zackwhittaker

zackwhittaker, 25 days ago to random

New, by me: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by MFA, according to the CEO of its parent company UnitedHealth.

It’s not known why Change did not set up MFA on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems.

More: https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/

zackwhittaker, 26 days ago to random

To the driver of the grey Dodge, NY license plate JPX-1255. It's never OK to shout sexually aggressive remarks at women as you drive by, you repulsive sack of shit.

zackwhittaker, 27 days ago to random

It's Sunday, so a new ~ this week in security ~ just went out:

• UHG hackers stole health data on most people in America
• GitHub comments abused to push malware via Microsoft repo
• U.K. expands surveillance laws
• Kaiser shared millions of patients' data with advertisers
• GM's sneaky vehicle dat collection
• Brand new cybercat(s) and more.

Sign up/RSS: https://this.weekinsecurity.com/

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-april-27-2024-edition

Support/donate: https://ko-fi.com/thisweekinsecurity

zackwhittaker, 29 days ago to random

Once in awhile, and it's becoming more frequent, someone emails me to ask why some very bad privacy practice — like sharing someone's sensitive search terms on a medical provider's website with third-party advertisers — is allowed to happen or isn't illegal.

Elect better lawmakers, and demand better from them. That's it. Nothing will change until lawmakers start serving the interests of their electorate and not the big tech giants that fund their political campaigns.

zackwhittaker, 1 month ago (edited 1 month ago) to random

UPDATED, by me: U.S. health conglomerate Kaiser disclosed a data breach affecting 13.4 million members.

Kaiser confirmed it was sharing patients’ information with third-party advertisers, including Google, Microsoft, and X (formerly Twitter).

In a statement, Kaiser blamed "certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.”

More: https://techcrunch.com/2024/04/25/kaiser-permanente-health-plan-millions-data-breach

zackwhittaker, 1 month ago to random

New, by @lorenzofb: Two veteran security experts, Patrick Wardle and Mikhail Sosonkin, are launching a startup that aims to help other makers of cybersecurity products to up their game in protecting Apple devices.

https://techcrunch.com/2024/04/25/ex-nsa-ex-apple-researcher-doubleyou/

zackwhittaker, 1 month ago to random

Poland’s prosecutor general told the parliament on Wednesday that powerful Pegasus spyware was used against at least 578 people from 2017 to 2022 during the former government in Poland, among them elected officials.

Adam Bodnar told lawmakers that he found the scale of the surveillance “shocking and depressing.”

https://apnews.com/article/poland-spyware-pegasus-nso-group-israel-413bb3cb27daac011d52b524c6d16160

zackwhittaker, 1 month ago to random

NEW, by me: A security researcher found bugs in a popular location tracking app, iSharing, which allowed anyone to access any other users' coordinates, even if the user wasn’t actively sharing their location data with anybody else.

We asked the researcher to test the bug by extracting our location from a test Android phone. It took him only a few seconds to locate this reporter down to a few feet.

iSharing, which has 35 million users, has fixed the bugs.

More: https://techcrunch.com/2024/04/24/security-flaws-isharing-tracking-app-exposed-millions-precise-locations

GossiTheDog, 1 month ago to random

deleted_by_author

zackwhittaker, 1 month ago to random

Good blog post by long-time Microsoft watcher Mary Jo Foley, who writes that Microsoft should stop selling security products as a premium offering.

https://www.directionsonmicrosoft.com/members/blog/2024-04-23/microsoft-must-stop-selling-security-premium-offering

zackwhittaker, 1 month ago to random

BREAKING: UnitedHealth has confirmed that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year resulted in a huge theft of Americans’ private healthcare data.

In a statement, UHG said the criminal hackers stole files containing personal data and protected health information that it says may “cover a substantial proportion of people in America.”

https://techcrunch.com/2024/04/22/unitedhealth-change-healthcare-hackers-substantial-proportion-americans/

zackwhittaker, 1 month ago to random

The North Koreans are just like us. They also leave misconfigured cloud servers exposed to the internet for anyone to find.

https://www.wired.com/story/north-korea-amazon-max-animation-exposed-server/

mipstian, 1 month ago to iOS

🚨Wipr 1.55 is rolling out now! 🚨

With a bunch more routine Wipr Extra updates.

As for me I'm kind of ok, just need frequent breaks 🥲

#adBlocker #iOS #macOS

zackwhittaker, 1 month ago to random

A busy ~ this week in security ~ newsletter just went out:

• Congress reauthorizes and expands FISA spy law
• CISA warns of unfixed smart lock flaw
• OpenSSF says XZ backdoor wasn't an isolated incident
• Cyber experts warn of risk from The Com hackers
• UnitedHealth stands up lawmakers at breach hearing
• Sandworm graduates as APT
• A new but retro cyber-cat, and more.

Sign up/RSS: https://this.weekinsecurity.com/

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-april-21-2024-edition

Donate/support: https://ko-fi.com/thisweekinsecurity

zackwhittaker, 1 month ago to random

The only reason to plant onion seeds in America: fried food.

zackwhittaker, 1 month ago to random

New, by me: Lawmakers passed legislation early Saturday reauthorizing and expanding a controversial U.S. surveillance law shortly after the powers expired at midnight, rejecting opposition by privacy advocates and lawmakers.

The bill passed in a 60-34 vote on the Senate floor overnight.

Democratic privacy hawk Sen. Ron Wyden accused lawmakers of waiting “until the 11th hour to ram through renewal of warrantless surveillance in the dead of night.”

More: https://techcrunch.com/2024/04/20/fisa-nsa-fbi-government-surveillance/

w7voa, 1 month ago (edited 1 month ago) to random

Post News, which sought to be a Twitter alternative, is shutting down. I have 5.8k followers there but rarely use it. I decided I’ve bandwidth for only two platforms after putting my Twitter accounts in suspended animation — Threads is one of them and Mastodon is the other. https://www.theverge.com/2024/4/19/24135011/twitter-alternative-post-news-shutdown

zackwhittaker, 1 month ago to random

Frontier, a major ISP and cloud provider, has confirmed a cyberattack on April 14, saying a cybercrime group gained access to an unspecified amount of personally identifiable information — though, unclear if this is customers or employees.

Frontier said it "believes it has contained the incident and has restored its core information technology environment and is in the process of restoring normal business operations."

Details were just published in an 8-K with the SEC. https://www.sec.gov/ix?doc=/Archives/edgar/data/20520/000119312524100764/d784189d8k.htm

zackwhittaker, 1 month ago (edited 1 month ago) to random

NEW, by me: Hackers are threatening to publish a confidential database containing millions of records used by companies for screening prospective customers for links to financial crimes.

The financially motivated hacking group says it took 5.3 million records from the World-Check database.

TechCrunch was provided a sample of the records. The London Stock Exchange Group, which maintains the database, confirmed a third-party breach.

More: https://techcrunch.com/2024/04/18/world-check-database-leaked-sanctions-financial-crimes-watchlist/