PogoWasRight, Cardiovascular Consultants (CVC Heart) allegedly hit by ransomware:
https://www.databreaches.net/cardiovascular-consultants-cvc-heart-allegedly-hit-by-ransomware/
#databreach #ransomware #infosec #cybersecurithy #HealthSec #incidentresponse
avolha, Polish Do posłuchania wieczorem: jak bezpiecznie kupować i sprzedawać w internecie - w podcaście „Nowe życie rzeczy” opowiada @adamhaertle z serwisu @zaufanatrzeciastrona
PogoWasRight, Paging regulators to Aisle 4 to look at Pacific Union College's data security and breach disclosure:
#databreach #EduSec #FERPA #FTC #Deception #IncidentResponse #Transparency #Notification #GLBA #InfoSec #ransomware
PogoWasRight, Data of 171,871 Deer Oaks Behavioral Health clients and employees dumped by ransomware group:
chiefgyk3d, Heads up we got official word from proofpoint they are impersonating OSHA in phishing attacks now #infosec #cybersecurity #osha #proofpoint #phishing
happygeek, Anonymous Sudan claims responsibility for ChatGPT attack, cited bias against Palestine as reason.
simplenomad, Minor tweaks to mail (I run a mail server) during my week off last week. Sadly, I receive less spam/scam email on my nmrc.org mail than on the couple of gmail accounts I have. I mean, good for me, sad for those that use gmail.
Greylisting, blackholes, SPF, DKIM, DMARC, and even pi-hole/unbound in recursive mode (as the mail server's DNS server) are the secret.
jimfl, Early in my career I discovered the art of passive social engineering.
In active social engineering, you try to get someone with access to a system to give that access to you.
Passive social engineering, by contrast, relies on the fact that someone has already (unknowingly) given you access, and you need only discover who it is, and what the nature of the access is.
PogoWasRight, Attorney General James Secures $450,000 from US Radiology Specialists for failing to protect patient data: https://ag.ny.gov/press-release/2023/attorney-general-james-secures-450000-medical-company-providing-services-western
The litigation was not under #HIPAA but was under NYS law: Executive Law § 63(12), GBL §§ 349 and 899-bb.
Direct link to Assurance of Discontinuation: https://ag.ny.gov/sites/default/files/settlements-agreements/us-radiology-aod.pdf
Didn't update/patch timely.
#DataBreach #Infosec #Cybersecurity #Patch #Enforcement
Previous coverage of this breach had been somewhat confusing, as I reported here at the time: https://www.databreaches.net/late-notification-raises-questions-about-a-us-radiology-specialists-breach-last-year/
State attorneys general continue to impose more enforcement penalties for failing to secure patient data than HHS OCR has imposed.
johnshirley2024, U.S. officials hold their breath for Iranian cyberattacks
Critical infrastructure owners and operators are stepping up security, as the U.S. government keeps a close eye on evolving threats from Tehran in cyberspace.
https://www.politico.com/news/2023/11/01/us-officials-iranian-cyberattacks-00124847
avolha, Polish Na Ciemnej Stronie można znaleźć kolejny wpis o internetowej inwigilacji - tym razem wyjaśniający w zrozumiały dla laika sposób, jak wyglądają wycieki przez WebRTC
https://www.ciemnastrona.com.pl/internetowa_inwigilacja/2023/11/05/webrtc.html
chiefgyk3d, The largest dental distributor was compromised Henry Schein and also hilarious is I warned them years ago about their issues. Anyway now I got a bunch of other companies hollering at me asking how to secure their stuff #infosec #cybersecurity #IT
simplenomad, The only thing I miss about Twitter is when someone posts a link to a thread there, and I only can view the first message as my account is long gone, and the thread has links to the details that are not in the first message. So I have to do some often creative googling to find the details I am wanting. For infosec it functioned as a great TL;DR method to get news (largely duplicated here). Pity some of those sources of info only exist there and not here.
Other than that, I couldn’t give a bright blue fuck about that dumpster fire platform.
SecureOwl, Looking forward to speaking at SecureWorld Seattle on Wednesday!
More details: https://events.secureworld.io/agenda/seattle-wa-2023/
Hope to see you there!
PogoWasRight, Update: Daixin leaks more data from Bluewater Health and other hospitals; databases yet to be leaked:
#ransomware #databreach #extortion #infosec #cybersecurity #HealthSec
0xor0ne, Collection of resources for getting started with Satellite hacking and CTFs
Satellite Hacking Demystified: https://redteamrecipe.com/Satellite-Hacking-Demystified/
Hack-a-sat writeups: https://github.com/solar-wine/writeups
Hack-a-sat players corner: https://hackasat.com/players-corner/
PogoWasRight, Oh lovely (not). Hunters International claims that they have attacked a service that provides emergency medical transport and emergency security transport for travelers. It's a private for-fee membership service, but Hunters allegedly locked their files.
There's nothing on Medjet's website to suggest any disruption or anything amiss and Hunters provides no proof of claims.
DataBreaches has reached out via email to Medjet to ask about Hunters' claims.
PogoWasRight, As I told other journalists and others to expect: Daixin has already now leaked the third part of the data from the TranForm/Bluewater attack that impacts five hospitals in southwest Ontario, Canada.
I'm just starting to skim the tranche now, but as before, it's a mix of internal hospital documents and patient-related files.
Keep in mind Daixin hasn't dumped the databases yet. If they are true to form, those will be dumped within a day or a few days.
#databreach #ransomware #healthsec #infosec #cybersecurity
Previous coverage on my site on the first two leaks and interview:
0x58, 📈 +61 new subscribers to my #InfosecMASHUP newlesetter in October 📆 - Grateful for all your support! 🙏
PogoWasRight, (edited ) Update: Sensitive patient data leaked from #TransForm ransomware incident that affects #BluewaterHealth and other Ontario healthcare entities:
#HealthSec #Ransomware #infosec #vendor #PHIPA #databreach #cybersecurity
0x58, Thoughts with #Okta staff... must be heavy working there atm....
0xor0ne, Very interesting reading about OpenSSH security measures (privilege separation and sandboxing)
PogoWasRight, (Following up on one of my watchdog complaints):
It took an HHS complaint, but three years later, some Ventura Orthopedic patients are finally being notified of a ransomware attack:
https://www.databreaches.net/it-took-an-hhs-complaint-but-three-years-later-some-ventura-orthopedic-patients-are-finally-being-notified-of-a-ransomware-attack/#ransomware #databreach #HIPAA #HHS #OCR #infosec #incidentresponse #enforcement
SecureOwl, I will be speaking words next week at Secureworld Seattle, more information is available thus: https://events.secureworld.io/agenda/seattle-wa-2023/#mike-sheward
happygeek, It might sound like lolz, but there could be serious consequences. Some clown used the iPhone DoS via BLE advertising packets thing (remember that post-Def Con?) on a train.