CyberSecure Specialist

29 Dec

Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients

Information, News

Southwest Louisiana healthcare provider Lake Charles Memorial Health System (LCMHS) is informing roughly 270,000 patients that their personal and medical information was compromised in a data breach. A regional community healthcare system consisting of several facilities, LCMHS identified the cyberattack on October 25 and started informing the impacted patients of the incident on December 23. In a notification on its website, LCMHS says that ‘an unauthorized third party’ gained access to its network between October…

Read More
28 Dec

Twitter data of “+400 million unique users” up for sale – what to do?

Information

by Paul Ducklin Hot on the heels of the LastPass data breach saga, which first came to light in August 2022, comes news of a Twitter breach, apparently based on a Twitter bug that first made headlines back in the same month. According to a screenshot posted by news site Bleeping Computer, a cybercriminal has advertised: I’m selling data of +400 million unique Twitter users that was scraped via a vulnerability, this data is completely…

Read More
28 Dec

$8,000,000 In Cryptocurrency Stolen by Trojanized BitKeep App

Attacks, Malware

BitKeep recommends that anyone who may have installed the trojanized app should first download the official app from a trusted source like the Google Play Store, create a new wallet, and transfer all funds to it before removing the malicious version of the app. Any wallets created via the malicious app should be treated as compromised. In general, Binary Defense recommends only installing applications from the official app stores, such as Google Play for Android…

Read More
28 Dec

Ransomware attack at Louisiana hospital impacts 270,000 patients

Attacks, Malware

Data breaches involving healthcare or insurance information could result in insurance fraud. In addition to the normal precautions such as placing a freeze request with the major credit bureaus and monitoring financial accounts for unusual transactions, victims of medical data breaches should also be aware that identity thieves might attempt to get expensive medical procedures using their stolen insurance information. Carefully check “Explanation of Benefits” (EOB) forms or online claims notifications and promptly inform health…

Read More
28 Dec

Netwrix Acquires Remediant for PAM Technology

Information, Malware, News

Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category. Financial terms of the acquisition were not disclosed.  Remediant, based in San Francisco and backed by Dell Technologies Capital and ForgePoint Capital, raised $15 million in Series A venture capital funding in August 2019. Remediant, founded in 2015 by security practitioners Paul Lanzi  and Tim Keeler, built a PAM software product that offered continuous…

Read More
28 Dec

EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer

Information, News

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user’s conversations, according to a team of researchers from several universities in the United States. The attack method, named EarSpy, is described in a paper published just before Christmas by researchers from Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University…

Read More
28 Dec

Log4Shell remains a big threat and a common cause for security breaches

Data Breaches, Malware, Social Engineering

The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its long-lasting impact highlights the major risks posed by flaws in transitive software dependencies and the need for enterprises to urgently adopt software composition analysis and secure supply chain management practices Log4Shell, officially tracked as CVE-2021-44228,…

Read More
27 Dec

2022 in review: 10 of the year’s biggest cyberattacks

Information

The past year has seen no shortage of disruptive cyberattacks – here’s a round-up of some of the worst hacks and breaches that have impacted a variety of targets around the world in 2022 The past year has seen the global economy lurch from one crisis to another. As COVID-19 finally began to recede in many regions, what replaced it has been rising energy bills, soaring inflation and a resulting cost-of-living crisis – some of…

Read More
27 Dec

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Information, Uncategorized

by Paul Ducklin Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably best known for buying up zero-day security bugs via the popular Pwn2Own competitions, where bug-bounty hunting teams…

Read More
27 Dec

Threat Actor Accessed Unencrypted Customer Metadata, LastPass Reports

Attacks, Malware

The primary risk introduced by this breach is the combination of the unencrypted metadata with customer account information. With those two pieces of information, malicious actors can put together a profile of websites the exposed customers have accounts on, combine that with open source intelligence (OSINT) from social media, and perform activities such as spearphishing, vishing, or other social engineering techniques against employees. Additional social engineering awareness training may be effective over the next couple…

Read More