#ITsecurity
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 28, 2023 at 01:19PM
.
TITLE:
Immersive technologies can improve healthcare delivery and health equity
.
URL:
https://www.beckershospitalreview.com/cybersecurity/immersive-technologies-can-improve-healthcare-delivery-and-health-equity.html
<p><a href="https://www.pwc.com/us/en/tech-effect/emerging-tech/demystifying-the-metaverse.html" target="_blank" rel="noopener">The metaverse refers to immersive technologies such as extended reality (XR), augmented reality (AR) and virtual reality (VR.) These immersive technologies have the potential to help </a>healthcare organizations improve health equity and reach other goals, from workforce shortages to patient engagement. Here are just two of the many ways that these technologies can be used to improve healthcare delivery:</p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 28, 2023 at 11:06AM
.
TITLE:
'Harder than the pandemic by far': Hospital president testifies before Congress on cyberattack
.
URL:
https://www.beckershospitalreview.com/cybersecurity/harder-than-the-pandemic-by-far-hospital-president-testifies-before-congress-on-cyberattack.html
<p>A hospital leader told Congress that a 2021 ransomware attack his health system experienced was "harder than the pandemic, by far."</p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Warning: Geeky, technical content ahead! Dive into the world of #cybersecurity #pentesting. Watch this week's technical video in our new series, #Pentest Pro Tips with @tompohl & learn how old broadcast protocols can cause a #databreach. https://youtu.be/_ok1-UbFTe0
#DFIR #ITsecurity
Aufpassen: WebP hat die höchste CVE-Stufe erreicht. https://socradar.io/critical-zero-day-vulnerability-in-libwebp-cve-2023-4863-reassigned-as-cve-2023-5129/ #itsecurity #webp
Kennenlernen, netzwerken, diskutieren, … der Deutsche IT-Security-Kongress 2023 läuft, und ARTUS mittendrin. #artus #ditsk23 #cyber #cybersecurity #itsecurity
#Cyberattacken auf Krankenhäuser werden zur zunehmenden Gefahr. Im #HouseofNerds ist Prof. Dr. Sebastian Schinzel, @seecurity Experte für Medical #ITSecurity und angewandte Kryptografie, zu Gast. In der Sendung spricht er über praktische Cybersicherheitsmaßnahmen im Krankenhaus.
Zusätzlich diskutiert er seine Forschung in angewandter #Kryptografie und erklärt, warum #Messenger sicherer sind als #Emails.
Hier gelangen Sie zum #HouseofNerds #Podcast: https://www.sit.fraunhofer.de/houseofnerds/
My favorite slide from a recent (?) talk by @simon
#LLMs #ai #ml #machinelearning #artificialintelligence #itsec #itsecurity #LLMattacks
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 27, 2023 at 02:38PM
.
TITLE:
Indiana Supreme Court revives suit against hospital
.
URL:
https://www.beckershospitalreview.com/cybersecurity/indiana-supreme-court-revives-suit-against-hospital.html
<p>The Indiana Supreme Court has <a href="https://public.courts.in.gov/Decisions/api/Document/Opinion?Id=z1YcQFgDFqwRlSundu0n7WfxAlkmBj6uDYOD4wWy7MUDc47gSbRbI_ilxueVE5iY0" target="_blank" rel="noopener">revived</a> part of a lawsuit against Indianapolis-based Community Health Network, which alleges that the health system disclosed a patient's medical information to a third party, who then posted the information to Facebook. </p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 27, 2023 at 11:00AM
.
TITLE:
Email cyberattacks way up at hospitals
.
URL:
https://www.beckershospitalreview.com/cybersecurity/email-cyberattacks-way-up-at-hospitals.html
<p>Cyberattacks through emails are way up at hospitals and health systems in 2023, software company Abnormal Security <a href="https://abnormalsecurity.com/blog/healthcare-organizations-email-attacks-2023" target="_blank" rel="noopener">reported</a>.</p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Deutscher IT-Security-Kongress 2023 in Osnabrück, ARTUS ist dabei. #artus #cyber #ditsk23 #itsecurity #osnabrueck
Good day everyone!
