lancé une enquête
One of New England\'s largest health insurers notified current and former customers Tuesday that data including patient medical history and diagnoses was copied and taken during a ransomware attack. Point32Health - which oversees Harvard Pilgrim Health Care and Tufts Health Plan - said it first discovered the incident on April 17 and launched an investigation |
Ransomware Medical | ★★ | |
 |
2023-05-23 10:00:00 | L'intersection de la télésanté, de l'IA et de la cybersécurité The intersection of telehealth, AI, and Cybersecurity (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Artificial intelligence is the hottest topic in tech today. AI algorithms are capable of breaking down massive amounts of data in the blink of an eye and have the potential to help us all lead healthier, happier lives. The power of machine learning means that AI-integrated telehealth services are on the rise, too. Almost every progressive provider today uses some amount of AI to track patients’ health data, schedule appointments, or automatically order medicine. However, AI-integrated telehealth may pose a cybersecurity risk. New technology is vulnerable to malicious actors and complex AI systems are largely reliant on a web of interconnected Internet of Things (IoT) devices. Before adopting AI, providers and patients must understand the unique opportunities and challenges that come with automation and algorithms. Improving the healthcare consumer journey Effective telehealth care is all about connecting patients with the right provider at the right time. Folks who need treatment can’t be delayed by bureaucratic practices or burdensome red tape. AI can improve the patient journey by automating monotonous tasks and improving the efficiency of customer identity and access management (CIAM) software. CIAM software that uses AI can utilize digital identity solutions to automate the registration and patient service process. This is important, as most patients say that they’d rather resolve their own questions and queries on their own before speaking to a service agent. Self-service features even allow patients to share important third-party data with telehealth systems via IoT tech like smartwatches. AI-integrated CIAM software is interoperable, too. This means that patients and providers can connect to the CIAM using omnichannel pathways. As a result, users can use data from multiple systems within the same telehealth digital ecosystem. However, this omnichannel approach to the healthcare consumer journey still needs to be HIPAA compliant and protect patient privacy. Medicine and diagnoses Misdiagnoses are more common than most people realize. In the US, 12 million people are misdiagnosed every year. Diagnoses may be even more tricky via telehealth, as doctors can’t read patients\' body language or physically inspect their symptoms. AI can improve the accuracy of diagnoses by leveraging machine learning algorithms during the decision-making process. These programs can be taught how to distinguish between different types of diseases and may point doctors in the right direction. Preliminary findings suggest that this can improve the accuracy of medical diagnoses to 99.5%. Automated programs can help patients maintain their medicine and re-order repeat prescriptions. This is particularly important for rural patients who are unable to visit the doctor\'s office and may have limited time to call in. As a result, telehealth portals that use AI to automate the process help providers close the rural-urban divide. Ethical considerations AI has clear benefits in telehealth. However, machine learning programs and automated platforms do put patient data at i | Medical | ChatGPT ChatGPT | ★★ |
|
2023-05-22 10:00:00 | Partager les données de votre entreprise avec Chatgpt: à quel point est-elle risquée? Sharing your business\\'s data with ChatGPT: How risky is it? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As a natural language processing model, ChatGPT - and other similar machine learning-based language models - is trained on huge amounts of textual data. Processing all this data, ChatGPT can produce written responses that sound like they come from a real human being. ChatGPT learns from the data it ingests. If this information includes your sensitive business data, then sharing it with ChatGPT could potentially be risky and lead to cybersecurity concerns. For example, what if you feed ChatGPT pre-earnings company financial information, company proprietary software codeor materials used for internal presentations without realizing that practically anybody could obtain that sensitive information just by asking ChatGPT about it? If you use your smartphone to engage with ChatGPT, then a smartphone security breach could be all it takes to access your ChatGPT query history. In light of these implications, let\'s discuss if - and how - ChatGPT stores its users\' input data, as well as potential risks you may face when sharing sensitive business data with ChatGPT. Does ChatGPT store users’ input data? The answer is complicated. While ChatGPT does not automatically add data from queries to models specifically to make this data available for others to query, any prompt does become visible to OpenAI, the organization behind the large language model. Although no membership inference attacks have yet been carried out against the large language learning models that drive ChatGPT, databases containing saved prompts as well as embedded learnings could be potentially compromised by a cybersecurity breach. OpenAI, the parent company that developed ChatGPT, is working with other companies to limit the general access that language learning models have to personal data and sensitive information. But the technology is still in its nascent developing stages - ChatGPT was only just released to the public in November of last year. By just two months into its public release, ChatGPT had been accessed by over 100 million users, making it the fastest-growing consumer app ever at record-breaking speeds. With such rapid growth and expansion, regulations have been slow to keep up. The user base is so broad that there are abundant security gaps and vulnerabilities throughout the model. Risks of sharing business data with ChatGPT In June 2021, researchers from Apple, Stanford University, Google, Harvard University, and others published a paper that revealed that GPT-2, a language learning model similar to ChatGPT, could accurately recall sensitive information from training documents. The report found that GPT-2 could call up information with specific personal identifiers, recreate exact sequences of text, and provide other sensitive information when prompted. These “training data extraction attacks” could present a growing threat to the security of researchers working on machine learning models, as hackers may be able to access machine learning researcher data and steal their protected intellectual property. One data security company called Cyberhaven has released reports of ChatGPT cybersecurity vulnerabilities it has recently prevented. According to the reports, Cyberhaven has identified and prevented insecure requ | Tool Threat Medical | ChatGPT ChatGPT | ★★ |
 |
2023-05-16 08:30:00 | PharMerica Breach Hits Over 5.8 Million Customers (lien direct) | Données médicales et d'assurance exposées dans une attaque de ransomware
Medical and insurance data exposed in ransomware attack |
Ransomware Medical | ★★ | |
 |
2023-05-15 14:10:40 | Ransomware gang steals data of 5.8 million PharMerica patients (lien direct) | Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...]
Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...] |
Ransomware Data Breach Medical | ★★ | |
 |
2023-05-11 13:15:13 | CVE-2023-29863 (lien direct) | Medical Systems Co. Medisys Weblab Products V19.4.03 a été découvert qu'il contenait une vulnérabilité d'injection SQL via le paramètre TEM: Instruction dans les fichiers WSDL.
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. |
Vulnerability Medical | ||
 |
2023-05-03 20:38:00 | La vulnérabilité des équipements de séquençage d'ADN ajoute une nouvelle torsion aux cyber-menaces de dispositifs médicaux DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats (lien direct) |
Une vulnérabilité dans un séquenceur d'ADN met en évidence la surface d'attaque élargie des organisations de soins de santé, mais montre également que la déclaration des vulnérabilités des dispositifs médicaux fonctionne.
A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works. |
Vulnerability Medical | ★★★ | |
|
2023-05-01 10:00:00 | Le rôle de l'IA dans les soins de santé: révolutionner l'industrie des soins de santé The role of AI in healthcare: Revolutionizing the healthcare industry (lien direct) |
Le contenu de ce post est uniquement la responsabilité de l'auteur. & nbsp;AT & amp; t n'adopte ni n'approuve aucune des vues, des positions ou des informations fournies par l'auteur dans cet article. & Nbsp; Introduction L'intelligence artificielle (AI) est le mimétisme de certains aspects du comportement humain tels que le traitement du langage et la prise de décision en utilisant de grands modèles de langage (LLM) et le traitement du langage naturel (PNL). Les LLM sont un type spécifique d'IA qui analyse et génèrent un langage naturel à l'aide d'algorithmes d'apprentissage en profondeur.Les programmes d'IA sont faits pour penser comme les humains et imiter leurs actions sans être biaisés ou influencés par les émotions. LLMS fournit des systèmes pour traiter les grands ensembles de données et fournir une vue plus claire de la tâche à accomplir.L'IA peut être utilisée pour identifier les modèles, analyser les données et faire des prédictions basées sur les données qui leur sont fournies.Il peut être utilisé comme chatbots, assistants virtuels, traduction du langage et systèmes de traitement d'image. Certains principaux fournisseurs d'IA sont des chatppt par Open AI, Bard par Google, Bing AI par Microsoft et Watson AI par IBM.L'IA a le potentiel de révolutionner diverses industries, notamment le transport, la finance, les soins de santé et plus encore en prenant des décisions rapides, précises et éclairées avec l'aide de grands ensembles de données.Dans cet article, nous parlerons de certaines applications de l'IA dans les soins de santé. Applications de l'IA dans les soins de santé Il existe plusieurs applications de l'IA qui ont été mises en œuvre dans le secteur des soins de santé qui s'est avérée très réussie. Certains exemples sont: Imagerie médicale: Les algorithmes AI sont utilisés pour analyser des images médicales telles que