Category Archives: Cyber news

Israeli hospital cancels non-urgent procedures following ransomware attack

Abstract

Israel’s National Cyber Directorate (INCD) is urging organizations across the country to bolster their cyber defenses following a disruptive ransomware attack against a hospital in Israel’s northwest.

The Hillel Yaffe Medical Center, situated in the city of Hadera, cancelled non-urgent procedures as staff reportedly resorted to using pen and paper after IT systems were disabled by a cyber-attack yesterday (October 13).

Indicators of compromise

The INCD, which is assisting with the hospital’s post-incident investigation and recovery, has shared indicators of compromise (IOCs) in order to help hospitals and other organizations spot evidence of similar network intrusions.

Evidence of unusual activity should be reported to the INCD, it added.

Read more

https://portswigger.net/daily-swig/israeli-hospital-cancels-non-urgent-procedures-following-ransomware-attack

Man charged with hack which shared COVID-19 test details in protest against vaccine pass

Abstract

Police in France have arrested and charged a 22-year-old man with hacking into a “secure” file-sharing systems used by a Parisian hospital trust, and stealing the COVID-19 test details for some 1.4 million people.

According to local media reports, the alleged hacker not only stole highly sensitive information from Assistance Publique – Hôpitaux de Paris (AP-HP), but also distributed the data as part of an anti-vaccine protest.

The French government requires individuals to carry a “vaccine pass” (known as a passe sanitaire)if they wish to enter cafés, bars, restaurants, museums, cinemas, and access events.

Read more in

https://grahamcluley.com/man-charged-with-hack-which-shared-covid-19-test-details-in-protest-against-vaccine-pass/

FBI created & manage ANOM Secure chat app to catch criminals

Abstract

The FBI has revealed how it managed to hoodwink the criminal underworld with its secretly backdoored AN0M encrypted chat app, leading to hundreds of arrests, the seizure of 32 tons of drugs, 250 firearms, 55 luxury cars, more than $148M, and even cocaine-filled pineapples.

About 12,000 smartphones with AN0M installed were sold into organized crime rings: the devices were touted as pure encrypted messaging tools — no GPS, email or web browsing, and certainly no voice calls, cameras, and microphones. They were “designed by criminals, for criminals exclusively,” one defendant told investigators, Randy Grossman, Acting US Attorney for the Southern District of California, told a press conference on Tuesday.

Read more in.

https://www.theregister.com/2021/06/08/fbi_trojan_shield/?mc_cid=19e50215e2&mc_eid=35079f6e24

Security company exec and founder charged with facilitating cyber attack on Georgia hospital

Abstract

Chris Hacker, an FBIsSpecial agent at the Atlanta field office said the 2018 attack “not only could have had disastrous consequences, but patients’ personal information was also compromised.”

The indictment describes Singla as “chief operating officer for a network security company” at the time of the attack but does not name the company. According to Singla’s public LinkedIn profile, he has been chief operating officer for the Atlanta, Georgia-based security firm Securolytics since 2016. A profile of the company on Crunchbase listsSingla as one of two founders of the firm.

Read more in

https://www.scmagazine.com/home/health-care/security-company-exec-and-founder-charged-with-facilitating-cyber-attack-on-georgia-hospital/

Good Read: API First Security Strategy

Every software in the world is either an API or uses API. API (Application programming interface) has enabled the world to connect digitally and advances the broader use of IoT devices.

As APIs’ popularity rises, so does their prevalence as an attack vector for cybercriminals because bad actors have always loved the most target-rich technologies. Gartner forecasts that APIs will become the most common attack vector by next year. Yet despite higher awareness of the need for API security, breaches continue to happen.

Abstract

What does an API-first security strategy look like? Here are five observations:

1. High visibility is crucial. An API-first approach is all about acknowledging the API as a first-class citizen in an application’s design. Given the increase in vital work that the API does in communicating between applications, APIs must have the same scrutiny of access controls that a superuser (e.g., an IT administrative specialist with unlimited privileges) would.

2. REST APIs are a growing target. REST (REpresentational State Transfer) is the duct tape of technology — it defines how systems can be connected to (and interact with) each other by using HTTP requests to access and use data. REST API usage has become so widespread in enterprise application development that many companies have difficulties defining a clear picture of all their deployments. These visibility gaps make APIs harder to protect.

3. Encryption of all data is key. This is true not just when data is at rest, but also in transit. In this encryption scenario, the API would use TLS and authorization tokens to transmit data securely, and the data that the API is accessing should also be encrypted.

4. Credential stuffing is still a huge problem and an evolving threat. Credential stuffing is the practice of using an automated injection of stolen credentials to gain unauthorized access. Companies have gotten better at securing their front-end applications and webpages to defend against credential stuffing. Still, hackers increasingly have been targeting back-end APIs that historically tended to have fewer implemented security controls.

5. Automated checks should be standard practice. I’m seeing how rarely I see automated security checks as part of a CI/CD pipeline, if they are implemented at all. A mature application security team should work with the engineering squads to design and incorporate security into pipelines and allow an organization to scale security with its product offerings.

Reference

https://www.darkreading.com/application-security/5-objectives-for-establishing-an-api-first-security-strategy/a/d-id/1340622?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple