Malware Can Hide Within DICOM Medical Images
It has been found that malware can now hide within DICOM medical images. These are the type of images that doctors look at when they do XRay, CT or MRI scans.
The analysis named Markel Picado Ortiz was able to take advantage of the DICOM flaw which allows the “128-byte section at the beginning of the file, called the preamble” to be injected with malware.
“By mixing in with protected health information malware can effectivelyexploit the data’s clinical and regulatory implications to evade detection and derail remediation attempts while creating a host of new concerns for security teams, healthcare organizations, and antivirus companies in the process,” Ortiz wrote.
“This vulnerability stands apart as one whose technical potency is derived from not just a software design flaw, but from the clinical and regulatory environment as well,” he added.
If hackers were to exploit the design flaw in DICOM, they’d be able … Read the rest
Horrible Call Quality With Samsung Galaxy s10 Lineup
The Samsung Galaxy s10 lineup of phones are great machines, the specs are great and the hard within them are amazing. However what in the world is going on with the call quality of these phones? I have been doing some research and many other people are ranting and raving on the Samsung forums and on Reddit about having the same issues with horrible phone call quality.
People have mentioned that it could be a carrier issue with ATT, however others like myself have Version and are experiencing the same issue.
Troubleshooting the issue:
What I have experienced during phone calls with people and they make some sort of high pitched tone the phone would magnify and focus on that high pitched sound, background noise would also be enhanced with ear piercing sounds which would cause me move my phone away from my ear. After some research I have found … Read the rest
Free Secure File Transfer by Firefox Send
Firefox Send allows you to securely share small to large file sizes which is perfect for docs and sharing graphic files or collaborating with co-workers on a presentation. With Send you can share file sizes up to 1GB quickly. To send files up to 2.5GB, sign up for a free Firefox account.
The software uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened. It also offers security controls that you can set. You can choose when your file link expires, the number of downloads, and whether to add an optional password for an extra layer of security.
Firefox Send makes it easy for your recipient, too. No hoops to jump through. They simply receive a link to click and download the file. They don’t need to have a Firefox account to access your file. Overall, this makes the … Read the rest
Microsofts April 9th security update impacts some antivirus software vendors
People have been noticing that Microsoft’s recent April 9th security update is causing some problems with a few antivirus vendors like Sophos, Avira, Avast, McAfee and some others.
Microsoft has stated that the the Security Update is causing end user computers to have very slow startup times bad performance and be unresponsive and even causing systems to fail to boot.
“Microsoft is working on a resolution and will provide an update in an upcoming release,” according to Microsoft.
Currently the root cause of the issue by the April 9th security patch is unclear. But both McAfee and Avast suggest that the problems are tied to the change Microsoft made within the Windows Client-Server Runtime Subsystem (csrss.exe). This CSRSS process is a vital part of Windows and is responsible for many windows functions.
Currently there is no fix for this issue.
… Read the rest
Microsoft Outlook.com Email Accounts Breached By Hackers
Many users received a notification from Microsoft Outlook.com letting them know about accounts being breached by hackers.
A Motherboard report said that the breach is “much worse” than what was reported. The hackers were able to access emails and attachments and that the hackers were able to access a large number of Outlook, MSN and Hotmail email accounts.
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” a Microsoft spokesperson meanwhile said in a statement.
“Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access,” Microsoft said. “Our data indicates that account-related information (but not the content of any emails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used.”
Public Announcement from Microsoft
Microsoft said to … Read the rest
Windows Zero-Day Exploit
Windows has recently released a patch for a vulnerability exploit in the windows operating system which was unknown to many people until last week. The vulnerability would allow a hacker to open a door for full system control.
Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw (CVE-2019-0859) is a use-after-free issue in the Windows kernel that allows local privilege escalation (LPE). It’s being used in advanced persistent threat (APT) campaigns targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10).
win32k!xxxFreeWindow+0x1344 on up-to-date Windows 7 SP1 x64
The exploit we found in the wild was targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10) and exploited the vulnerability using the well-known HMValidateHandle technique to bypass ASLR.
After a successful exploitation, the exploit executed PowerShell with a Base64 encoded command. … Read the rest
TrickBot phishing scams for 2019 tax season
Hackers are once again using the TrickBot banking trojan to exploit the tax season by pushing malicious Microsoft Excel spreadsheet documents via spam campaigns. IBM noticed a few different types of phishing emails are pretending to be from ADP and Paychex which are malicious emails spreading the TrickBot trojan.
“Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig. “Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”
An IBM security person mentioned:
… Read the rest“Once TrickBot is installed on a potentially vulnerable device and can reach other devices on the network, it can further spread and pivot,” researchers with IBM X-Force warned in a Monday
FEMA Exposed PII for Millions of Disaster Victims
The Federal Emergency Management Agency (FEMA) exposed the personal identifiable information of 2.3 million individuals by oversharing data with a contractor.
The individuals who were affected by hurricanes Harvey, Irma, and Maria, as well as the 2017 wildfires in California , had provided their information to the Federal Emergency Management Agency (Fema) while applying for transitional sheltering in hotels.
“Since discovery of this issue, Fema has taken aggressive measures to correct this error,” Fema press secretary Lizzie Litzow said in a statement. “Fema is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,”
According to FEMA a network assessment found that the contractors network contain 11 vulnerabilities and so far only a few have been resolved. Since there has not been no indication of intrusion within the last 30 days which is how far back the logs go back, there … Read the rest
Oregon DHS fell victim to a targeted phishing attack
Nine employees Oregon department of Human Services managed to fall for a targeted phishing attack which compromised 350,000 patients and 2 million Emails.
On a notice by the Cyber Security Team on January 28th determined that the email accounts were breached after nine employees fell to spear-phishing attack. The links they clicked on allowed hackers to access the employees email information. Oregon DHS hired a third party security team to investigate the incident and determine what information was exposed.
The investigation revealed that the compromised email accounts contained around 2 million emails which included personal and medical data of patients. The hacker had access to their full names, addresses, DOB’s , SSN’s and other details. During the investigation they did not find evidence that the data was copied from the systems.
This breach could have been avoided if there was proper cybersecurity awareness training regarding the types of threats that … Read the rest
BAE Report States HUMAN ERROR still major Security Risk
BAE Systems has revealed that even though organizations have continued attempts to improve their cybersecurity, human error is still the major vulnerability towards an organizations network.
They compiled a report by speaking to board level executives, IT decision makers and security professionals to better understand what the current state of corporate incident response capabilities and readiness were.
What they found from their results was to be expected, the BAE Systems research showcased how the majority of organizational breaches are caused by human error. Hackers prey on the uninformed employees.
They have examined that the breaches caused by human error were at 71 percent due to phishing attacks and 65 percent were due to indirect virus and malware infections.
Response Teams Saw A Rise In incidents
BAE Systems also noticed that incident response teams have been working with a number of incidents increases per month.
The research also revealed that many … Read the rest
Loading ...