les rayons X, les analyses d'IRM et les tomodensitométrie.Les algorithmes d'IA peuvent aider les radiologues à identifier les anomalies - aider les radiologues à faire des diagnostics plus précis.Par exemple, Google & rsquo; S AI Powered DeepMind a montré une précision similaire par rapport aux radiologues humains dans l'identification du cancer du sein. & nbsp; Médecine personnalisée: L'IA peut être utilisée pour générer des informations sur les biomarqueurs, les informations génétiques, les allergies et les évaluations psychologiques pour personnaliser le meilleur traitement des patients. . Ces données peuvent être utilisées pour prédire comment le patient réagira à divers cours de traitement pour une certaine condition.Cela peut minimiser les effets indésirables et réduire les coûts des options de traitement inutiles ou coûteuses.De même, il peut être utilisé pour traiter les troubles génétiques avec des plans de traitement personnalisés.Par exemple, Genomics profonde est une entreprise utilisant des systèmes d'IA pour développer des traitements personnalisés pour les troubles génétiques. Diagnostic de la maladie: Les systèmes d'IA peuvent être utilisés pour analyser les données des patients, y compris les antécédents médicaux et les résultats des tests pour établir un diagnostic plus précis et précoce des conditions mortelles comme le cancer.Par exemple, Pfizer a collaboré avec différents services basés sur l'IA pour diagnostiquer les maladies et IBM Watson utilise les PNL et les algorithmes d'apprentissage automatique pour l'oncologie dans l'élaboration de plans de traitement pour les patients atteints de cancer. Découverte de médicaments: L'IA peut être utilisée en R & amp; D pour la découverte de médicaments, ce qui rend le processus plus rapidement.L'IA peut supprimer certaines | Prediction Medical | ChatGPT ChatGPT | ★★ |
 |
2023-04-29 10:04:00 | CISA met en garde contre les défauts critiques dans les instruments de séquençage d'ADN d'Illumina \\ CISA Warns of Critical Flaws in Illumina\\'s DNA Sequencing Instruments (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié un avertissement consultatif médical des systèmes de contrôle industriel (ICS) d'un défaut critique ayant un impact sur les dispositifs médicaux Illumina.
Les problèmes ont un impact sur le logiciel Universal Copy Service (UCS) dans l'illuminaMiseqdx, NextSeq 550DX, ISCAN, ISEQ 100, MINISEQ, MISEQ, NEXTSEQ 500, NextSeq 550, NextSeq 1000/2000 et Novaseq 6000 ADN
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA |
Industrial Medical | ★★ | |
|
2023-04-24 10:56:00 | Sécuriser l'écosystème Edge Research mondial publié & # 8211;Rapport gratuit disponible Securing the Edge Ecosystem Global Research released – Complimentary report available (lien direct) |
AT&T Cybersecurity is committed to providing thought leadership to help you strategically plan for an evolving cybersecurity landscape. Our 2023 AT&T Cybersecurity InsightsTM Report: Edge Ecosystem is now available. It describes the common characteristics of an edge computing environment, the top use cases and security trends, and key recommendations for strategic planning. Get your free copy now. This is the 12th edition of our vendor-neutral and forward-looking report. During the last four years, the annual AT&T Cybersecurity Insights Report has focused on edge migration. Past reports have documented how we interact using edge computing (get the 2020 report) benefit from edge computing (get the 2021 report) secure the data, applications, and endpoints that rely on edge computing (get the 2022 report) This year’s report reveals how the edge ecosystem is maturing along with our guidance on adapting and managing this new era of computing. Watch the webcast to hear more about our findings. The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry. At the onset of our research, we set out to find the following: Momentum of edge computing in the market. Collaboration approaches to connecting and securing the edge ecosystem. Perceived risk and benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. As with any piece of primary research, we found some surprising and some not-so-surprising answers to these three broad questions. Edge computing has expanded, creating a new ecosystem Because our survey focused on leaders who are using edge to solve business problems, the research revealed a set of common characteristics that respondents agreed define edge computing. A distributed model of management, intelligence, and networks. Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud. Software-defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments). Understanding these common characteristics are essential as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process and deliver data with velocity, volume, and variety, unlike anything we’ve previously seen. Business is embracing the value of edge deployments The primary use case of industries we sur | Ransomware Medical Cloud | ★★★ | |
|
2023-04-21 20:33:00 | Shields Health Breach expose 2,3 millions d'utilisateurs \\ 'Données Shields Health Breach Exposes 2.3M Users\\' Data (lien direct) |
Les systèmes de l'entreprise d'imagerie médicale ont été compromis par un acteur de menace, exposant les licences de conducteur \\ 's \\ et d'autres informations d'identification.