You may have missed the early-bird registration fee but there is still time to register for Cyborg Security's 2-Day threat hunter training at Black Hat Europe this year! We will be discussing resources that you can use to plan and prep for a hunt, we practice taking intel reports and creating hypothesizes to drive our hunt, then we get our hands dirty by diving into some data and seeing what we can find! It's a lot of fun and you get practical hands-on experience out of it! I look forward to teaching this course again! Enjoy and Happy Hunting!
Black Hat Europe Registration:
https://www.blackhat.com/eu-23/training/schedule/#beyond-iocs-how-to-effectively-threat-hunt-using-ttps-and-behaviors-virtual-32372
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #BlackHatEurope #BHEU #BlackHatEU
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 26, 2023 at 05:38PM
.
TITLE:
Another health system caught in Nuance breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/another-health-system-caught-in-nuance-breach.html
<p>WVU Medicine <a href="https://wvumedicine.org/news/article/important-information-to-know-nuance-communication-data-breach/" target="_blank" rel="noopener">said</a> data for a limited number of its patients was compromised due to a breach at Nuance Communications, a healthcare artificial intelligence company owned by Microsoft that the health system works with. </p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Signs for bad IT security in a company:
They *require* HTML in emails relevant to IT security.
They *force* users to change #passwords ever so often.
They *claim* to follow "best practices".
Deutscher IT-Security Kongress 2023 - Wir als ARTUS sind dabei! #ditsk23 #itsecurity #cybersecurity #cyber #artus
Good day everyone!
The ESET Research team discovered a sophisticated backdoor that contains multiple components and doesn't act like your normal malware with C2 communication. The backdoor consists of an Executor and Orchestrator. The Executor appears to act more like a middle man for the Orchestrator while the Orchestrator is responsible for actually running the commands from the C2 server. Enjoy this highly-technical article and Happy Hunting!
Stealth Falcon preying over Middle Eastern skies with Deadglyph
https://www.welivesecurity.com/en/eset-research/stealth-falcon-preying-middle-eastern-skies-deadglyph/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Health IT Security Robot
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
2023-09-26T13:30:00+00:00
TITLE:
Advanced Email Attacks Skyrocket in Healthcare
DESCRIPTION:
Advanced email attacks… read more
**ARTICLE LINK**--> https://healthitsecurity.com/news/advanced-email-attacks-skyrocket-in-healthcare
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
c’t-Workshop: Linux-Systeme absichern mit SELinux
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 25, 2023 at 02:23PM
.
TITLE:
California hospital reports data breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/california-hospital-reports-data-breach.html
<p>An unauthorized party <a href="https://oakvalleyhospital.com/wp-content/uploads/2023/09/Notice-of-Security-Incident-English.pdf" target="_blank" rel="noopener">accessed</a> systems at Oakdale, Calif.-based Oak Valley Hospital District and was able to gain access to files that contained patient data.</p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 25, 2023 at 11:01AM
.
TITLE:
Patient safety data missing after Maryland cyberattack
.
URL:
https://www.beckershospitalreview.com/cybersecurity/patient-safety-data-missing-after-maryland-cyberattack.html
<p>A ransomware attack hindered the state of Maryland's ability to monitor patient safety at hospitals, <a href="https://www.washingtonpost.com/dc-md-va/2023/09/24/maryland-hospital-safety-harm/" target="_blank" rel="noopener"><em>The Washington Post</em></a> reported.</p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 25, 2023 at 10:57AM
.
TITLE:
Microsoft-owned AI company data breach affects 1.2 million patients
.
URL:
https://www.beckershospitalreview.com/cybersecurity/microsoft-owned-ai-company-data-breach-affects-1-2-million-patients.html
<p>Nuance Communications, a healthcare artificial intelligence company owned by Microsoft, announced that 13 of its healthcare clients' data was affected by the MoveIt software breach, <a href="https://www.hipaajournal.com/nuance-communications-13-healthcare-clients-in-north-carolina-affected-by-moveit-hack/" target="_blank" rel="noopener"><em>The HIPAA Journal</em></a> reported Sept. 19.</p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Gute Übersicht der Lobby-Interessen und Verstrickungen zur #chatkontrolle
#EU #thorn #weprotect #infosec #itsecurity #itsicherheit #datenschutz
Good morning everyone!
