Archive for the ‘Uncategorized’ Category

Cloud Security Startup Lightspin Emerges From Stealth

The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
Source: DarkReading
Cloud Security Startup Lightspin Emerges From Stealth

US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas

Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
Source: DarkReading
US Treasury’s OFAC Ransomware Advisory: Navigating the Gray Areas

Cyber-attacks Reported on Three US Healthcare Providers

Cyber-attacks Reported on Three US Healthcare Providers

Three healthcare providers in Florida, Georgia, and New York are notifying patients that their protected health information may have been exposed in recent cyber-attacks involving ransoms.



Warnings went out to patients of Advanced Urgent Care of the Florida Keys on November 6 regarding a ransomware attack that took place on March 1, 2020. 



According to a breach notice issued by the medical center, patient data was compromised when attackers encrypted files on a backup drive. 



Information exposed in the incident included names, dates of birth, health insurance information, medical treatment information, medical diagnostic information, lab results, medical record numbers, Medicare or Medicaid beneficiary numbers, medical billing information, bank account information, credit or debit card information, CHAMPUS ID numbers, Military and/or Veterans Administration numbers, driver’s license numbers, signatures, and Social Security numbers. 



In Katonah, New York, a September 1 ransomware attack on Four Winds Hospital locked staff out of computer systems for a fortnight.



Cybersecurity experts hired to determine the scope and impact of the attack discovered that password-protected files had been accessed and patient lists dating from 1983 to the present day could potentially have been compromised. 



Information on the lists included names, medical record numbers, and Social Security numbers. Four Winds has not yet disclosed how many patients may have been impacted. 



breach notice issued by Four Winds Hospital stated that the investigators “obtained evidence that the cybercriminals deleted any files in their possession, although that evidence cannot be independently verified.”



The hospital said it has “taken steps to prevent a reoccurrence.” 



Unusually, a ransom was demanded of Galstan & Ward Family and Cosmetic Dentistry in Suwanee, Georgia, over the phone by a caller who said that the practice’s server had been infected with a computer virus.



Galstan & Ward had previously arranged for a third-party vendor to wipe the server in question and restore its data from a backup after detecting suspicious activity. 



On September 11, 2020, the practice discovered that some files had been stolen and published on the dark web. No patient information was contained within these files, though patients were notified out of an abundance of caution.


Source: Infosecurity
Cyber-attacks Reported on Three US Healthcare Providers

What's in Store for Privacy in 2021

Changes are coming to the privacy landscape, including more regulations and technologies.
Source: DarkReading
What’s in Store for Privacy in 2021

CVE-2020-28994

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.
Source: NIST
CVE-2020-28994

CVE-2020-28331

Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.
Source: NIST
CVE-2020-28331

CVE-2020-28928

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
Source: NIST
CVE-2020-28928

CVE-2020-13620

Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker’s ability to perform administrative actions such as modifying the configuration.
Source: NIST
CVE-2020-13620

CVE-2020-13942

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.
Source: NIST
CVE-2020-13942

CVE-2020-28726

Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.
Source: NIST
CVE-2020-28726