The medical imaging firm\'s systems were compromised by a threat actor, exposing patients\' driver\'s licenses and other identifying information. |
Threat Medical | ★★ | |
|
2023-04-19 15:30:00 | Systèmes d'appel d'infirmière, pompes de perfusion Nurse Call Systems, Infusion Pumps Riskiest Connected Medical Devices (lien direct) |
Les conclusions proviennent d'un nouveau rapport par Asset Visibility and Security Company Armis
The findings come from a new report by asset visibility and security company Armis |
Medical | ★★ | |
|
2023-04-12 16:00:00 | Crowdsstrike étend Falcon pour inclure l'IoT CrowdStrike Expands Falcon to Include IoT (lien direct) |
Crowdsstrike Falcon Insight pour l'IoT couvre l'Internet des objets, l'IoT industriel, la technologie des opérations, ainsi que les dispositifs médicaux.
CrowdStrike Falcon Insight for IoT covers Internet of Things, Industrial IoT, Operations Technology, as well as medical devices. |
Industrial Medical | ★★ | |
|
2023-04-06 13:45:00 | Sécuriser les dispositifs médicaux est une question de vie et de mort Securing Medical Devices is a Matter of Life and Death (lien direct) |
Les défis de la cybersécurité de l'Internet des choses médicales (IOMT) sont encore largement sans réponse
The cybersecurity challenges of the Internet of Medical Things (IoMT) are still largely unanswered |
Medical | ★★★ | |
|
2023-03-31 21:32:00 | La refonte de cybersécurité des dispositifs médicaux de la FDA \\ a de vraies dents, disent les experts [The FDA\\'s Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say] (lien direct) | Les problèmes physiques et de cyber-sécurité entourant les dispositifs médicaux comme IV Pumps sont enfin traités de manière significative par une nouvelle politique qui entre en vigueur cette semaine.
The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week. |
Medical | ★★★ | |
|
2023-03-30 15:30:00 | La FDA protège les dispositifs médicaux contre les cyber-menaces avec de nouvelles mesures [FDA Protects Medical Devices Against Cyber-Threats With New Measures] (lien direct) | Les nouvelles applications de dispositifs médicaux devraient "surveiller, identifier et résoudre" les problèmes de cybersécurité
New medical devices applications should "monitor, identify, and address" cybersecurity issues |
Medical | ★★★ | |
|
2023-03-29 21:09:00 | La FDA peut désormais rejeter de nouveaux dispositifs médicaux par rapport aux normes de cyber [FDA can now reject new medical devices over cyber standards] (lien direct) |
La Food and Drug Administration [affirmée] (https://www.fda.gov/regulatory-information/search-fda-puidance-cuments/cybersecurity-medical-devices-refuse-accept-policy-cyber-devices-Systèmes et systèmes liés à la section) Mercredi que les fabricants de dispositifs médicaux doivent désormais prouver que leurs produits répondent à certaines normes de cybersécurité afin d'obtenir l'approbation de l'agence.Les directives ont été présentées dans le projet de loi sur les crédits omnibus signé en décembre dernier, qui a autorisé la FDA à imposer des exigences de sécurité aux fabricants et à attribuer 5 $
The Food and Drug Administration [affirmed](https://www.fda.gov/regulatory-information/search-fda-guidance-documents/cybersecurity-medical-devices-refuse-accept-policy-cyber-devices-and-related-systems-under-section) Wednesday that medical device manufacturers must now prove their products meet certain cybersecurity standards in order to get the agency\'s approval. The guidelines were laid out in the omnibus appropriations bill signed into law last December, which authorized the FDA to impose security requirements on manufacturers and allocated $5 |
Medical | ★★ | |
|
2023-03-22 14:15:16 | CVE-2023-1566 (lien direct) | Une vulnérabilité a été trouvée dans Sourcecodeter Medical Certificate Generator App 1.0.Il a été déclaré comme critique.Cette vulnérabilité affecte le code inconnu du fichier Action.php.La manipulation de l'ID d'argument conduit à l'injection de SQL.L'attaque peut être initiée à distance.L'exploit a été divulgué au public et peut être utilisé.VDB-223558 est l'identifiant attribué à cette vulnérabilité.