Normally Monday's are for malware but not today! The The DFIR Report has released a report that covers, in thorough details, their findings in a recent incident that started with the Remote Management and Monitoring (RMM) tool ScreenConnect. This led to what the analysts described as a "somewhat botched Hive ransomware deployment". The attack involved some #LOLBIN abuse, #MetaSploit, and #rclone to exfiltrate the data! Enjoy and Happy Hunting!
From ScreenConnect to Hive Ransomware in 61 hours
https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/
MITRE ATT&CK TTPs:
TA0002 - Execution
T1059.001 - Command and Scripting Interpreter: PowerShell
T1047 - Windows Management Instrumentation
TA0003 - Persistence
T1543.003 - Create or Modify System Process: Windows Service
TA0008 - Lateral Movement
T1021.002 - Remote Services: SMB/Windows Admin Shares
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
I hope everyone is enjoying their weekend!
The Volexity researchers have been tracking the APT known as #EvilBamboo for over 5 years. Recently they have been targeting #Android devices and creating fake websites and social media profiles to help deploy the browser-based exploits. They have been using three different Android spyware that have been dubbed #BadBazaar, #BadSignal, and #BadSolar. This is an extremely informative and enjoyable article that covers a lot of technical details! Enjoy and Happy Hunting!
EvilBamboo Targets Mobile Devices in Multi-year Campaign
https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Crazy: Da gibt es Dienstleister im Internet rund um #privacy und #itsecurity die bieten für die Produkt-Accounts #2fa aber wenn man das Passwort über die Vergessen-Funktion ändert, muss man keinen #zweitenFaktor angeben und ist zudem nach Änderung sofort eingelogged 🥴 Finde nur ich das erstaunlich lässig?!
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 22, 2023 at 02:14PM
.
TITLE:
Ransomware group didn't leak data from New York hospitals
.
URL:
https://www.beckershospitalreview.com/cybersecurity/ransomware-group-didnt-leak-data-from-new-york-hospitals.html
<p>LockBit, a ransomware gang, said it would leak stolen data from Carthage (N.Y.) Area Hospital and Ogdensburg, N.Y.-based Claxton-Hepburn Medical Center if a ransom was not paid by Sept. 18, but the hospital officials said that did not happen, <a href="https://www.wwnytv.com/2023/09/21/ransomware-attack-deadline-passes-hospitals-say-they-see-no-major-data-leaks/" target="_blank" rel="noopener"><em>WWNY</em></a> reported Sept. 21. </p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
I hope everyone is having a good weekend!
The Palo Alto Networks Unit 42 research team discovered some activity that they attributed to a very stealthy and rarely seen APT, #Gelsemium. They target a diverse group of industries but use tools like #CobaltStrike, #MetaSploit, and #ChinaChopper but also used the Potato Suite that was seen as JuicyPotato.exe (who can't appreciate that?!). This was a great weekend read and I hope you all enjoy it as much as I did! Happy Hunting!
Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
So... here's the thing... if you bullshit me about your systems, I'm gonna smell it and find the smell. If you come clean about what you're failing at, I'm gonna look at it, and most likely agree that's a waiver because you're admitting that control doesn't work in that particular environment... Don't try to bullshit someone who spent most of their career in your position...
Für alle Nutzer von Trend Micro-Produkten hier ein Hinweis zu Lücken, die durch Patche und Hotfixe geschlossen werden sollten. #patch #patchmanagement #cybercrime #trendmicro #itsecurity #itsicherheit
Happy Friday everyone!
The SentinelOne Labs research team has discovered a new #APT they named #Sandman. This group targets telecommunication providers and uses a modular backdoor known as #LuaDream. They used techniques that included pass-the-hash and DLL hijacking to meet their objectives! Enjoy and Happy Hunting!
Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
#Hackers steal 10 years of #pathology requests, including Medicare provider numbers | AusDoc #itsecurity #hacking
https://www.ausdoc.com.au/news/hackers-steal-10-years-of-pathology-requests-including-medicare-provider-numbers/
Happy ThreatHunting Thursday everyone!
The Group-IB research team provides their insight into how they threat hunt for the MITRE ATT&CK sub technique T1543.003 - Create or Modify System Process: Windows Service. They highlight the fields and values that are significant, provide good queries to start with, and explain the relationships between those fields and values. Thanks for this great article team! Enjoy and Happy Hunting!
Hunting Rituals #2:
Threat hunting for abuse of Windows Services
https://www.group-ib.com/blog/hunting-rituals-windows-services-part-1/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Was müssen die Besucher der #itsa2023 in diesem Jahr unbedingt auf dem #Cybersecurity-Radar haben und vor allem warum?
Statement von Thomas Boele, Checkpoint Technologies
#itsa #HomeofITSecurity #ITSecurity #generativeKI #Security #Cloudnative #künstlicheIntelligenz #ZeroTrust #CloudSecurity #Prevention #Sicherheitsmesse #artificialIntelligence
Was müssen die Besucher der #itsa2023 in diesem Jahr unbedingt auf dem #Cybersecurity-Radar haben und vor allem warum?
Statement von Sebastian Mehle, @Varonis
#itsa #HomeofITSecurity #ITSecurity #DSPM #Security #PostureManagement #KI #künstlicheIntelligenz #ZeroTrust #Sicherheitsmesse #Cyberresilience #Datenintegrität #BehaviorAnalytics #Datensicherheit #Verhaltensanalyse #Datenanalyse #NIS2 #DataSecurity
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 20, 2023 at 02:03PM
.
TITLE:
Cyberattack spurs Mississippi health system to 'beef up' security measures
.
URL:
https://www.beckershospitalreview.com/cybersecurity/cyberattack-spurs-mississippi-health-system-to-beef-up-security-measures.html
<p>Ocean Springs, Miss.-based Singing River Health System's CEO, Laurin St. Pe, said he's looking to "beef up" its security measures as the organization continues to grapple with a cyberattack that started Aug. 21, <a href="https://www.wlox.com/2023/09/19/ceo-srhs-addresses-cyberattack-ocean-springs-gautier-area-council-meeting/" target="_blank" rel="noopener"><em>WLOX</em></a> reported Sept. 19. </p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 20, 2023 at 11:06AM
.
TITLE:
How Prospect Medical hack delayed care, mixed up payments
.
URL:
https://www.beckershospitalreview.com/cybersecurity/how-prospect-medical-hack-delayed-care-mixed-up-payments.html
<p>Patients at Manchester-based Eastern Connecticut Health Network have run into numerous patient care and billing issues since an August cyberattack on the health system's parent company, the <a href="https://www.ctinsider.com/journalinquirer/article/ct-echn-prospect-cyberattack-billing-18366200.php" target="_blank" rel="noopener"><em>Journal Inquirer</em></a> in Manchester reported Sept. 19.</p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Happy Wednesday everyone!
Don't miss out on the early registration price for Cyborg Security's 2-Day Threat Hunter training at Black Hat Europe on December 4th and 5th. I will be delivering this training virtually which means you can attend no matter where you are located, so if you missed us at #BlackHatUSA or you won't be at #BlackHatEurope, that's ok, you can still receive the same level of training! Enjoy and Happy Hunting!
Black Hat Europe Training Registration:
https://lnkd.in/gqiJwFws
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
What must be on the #cybersecurity radar of visitiors to #itsa2023 this year and, above all, why?
Statement from Stefan Killer-Haug, #Tresorit
#itsa #HomeofITSecurity #ITSecurity #Cybersecurity #Law #Databreach #Infosec #Compliance #Authentication #Encrytion #Cyberresilience #Security #Sicherheitsmesse #Security #Cybersicherheit #ITSicherheit
Was müssen die Besucher der #itsa2023 in diesem Jahr unbedingt auf dem #Cybersecurity-Radar haben und vor allem warum?
Statement von Dietmar Wyhs, #SSH
#itsa #HomeofITSecurity #ITSecurity #RemoteAccess #OTSecurity #SSH Communications Security# #passwordless #keyless #Quantumcomputing #Kryptografie #Verschlüsselung #Security #Cybersecurity #Sicherheitsmesse #Nürnberg #Cybersicherheit #ITSicherheit
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 19, 2023 at 02:41PM
.
TITLE:
Illinois health system restores MyChart after outage
.
URL:
https://www.beckershospitalreview.com/cybersecurity/illinois-health-system-restores-mychart-after-outage.html
<p>Springfield, Ill.-based Hospital Sisters Health System and Green Bay, Wis.-based Prevea Health have <a href="https://www.hshsupdates.org/" target="_blank" rel="noopener">restored</a> their access to MyChart after experiencing an outage since Aug. 27. </p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 19, 2023 at 10:50AM
.
