zackwhittaker

zackwhittaker, 1 day ago to random

Scoop, by @lorenzofb: We spoke to the threat actor who allegedly stole the data of 49 million Dell customers, including physical addresses.

The threat actor said they scraped the data directly from Dell's servers over a three-week period before Dell noticed.

We verified that the data is authentic by checking leaked data with victims.

More: https://techcrunch.com/2024/05/10/threat-actor-scraped-49m-dell-customer-addresses-before-the-company-found-out/

zackwhittaker, 1 day ago to random

CNN's @snlyngaas reporting that the ransomware attack on Ascension's hospital chain is the work of the Black Basta gang, citing four sources with knowledge of the investigation. Ascension has 140 hospitals in 19 states. Black Basta has previously targeted healthcare organizations and other big corporations.

https://edition.cnn.com/2024/05/10/tech/cyberattack-ascension-ambulances-hospitals/index.html

zackwhittaker, 2 days ago to random

Even with end-to-end encrypted services, metadata matters.

https://techcrunch.com/2024/05/08/encrypted-services-apple-proton-and-wire-helped-spanish-police-identify-activist

zackwhittaker, 3 days ago to random

New, by me: U.S. Patent and Trademark Office confirmed it "inadvertently exposed" another 14,000 applicants' domicile addresses as a result of a second security spill in as many years.

I chatted with USPTO's deputy CIO about the incident, who explained that the agency fixed the issue (again) to prevent future spills.

https://techcrunch.com/2024/05/08/us-patent-and-trademark-office-confirms-another-leak-of-filers-address-data/

zackwhittaker, 4 days ago to random

New, by me: Brandywine Realty Trust, one of the largest real estate trusts in the United States, confirms data was stolen in a recent cyberattack, which it describes as ransomware.

https://techcrunch.com/2024/05/07/brandywine-realty-trust-cyberattack/

zackwhittaker, 4 days ago to random

UK defense minister Grant Shapps confirms cyberattack and data breach involving a payments system for the UK Armed Forces — names, bank account information, and some addresses of military personnel.

"This is an external system... operated by a contractor," says Shapps.

I think a big question here is why U.K. military personnel data was being handled by a third-party contractor? Government systems might not be much stronger, but another consequence of privatization?

https://www.gov.uk/government/speeches/defence-secretary-oral-statement-to-provide-a-defence-personnel-update-07-may-2024

zackwhittaker, 11 days ago to random

New, by me: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by MFA, according to the CEO of its parent company UnitedHealth.

It’s not known why Change did not set up MFA on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems.

More: https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/

zackwhittaker, 12 days ago to random

To the driver of the grey Dodge, NY license plate JPX-1255. It's never OK to shout sexually aggressive remarks at women as you drive by, you repulsive sack of shit.

zackwhittaker, 13 days ago to random

It's Sunday, so a new ~ this week in security ~ just went out:

• UHG hackers stole health data on most people in America
• GitHub comments abused to push malware via Microsoft repo
• U.K. expands surveillance laws
• Kaiser shared millions of patients' data with advertisers
• GM's sneaky vehicle dat collection
• Brand new cybercat(s) and more.

Sign up/RSS: https://this.weekinsecurity.com/

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-april-27-2024-edition

Support/donate: https://ko-fi.com/thisweekinsecurity

zackwhittaker, 15 days ago to random

Once in awhile, and it's becoming more frequent, someone emails me to ask why some very bad privacy practice — like sharing someone's sensitive search terms on a medical provider's website with third-party advertisers — is allowed to happen or isn't illegal.

Elect better lawmakers, and demand better from them. That's it. Nothing will change until lawmakers start serving the interests of their electorate and not the big tech giants that fund their political campaigns.

zackwhittaker, 16 days ago (edited 16 days ago) to random

UPDATED, by me: U.S. health conglomerate Kaiser disclosed a data breach affecting 13.4 million members.

Kaiser confirmed it was sharing patients’ information with third-party advertisers, including Google, Microsoft, and X (formerly Twitter).

In a statement, Kaiser blamed "certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”

More: https://techcrunch.com/2024/04/25/kaiser-permanente-health-plan-millions-data-breach

zackwhittaker, 16 days ago to random

New, by @lorenzofb: Two veteran security experts, Patrick Wardle and Mikhail Sosonkin, are launching a startup that aims to help other makers of cybersecurity products to up their game in protecting Apple devices.

https://techcrunch.com/2024/04/25/ex-nsa-ex-apple-researcher-doubleyou/

zackwhittaker, 17 days ago to random

Poland’s prosecutor general told the parliament on Wednesday that powerful Pegasus spyware was used against at least 578 people from 2017 to 2022 during the former government in Poland, among them elected officials.

Adam Bodnar told lawmakers that he found the scale of the surveillance “shocking and depressing.”

https://apnews.com/article/poland-spyware-pegasus-nso-group-israel-413bb3cb27daac011d52b524c6d16160

zackwhittaker, 17 days ago to random

NEW, by me: A security researcher found bugs in a popular location tracking app, iSharing, which allowed anyone to access any other users' coordinates, even if the user wasn’t actively sharing their location data with anybody else.

We asked the researcher to test the bug by extracting our location from a test Android phone. It took him only a few seconds to locate this reporter down to a few feet.

iSharing, which has 35 million users, has fixed the bugs.

More: https://techcrunch.com/2024/04/24/security-flaws-isharing-tracking-app-exposed-millions-precise-locations

GossiTheDog, 18 days ago to random

deleted_by_author

zackwhittaker, 18 days ago to random

Good blog post by long-time Microsoft watcher Mary Jo Foley, who writes that Microsoft should stop selling security products as a premium offering.

https://www.directionsonmicrosoft.com/members/blog/2024-04-23/microsoft-must-stop-selling-security-premium-offering

zackwhittaker, 19 days ago to random

BREAKING: UnitedHealth has confirmed that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year resulted in a huge theft of Americans’ private healthcare data.

In a statement, UHG said the criminal hackers stole files containing personal data and protected health information that it says may “cover a substantial proportion of people in America.”

https://techcrunch.com/2024/04/22/unitedhealth-change-healthcare-hackers-substantial-proportion-americans/

zackwhittaker, 19 days ago to random

The North Koreans are just like us. They also leave misconfigured cloud servers exposed to the internet for anyone to find.

https://www.wired.com/story/north-korea-amazon-max-animation-exposed-server/

mipstian, 20 days ago to iOS

🚨Wipr 1.55 is rolling out now! 🚨

With a bunch more routine Wipr Extra updates.

As for me I'm kind of ok, just need frequent breaks 🥲

#adBlocker #iOS #macOS