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223558 is the identifier assigned to this vulnerability. |
Vulnerability Guideline Medical | ||
 |
2023-03-20 18:30:00 | When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule (lien direct) | > En février 2023, X-Force a publié un blog intitulé & # 8220; Direct Kernel Object Manipulation (DKOM) Attacks contre les fournisseurs ETW & # 8221;Cela détaille les capacités d'un échantillon attribué au groupe Lazare se sont exploités pour altérer la visibilité des opérations de logiciels malveillants.Ce blog ne remaniera pas l'analyse de l'échantillon de logiciel malveillant Lazarus ou du traçage d'événements pour Windows (ETW) comme [& # 8230;]
>In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […] |
Malware Medical | APT 38 | ★★★ |
 |
2023-03-17 16:57:59 | Healthcare Firm ILS Alerts 4.2 Million People Of Data Breach (lien direct) | A data breach at Independent Living Systems (ILS), a Miami-based supplier of healthcare administration and managed care solutions, exposed 4,226,508 people’s data. This year’s largest revealed healthcare data breach, according to the number of affected individuals. ILS owns and manages Florida Community Care, a network of long-term care providers serving Medicaid beneficiaries throughout the state, […] | Data Breach Medical | ★★★ | |
|
2023-03-16 12:45:00 | Healthcare software firm ILS announces data breach affecting more than 4 million people (lien direct) |
The sensitive healthcare data of more than four million people was accessed by hackers who broke into the network of Independent Living Systems (ILS), a healthcare software company based in Miami. The company has provided third-party administrative services to health plans, providers, hospitals, and pharmaceutical and medical device companies for nearly two decades. ILS began |
Data Breach Medical | ★★ | |
 |
2023-03-14 19:57:32 | Cancer patient sues medical provider after ransomware group posts her photos online (lien direct) | >The suit comes about six weeks after the ransomware threatened to post sensitive material online if they weren't paid. | Ransomware Medical | ★★★ | |
|
2023-03-14 13:09:20 | 1 Million People Affected By Zoll Medical Data Breach (lien direct) | Zoll Medical, a medical technology developer, recently announced that it had suffered a data breach. The company said that the breach was detected at the end of January when it found some unusual activity on its internal network. After investigation, it found that the personal information of approximately one million individuals might have been compromised. […] | Data Breach Medical | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-14 12:01:00 | Medical device giant says cyberattack leaked sensitive data of 1 million people (lien direct) |
Medical device maker Zoll said a cyberattack in January exposed the sensitive information of more than 1 million people. In documents [provided](https://apps.web.maine.gov/online/aeviewer/ME/40/ab192c35-667d-4bc9-ad18-fa710bd10b15.shtml) to Maine's Attorney General, Zoll said the incident started on January 28 when they “detected unusual activity” on their internal network. The company added that information was accessed on February 2. Zoll said |
Medical | ★★★ | |
 |
2023-03-13 11:16:54 | Zoll Medical Data Breach Impacts 1 Million Individuals (lien direct) | >Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. | Data Breach Medical | ★★ | |
|
2023-03-13 09:15:10 | CVE-2023-0888 (lien direct) | An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks | Vulnerability Medical | ||
|
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
 |
2023-03-07 16:30:00 | Anomali Cyber Watch: Mustang Panda Adopted MQTT Protocol, Redis Miner Optimization Risks Data Corruption, BlackLotus Bootkit Reintroduces Vulnerable UEFI Binaries (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Cryptojacking, Phishing, Ransomware, Secure boot bypass, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
MQsTTang: Mustang Panda’s Latest Backdoor Treads New Ground with Qt and MQTT
(published: March 2, 2023)
In early 2023, China-sponsored group Mustang Panda began experimenting with a new custom backdoor dubbed MQsTTang. The backdoor received its name based on the attribution and the unique use of the MQTT command and control (C2) communication protocol that is typically used for communication between IoT devices and controllers. To establish this protocol, MQsTTang uses the open source QMQTT library based on the Qt framework. MQsTTang is delivered through spearphishing malicious link pointing at a RAR archive with a single malicious executable. MQsTTang was delivered to targets in Australia, Bulgaria, Taiwan, and likely some other countries in Asia and Europe.