TITLE:
North Korea hacking group targeting healthcare
.
URL:
https://www.beckershospitalreview.com/cybersecurity/north-korea-hacking-group-targeting-healthcare.html
<p>HHS has <a href="https://www.hhs.gov/sites/default/files/manage-engine-vulnerability-sector-alert-tlpclear.pdf" target="_blank" rel="noopener">warned</a> that Lazarus Group, a North Korean state-sponsored hacking group, has been targeting U.S. healthcare by exploiting a vulnerability in ManageEngine products.</p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Happy Tuesday everyone!
Researches from the ANY.RUN - Interactive Malware Analysis Service team take a dive into a sample of the #XWorm malware that was uploaded recently. This is an awesome article about the process they took while trying to analyze the malware and the logic they used! Enjoy and Happy Hunting!
XWorm: Technical Analysis of a New Malware Version
https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/?utm_source=hacker_news&utm_medium=article&utm_campaign=xworm0923&utm_content=linktoblog
MITRE ATT&CK TTPs and behaviors:
TA0003 - Persistence (I would start here!)
T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys/Startup Folder
T1053.005 - Scheduled Task/Job: Scheduled Task
TA0002 - Execution
T1047 - Windows Management Instrumentation
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
We analysed the security of a #WindRiver #VxWorks (the operating system running also on NASA's Curiosity mars rover) embedded device and found a critical vulnerability in the #tarExtract function: https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/ #itsecurity #infosec #pentesting #cisa #vxworks
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 18, 2023 at 03:12PM
.
TITLE:
21,000 Sanford patients affected by vendor breach
.
URL:
https://www.beckershospitalreview.com/cybersecurity/21-000-sanford-patients-affected-by-vendor-breach.html
<p>Patient data from Sioux Falls, S.D.-based Sanford Health has been compromised as the health system's imaging vendor, DMS Health Technologies, experienced a data security incident between March 27 and April 24, <a href="https://www.valleynewslive.com/2023/09/15/personal-information-thousands-sanford-health-patients-potentially-compromised/" target="_blank" rel="noopener"><em>Valley News Live</em></a> reported Sept. 15. </p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 18, 2023 at 03:10PM
.
TITLE:
New York hospital CEO says it will not pay hackers ransom
.
URL:
https://www.beckershospitalreview.com/cybersecurity/new-york-hospital-ceo-says-it-will-not-pay-hackers-ransom.html
<p>Richard Duvall, CEO of Carthage (N.Y.) Area Hospital and Ogdensburg, N.Y.-based Claxton-Hepburn Medical Center, said they have received a demand from hackers but will not be paying the ransom, <a href="https://www.northcountrynow.com/news/no-ransom-hackers-says-claxton-hepburn-carthage-area-hospital-ceo-0346655" target="_blank" rel="noopener"><em>North Country This Week</em></a> reported Sept. 15. </p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Open LEMMY instance for all mental health workers: https://lem.clinicians-exchange.org
.
DATE:
September 18, 2023 at 10:35AM
.
TITLE:
Ransomware gang stealing data from North Carolina hospitals
.
URL:
https://www.beckershospitalreview.com/cybersecurity/ransomware-gang-stealing-data-from-north-carolina-hospitals.html
<p>Russian ransomware gang <a href="https://www.beckershospitalreview.com/cybersecurity/healthcare-ransomware-gang-exploiting-new-vulnerability.html">Clop</a> is being attributed to the attack on a vulnerability in software called MOVEit that has affected multiple hospitals and health systems around the U.S., <em>Security Affairs</em> reported Sept. 17. </p>
.
.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
We got a PACKED #MalwareMonday this time!
The Palo Alto Networks Unit 42 researchers provide a comprehensive look at the apt known as #Turla (aka Pensive Ursa, Uroburos, Snake), their TTPs, and the malware they use! Enjoy and Happy Hunting!
Threat Group Assessment: Turla (aka Pensive Ursa)
https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
🎉 I am honored to be presenting at the #SwissCyberStorm conference on October 24, 2023! 🎉
🔍 Talk Title: "Unveiling Malicious Behavior in Unknown Binaries"
In this presentation, we will:
🔑 Dive deep into strategies for extracting malicious behaviors in unknown binaries.
