Category Archives: Cybersecurity
Windows Zero-Day Exploit
Windows has recently released a patch for a vulnerability exploit in the windows operating system which was unknown to many people until last week. The vulnerability would allow a hacker to open a door for full system control.
Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw (CVE-2019-0859) is a use-after-free issue in the Windows kernel that allows local privilege escalation (LPE). It’s being used in advanced persistent threat (APT) campaigns targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10).
win32k!xxxFreeWindow+0x1344 on up-to-date Windows 7 SP1 x64
The exploit we found in the wild was targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10) and exploited the vulnerability using the well-known HMValidateHandle technique to bypass ASLR.
After a successful exploitation, the exploit executed PowerShell with a Base64 encoded command. … Read the rest
TrickBot phishing scams for 2019 tax season
Hackers are once again using the TrickBot banking trojan to exploit the tax season by pushing malicious Microsoft Excel spreadsheet documents via spam campaigns. IBM noticed a few different types of phishing emails are pretending to be from ADP and Paychex which are malicious emails spreading the TrickBot trojan.
“Taxpayers should be on constant guard for these phishing schemes, which can be tricky and cleverly disguised to look like it’s the IRS,” said IRS Commissioner Chuck Rettig. “Watch out for emails and other scams posing as the IRS, promising a big refund or personally threatening people. Don’t open attachments and click on links in emails. Don’t fall victim to phishing or other common scams.”
An IBM security person mentioned:
… Read the rest“Once TrickBot is installed on a potentially vulnerable device and can reach other devices on the network, it can further spread and pivot,” researchers with IBM X-Force warned in a Monday
FEMA Exposed PII for Millions of Disaster Victims
The Federal Emergency Management Agency (FEMA) exposed the personal identifiable information of 2.3 million individuals by oversharing data with a contractor.
The individuals who were affected by hurricanes Harvey, Irma, and Maria, as well as the 2017 wildfires in California , had provided their information to the Federal Emergency Management Agency (Fema) while applying for transitional sheltering in hotels.
“Since discovery of this issue, Fema has taken aggressive measures to correct this error,” Fema press secretary Lizzie Litzow said in a statement. “Fema is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,”
According to FEMA a network assessment found that the contractors network contain 11 vulnerabilities and so far only a few have been resolved. Since there has not been no indication of intrusion within the last 30 days which is how far back the logs go back, there … Read the rest
Oregon DHS fell victim to a targeted phishing attack
Nine employees Oregon department of Human Services managed to fall for a targeted phishing attack which compromised 350,000 patients and 2 million Emails.
On a notice by the Cyber Security Team on January 28th determined that the email accounts were breached after nine employees fell to spear-phishing attack. The links they clicked on allowed hackers to access the employees email information. Oregon DHS hired a third party security team to investigate the incident and determine what information was exposed.
The investigation revealed that the compromised email accounts contained around 2 million emails which included personal and medical data of patients. The hacker had access to their full names, addresses, DOB’s , SSN’s and other details. During the investigation they did not find evidence that the data was copied from the systems.
This breach could have been avoided if there was proper cybersecurity awareness training regarding the types of threats that … Read the rest
BAE Report States HUMAN ERROR still major Security Risk
BAE Systems has revealed that even though organizations have continued attempts to improve their cybersecurity, human error is still the major vulnerability towards an organizations network.
They compiled a report by speaking to board level executives, IT decision makers and security professionals to better understand what the current state of corporate incident response capabilities and readiness were.
What they found from their results was to be expected, the BAE Systems research showcased how the majority of organizational breaches are caused by human error. Hackers prey on the uninformed employees.
They have examined that the breaches caused by human error were at 71 percent due to phishing attacks and 65 percent were due to indirect virus and malware infections.
Response Teams Saw A Rise In incidents
BAE Systems also noticed that incident response teams have been working with a number of incidents increases per month.
The research also revealed that many … Read the rest
Counter-Strike 1.6 servers used to push malware
Just about 39% of all Counter-Strike 1.6 servers were being used to push malware to end users. It’s amazing that still to this day counter-strike 1.6 is still being play after 20 years. The game still has many players and there is a high demand for hosting providers to provide players to rent game servers.
Dr. Web, researchers explained that the developers are using the game clients vulnerabilities to push the Belonard Trojan botnet by deploying malicious servers to promote the game servers and enlist more victims to the botnet. At its peak, this botnet grew so large that approximately 39% of the 5,000 Counter-Strike 1.6 servers were compromised and looking to infect more connected players.
… Read the rest“Using this pattern, the developer of the Trojan managed to create a botnet that makes up a considerable part of the CS 1.6 game servers,” stated the research by Dr. Web. “According to our
HIPAA Violation Examples And Fines
Not keeping up with HIPAA regulations can be quite costly for any physician’s office or entity that needs to adhere to compliance. HIPAA Violation fines range from $100 to over $4 Million. Staying compliant is not an easy task, regulations are always changing and you are required be up to date about every change. I have written below a few basic examples and how to avoid them.
What is this so called HIPAA Violation?
A HIPAA violation happens when there is some sort of Breach, acquisition, access or a disclosure of Protected health Information which is known as (PHI) that can result in personal risk of the patients.
Everyone that works with PHI should be compliant:
-
Health Plans
-
Health care clearing houses
-
Health care providers who transmit claims in electronic form
-
Medicare prescription drug card sponsors
-
Any Business Associate, Entity or Individual that has access to any type of PHI.
The 2019 Threat Report
The new norm with cybersecurity is discovering new attack methods and new threats which emerge daily and new vectors that are being tested by cyber criminals, according to the 2019 Webroot Threat Report.
According to the Webroot Threat Report:
- 40 percent of malicious malware were found on good domains. , “Since legitimate websites are frequently compromised to host malicious content. Those who use intermediary devices without SSL inspection capabilities should be aware of potential loopholes in their security policies due to this behavior.”
- Home users are more than twice as likely be infected.
Home users are not immune; their routers serve as the hub for networks and smart home devices (IoT), yet most users can’t log into their Linux-based routers to see what they are doing. Meanwhile a hacker can learn everything about a user’s environment, can redirect URLs, carry out man-in-the-middle attacks, and even inject cryptojacking scripts.
Cisco SOHO VPN Firewalls Vulnerable To Remote Code Execution
Recently Cisco has released several security software updates for the Cisco RV wireless VPN firewalls and routers to plug up a remote code execution flaw (CVE-2019-1663) that can be exploited by malicious HTTP requests
- RV110W Wireless-N VPN Firewall
- RV130W Wireless-N Multifunction VPN Router
- RV215W Wireless-N VPN Router
“The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.”
Cisco did not mention if there was any available public code in the wild to be used to exploit the vulnerability.
The flaw is quite … Read the rest
What is HIPAA used for?
Most of us already know the basic of HIPAA and what the acronym is which is; Health Insurance Portability and Accountability Act and it was passed by Congress in 1996. Now we can move onto the real question which is, what is HIPAA used for?
- Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
- Reduces health care fraud and abuse;
- Mandates industry-wide standards for health care information on electronic billing and other processes; and
- Requires the protection and confidential handling of protected health information
HIPAA is organized into separate “Titles.” For information on the HIPAA Titles read below
Title I: Heath Care Access, Portability and Renewability
HIPAA Title I of the Health Insurance Portability and Accountability Act of 1996 protects health insurance coverage for workers and their families when they change or lose their … Read the rest
Loading ...