Analyst Comment: Mustang Panda is likely exploring this communication protocol in an attempt to hide its C2 traffic. Defense-in-depth approach should be used to stop sophisticated threats that evolve and utilize various techniques of defense evasion. Sensitive government sector workers should be educated on spearphishing threats and be wary of executable files delivered in archives.
MITRE ATT&CK: [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1583.004 - Acquire Infrastructure: Server | [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1588.002 - Obtain Capabilities: Tool | [MITRE ATT&CK] T1608.001 - Stage Capabilities: Upload Malware | [MITRE ATT&CK] T1608.002 - Stage Capabilities: Upload Tool | [MITRE ATT&CK] T1566.002 - Phishing: Spearphishing Link | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1204.002 - User Execution: Malicious File | [MITRE ATT&CK] T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | [MITRE ATT&CK] T1036.004 - Masquerading: Masquerade Task Or Service | [MITRE ATT&CK] T1036.005 - Masquerading: Match Legitimate Name Or Location | [MITRE ATT&CK] T1480 - Execution Guardrails | [MITRE ATT&CK] T1622 - Debugger Evasion | |
Ransomware Malware Tool Vulnerability Threat Medical | ★ | |
 |
2023-03-06 23:30:00 | Lazarus Group Attack Case Using Vulnerability of Certificate Software Commonly Used by Public Institutions and Universities (lien direct) | Since two years ago (March 2021), the Lazarus group’s malware strains have been found in various Korean companies related to national defense, satellites, software, media press, etc. As such, ASEC (AhnLab Security Emergency Response Center) has been pursuing and analyzing the Lazarus threat group’s activities and related malware. The affected company in this case had been infiltrated by the Lazarus group in May 2022 and was re-infiltrated recently through the same software’s 0-Day vulnerability. During the infiltration in May 2022,... | Malware Vulnerability Threat Medical | APT 38 | ★★★ |
|
2023-03-02 07:15:08 | CVE-2023-1151 (lien direct) | A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163. | Vulnerability Guideline Medical | ||
|
2023-02-28 16:15:00 | Anomali Cyber Watch: Newly-Discovered WinorDLL64 Backdoor Has Code Similarities with Lazarus GhostSecret, Atharvan Backdoor Can Be Restricted to Communicate on Certain Days (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, DLL sideloading, Infostealers, Phishing, Social engineering, and Tunneling. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
WinorDLL64: A Backdoor From The Vast Lazarus Arsenal?
(published: February 23, 2023)
When the Wslink downloader (WinorLoaderDLL64.dll) was first discovered in 2021, it had no known payload and no known attribution. Now ESET researchers have discovered a Wslink payload dubbed WinorDLL64. This backdoor uses some of Wslink functions and the Wslink-established TCP connection encrypted with 256-bit AES-CBC cipher. WinorDLL64 has some code similarities with the GhostSecret malware used by North Korea-sponsored Lazarus Group.
Analyst Comment: Wslink and WinorDLL64 use a well-developed cryptographic protocol to protect the exchanged data. Innovating advanced persistent groups like Lazarus often come out with new versions of their custom malware. It makes it important for network defenders to leverage the knowledge of a wider security community by adding relevant premium feeds and leveraging the controls automation via Anomali Platform integrations.