🛡 Cover tactics from fundamental signature-based checks, string analysis, and packer detection to advanced heuristics.
🌐 Discuss identifying Command and Control (C2) communication and decryption routines in malware.
🚀 With the rise of sophisticated malware, traditional strategies often fall short. We will introduce advanced techniques and heuristics to navigate and analyze complex binary files.
📌 For more details and to register, visit: https://www.swisscyberstorm.com/schedule/
#scs23 #cybersecurity #itsecurity #reverseengineering #malware #malwareanalysis
@alternativeto After update, the behavior was different: Tapping a token, copies to the clipboard & minimizes the app. But this can be configured, now it works as expected (like before). I 'm convinced 2FA should be "located" on a different device. Copying makes little sense to me. But how nice, that it is individually configurable - opinions and preferences differ :)
#aegis #foss #2fa #secondfactor #password #itsec #itsecurity #safety #account #protection #foss #opensource
We had a look at Liechtenstein's electronic health files and the underlying #Liferay portal software and found some weaknesses in the portal software as well as risks in the IT setup. Full article (in German only): https://www.pentagrid.ch/de/blog/it-sicherheit-beim-elektronischen-gesundheitsdossier-im-fuerstentum-liechtenstein/ #itsecurity #infosec #eHealth #eGD
Iranian nation-state threat group APT33 attempted to infiltrate thousands of organizations — sometimes successfully — in a months-long global password spray campaign, according to @Microsoft. #cybersecurity #infosec #ITsecurity
https://www.scmagazine.com/news/global-password-spray-attacks-target-thousands-of-organizations?s=09
Happy Sunday!
The Intel 471 team provides their findings of the #BumbleBee loader as it makes its comeback after a two month break. Taking the place of the #BazarLoader (the source code was leaked when the #Conti leak occurred). The BumbleBee loader has been associated with distributing ransomware and is currently being used by multiple threat actors. My favorite part of this article though (and not surprising) is all the MITRE ATT&CK mappings that provide all the #ThreatHunters a place to start looking, so thank you for that team! I hope you all enjoy and Happy Hunting!
Bumblebee Loader Resurfaces in New Campaign
https://intel471.com/blog/bumblebee-loader-resurfaces-in-new-campaign
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Follow the Check Point Software Technologies Ltd research team as they take a deep dive into the #phishing campaign they observed that targeted over 40 companies in Colombia. What started with a phishing email led to the #Remcos RAT which provides the adversaries with full control over the infected computer. Enjoy and Happy Hunting!
GUARDING AGAINST THE UNSEEN: INVESTIGATING A STEALTHY REMCOS MALWARE ATTACK ON COLOMBIAN FIRMS
https://research.checkpoint.com/2023/guarding-against-the-unseen-investigating-a-stealthy-remcos-malware-attack-on-colombian-firms/#single-post
MITRE ATT&CK TTPs (but not all! Feel free to add your input in the comments!):
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing Attachment
TA0002 - Execution
T1204.002 - User Execution: Malicious File
T1059.001 - Command and Scripting Interpreter: PowerShell
T1059.003 - Command and Scripting Interpreter: Windows Command Shell
TA0005 - Defense Evasion
T1036.007 - Masquerading: Double File Extension
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
»Jedes 5. KMU ist schlecht oder gar nicht auf Cyberrisiken vorbereitet«
Kein Kommentar von mir und auch kein erstaunen, da in der Schweiz die IT öfters nicht ernst genommen und auch nicht in Form genommen wird – man hat es einfach, weil so ist.
--
#it #sicherheit #schweiz #arbeit #kmu #cybersecurity #itsecurity #firma
Hey @viennawriter, ich habe dein Buch „Dann haben die halt meine Daten. Na und?“ eben fertig gelesen. Richtig gut geschrieben, danke dafür! Du hast die Themen richtig gut verständlich aufbereitet und erklärt. Selbst ich alter Linux-Nerd hab richtig viele Ideen mitgenommen und ein paar schon umgesetzt. Ich bin übrigens hier im Fediverse auf dein Buch aufmerksam gemacht worden und habe es mir direkt im lokalen Buchladen gekauft. Mach weiter so! #itsecurity #datenschutz #autorin
Happy Wednesday everyone!