MITRE ATT&CK: [MITRE ATT&CK] T1587.001 - Develop Capabilities: Malware | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1106: Native API | [MITRE ATT&CK] T1134.002 - Access Token Manipulation: Create Process With Token | [MITRE ATT&CK] T1070.004 - Indicator Removal on Host: File Deletion | [MITRE ATT&CK] T1087.001 - Account Discovery: Local Account | [MITRE ATT&CK] T1087.002 - Account Discovery: Domain Account | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1135 - Network Share Discovery | [MITRE ATT&CK] T1057 - Process Discovery | [MITRE ATT&CK] T1012: Query Registry | [MITRE ATT&CK] Picus: The System Information Discovery Technique Explained - MITRE ATT&CK T1082 | [MITRE ATT&CK] T1614 - System Location Discovery | [MITRE ATT&CK] T1614.001 - System Location Discovery: System Language Discovery | [MITRE ATT&CK] T1016 - System Network Configuration Discovery | [MITRE ATT&CK] T1049 - System Network Connections Discovery | |
Ransomware Malware Tool Threat Medical Medical Cloud | APT 38 | ★ |
|
2023-02-27 12:42:51 | Danish hospitals hit by cyberattack from \'Anonymous Sudan\' (lien direct) |  The websites of nine hospitals in Denmark went offline on Sunday evening following distributed-denial-of-service (DDoS) attacks from a group calling itself Anonymous Sudan. Copenhagen's health authority said on Twitter that although the websites for the hospitals were down, medical care at the facilities was unaffected by the attacks. It later added the sites were back [… |
Medical | ★★ | |
|
2023-02-27 11:00:00 | Integrating Cybersecurity in UX design (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Image Source: Pexels Integrating Cybersecurity in UX design The digital landscape has ensured a wider range of businesses has access to a truly global marketplace. On one hand, this helps bolster a thriving entrepreneurial ecosystem. However, it also means there is a significant amount of competition. If your company’s website or mobile application doesn’t provide a stellar user experience (UX), consumers are able and willing to go elsewhere. Yet, in the online environment, UX is not your only consideration. There are various threats your business and consumers face from cyber criminals. Therefore, when developing your online tools, you need to adopt effective protections. Unfortunately, many businesses struggle with implementing strong security that doesn’t also disrupt the UX. Your best approach here is usually to integrate cybersecurity with UX design. So, let’s explore why and how you can achieve this. How are UX and Cybersecurity related? One of the mistakes too many businesses make is assuming that UX and cybersecurity are separate aspects of the digital infrastructure. They can certainly have independent intentions to an extent with different goals and actions to achieve these goals. Yet, understanding how they are closely related is the first step to effective integration. In some ways one can’t — or, at least, shouldn’t — exist without the other. A good example of this is the application of web design in high-stakes sectors, like telehealth care. There are two core types of telehealth services; asynchronous care and synchronous (live) care. While there is a difference here in how patients interact with the medical professional, both types involve the collection and storage of sensitive data. It’s certainly important from a UX perspective to make both asynchronous and live processes as simple and convenient as possible for patients. Yet, this simplicity shouldn’t sacrifice the security of the data. Clear and strong security protocols give consumers confidence in the system and the company they’re interacting with. This applies to not just healthcare industries but also eCommerce, education, and supply chain sectors, among others. Similarly, consumers may be more likely to adopt more secure behaviors if they can see how it feeds into the convenience and enjoyment of their experience. This means that the UX development process must involve security considerations from the ground up, rather than as an afterthought. How can you plan effectively? As with any project, planning is essential to the successful integration of cybersecurity and UX design. An improvisatory approach that involves tacking security or UX elements onto your site or app doesn’t result in a strong development. Wherever possible, your best route is to bring both the UX departments and cybersecurity professionals together in the planning process from the outset. Each department will have insights into one another’s challenges that benefit the project as a whole. Another key part of your planning process is researching and analyzing your users’ behavior concerning the types of online tools you’re developing. Work with business analytics professionals to understand in what ways security factors into your target demographic’s preferred online experiences. | Tool Medical | ★★ | |
|
2023-02-24 09:15:10 | CVE-2023-1006 (lien direct) | A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument lastname with the input ">prompt(1) leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739. | Vulnerability Guideline Medical | ||
|
2023-02-23 22:33:00 | Student Medical Records Exposed After LAUSD Breach (lien direct) | "Hundreds" of special education students' psych records have turned up on the Dark Web. School records like these are covered by FERPA, not HIPAA, so parents have little recourse. | Medical | ★★ | |
|
2023-02-23 19:54:00 | Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (lien direct) | A previously unidentified threat group uses open source malware and phishing to conduct cyber-espionage on shipping and medical labs associated with COVID-19 treatments and vaccines. | Malware Threat Medical | ★★★ | |
|
2023-02-23 17:17:00 | Lazarus Group Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (lien direct) | A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying machine. | Malware Tool Medical | APT 38 | ★ |
|
2023-02-23 02:00:00 | Anti-Forensic Techniques Used By Lazarus Group (lien direct) | Since approximately a year ago, the Lazarus group’s malware has been discovered in various Korean companies related to national defense, satellites, software, and media press. The AhnLab ASEC analysis team has been continuously tracking the Lazarus threat group’s activities and other related TTPs. Among the recent cases, this post aims to share the anti-forensic traces and details found in the systems that were infiltrated by the Lazarus group. Overview Definition of Anti-Forensics Anti-forensics refers to the tampering of evidence in... | Malware Threat Medical | APT 38 | ★★ |
|
2023-02-22 22:42:55 | Shipping companies, medical laboratories in Asia targeted in espionage campaign (lien direct) |  Several shipping companies and medical laboratories in an Asian country have been targeted in an ongoing espionage campaign, Symantec says |
Medical | ★★ | |
|
2023-02-22 16:29:00 | Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia (lien direct) | Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-land tools," Symantec, by Broadcom Software, said in a report shared with The Hacker News. There is no | Threat Medical | ★★ | |
|
2023-02-22 16:00:00 | Hydrochasma Group Targets Asian Medical and Shipping Sectors (lien direct) | The hackers appear to have a possible interest in industries connected with COVID-19 treatments | Medical | ★★ | |
 |
2023-02-21 15:23:27 | (Déjà vu) Norway Seizes Stolen Crypto Funds Linked to the Lazarus Group (lien direct) | >In March 2022, the Lazarus Group, a North Korea-backed hacking group, stole around $5.84 million worth of cryptocurrency through the Axie Infinity Ronin Bridge hack. However, over ten months later, the Norwegian police agency Økokrim announced they had seized the stolen funds. The crime-fighting unit was able to track the money on the blockchain, even … | Medical | APT 38 | ★★ |
|
2023-02-21 15:23:27 | Norwegian Seize Stolen Crypto Funds Linked to the Lazarus Group (lien direct) | >In March 2022, the Lazarus Group, a North Korea-backed hacking group, stole around $5.84 million worth of cryptocurrency through the Axie Infinity Ronin Bridge hack. However, over ten months later, the Norwegian police agency Økokrim announced they had seized part of the stolen funds. The crime-fighting unit was able to track the money on the … | Medical | APT 38 | ★★ |
|
2023-02-20 16:53:00 | Norway Seizes $5.84 Million in Cryptocurrency Stolen by Lazarus Hackers (lien direct) | Norwegian police agency Økokrim has announced the seizure of 60 million NOK (about $5.84 million) worth of cryptocurrency stolen by the Lazarus Group in March 2022 following the Axie Infinity Ronin Bridge hack. "This case shows that we also have a great capacity to follow the money on the blockchain, even if the criminals use advanced methods," the agency said in a statement. The development | Medical | APT 38 | ★★ |
 |
2023-02-18 03:02:00 | Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples) (lien direct) |  2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted various industries, including defense, energy, and technology. Download the full collectionEmail me if you need the password (see in my profile) (209 MB. 218 samples listed in the hash tables below).The malware arsenal collected here includes:Elephant framework (GrimPlant (Backdoor) and GraphSteel (Stealer).)Graphiron BackdoorOutSteel (LorecDocStealer)BabaDedaCobalt Strike (Beacon)SaintBot DownloaderWhisperGate WiperAPT Group DescriptionAPT Group aliases:UAC-0056 (UA CERT)Ember Bear (Crowdstrike)Saint Bear (F-Secure)UNC2589 (Fireeye, IBM)Lorec53 (NSFOCUS)TA471 (Proofpoint)Nodaria (Symantec)Nascent Ursa (Palo Alto)LorecBearBleeding Bear (Elastic)DEV-0586 (MIcrosoft)The group is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021.The group primarily targets Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations.The group is known for using various malicious implants such as GrimPlant, GraphSteel, and CobaltStrike Beacon, as well as spear phishing attacks with macro-embedded Excel documents.In January 2022, the group performed a destructive wiper attack on multiple Ukrainian government computers and websites, known as WhisperGate.The Lorec53 group is a new type of APT group fi |
Ransomware Malware Hack Tool Vulnerability Threat Medical | ★★ | |
|
2023-02-17 05:15:06 | Norway finds a way to recover crypto North Korea pinched in Axie heist (lien direct) | Meanwhile South Korea's Do Kwon is sought for fraud by US authorities Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea.… | Hack Medical | APT 38 | ★★★ |
|
2023-02-13 14:34:20 | 3.3 Million Impacted by Ransomware Attack at California Healthcare Provider (lien direct) | >The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group. | Ransomware Medical | ★★ | |
|
2023-02-11 02:16:08 | Ransomware crooks steal 3m+ patients\' medical records, personal info (lien direct) | All that data coming soon to a darkweb crime forum near you? Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection in December.… | Ransomware Medical | ★★★ | |
|
2023-02-10 12:36:22 | California medical group data breach impacts 3.3 million patients (lien direct) | Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. [...] | Ransomware Data Breach Medical | Heritage Heritage | ★★★ |
To see everything:
Our RSS (filtrered)