I am very honored to announce that I once again have the esteemed honor of being selected to be a Black Hat trainer, this time at #BlackHatEurope. I will be delivering Cyborg Security's Threat Hunter training virtually which means if you weren't able to attend #BlackHatUSA or make it to London this year, you are still able to get the same level of training wherever you are! But hurry, early registration ends September 22nd! I look forward to meeting all the hunters out there, but until then, Happy Hunting!
Black Hat Europe Training Registration:
https://www.blackhat.com/eu-23/training/schedule/#beyond-iocs-how-to-effectively-threat-hunt-using-ttps-and-behaviors-virtual-32372
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
11 Password Cracker Tools (Password Hacking Software 2023)
Read this comprehensive review and comparison of the top Password Cracking Tools to select the Best Password Cracker for your requirements:
🔓 https://www.softwaretestinghelp.com/password-cracker-tools/
--
#hack #passwords #crack #tools #requirement #security #software #review #itsecurity
FIDO Passkeys 2 – In Zukunft ohne Passwort – 📘 Zweiter Teil der Artikelserie von Niko Köbler
#ittage @dasniko @JUG_DA #fidopasskeys #itsecurity
https://www.informatik-aktuell.de/betrieb/sicherheit/fido-passkeys-2-in-zukunft-ohne-passwort.html
This VERT Alert addresses Microsoft’s September 2023 Security Updates, which includes a recently introduced release notes format.
Learn more. ⤵️
https://www.tripwire.com/state-of-security/vert-threat-alert-september-2023-patch-tuesday-analysis
I hope everyone is refreshed from the weekend and ready to go!
This #MalwareMonday is brought to you by Truesec whose research team took a look at the #DarkGate malware that was distributed using #Microsoft teams. It started when an external sender shared a malicious link that led to a zip file being downloaded which contained a LNK file (shortcut) that was disguised as a PDF that when clicked would execute a VBScript which ultimately leads to the DarkGateLoader being dropped. Happy Hunting!
DarkGate Loader Malware Delivered via Microsoft Teams
https://www.truesec.com/hub/blog/darkgate-loader-delivered-via-teams
MITRE ATT&CK
TA0001 - Initial Access
T1566.002 - Phishing: Spearphishing Link
TA0002 - Execution
T1204.002 - User Execution: Malicious File
T1059.005 - Command and Scripting Interpreter: Visual Basic
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Groundbreaking research project "Ecosystem Trustworthy IT" #EvIT plans provable #ITSecurity through #FormalVerification.
#Cybersecurity #FormalMethods #CybersecurityByDesign #KRITIS #Cybersecurity
https://nachrichten.idw-online.de/2023/09/11/demonstrable-it-security-through-formal-verification
Groundbreaking research project "Ecosystem Trustworthy IT" #EvIT plans provable #ITSecurity through #FormalVerification.
#Cybersecurity #FormalMethods #CybersecurityByDesign #KRITIS #Cybersecurity
https://nachrichten.idw-online.de/2023/09/11/demonstrable-it-security-through-formal-verification
Researchers from Kaspersky's #SecureList team takes a deep-dive into an "Evil Telegram" doppelgänger that is targeting Chinese users. At first the app looks benign and non-malicious until they started digging into the code. They found some functions that were designed to gather information of the contacts and access to the phone of the victim but also contains a function to gather messages and upload them to a command and control server that the adversary runs! Enjoy and Happy Hunting!
Evil Telegram doppelganger attacks Chinese users
https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
#LockBit #ransomware gang stole 10GB of data from a security fencing company by compromising a “rogue” #Windows7 PC connected to an otherwise secure network. #cybersecurity #infosec #ITsecurity #Мalware
https://www.scmagazine.com/news/lockbit-breaches-fence-companys-weakest-link-a-windows-7-pc
Marcus Hutchins at Malwaretech posted about a new "feature" of Chrome that reports to 3rd parties what websites you visit.
This means YOUR CLIENTS can have the URLs of your TELEHEALTH system reported to 3rd parties.
So -- for example, if you use Psychology Today for telehealth, they will know the client is seeing a mental health professional. If you use Zoom, they will LIKELY just know the client went on a Zoom call -- but then you have a unique Zoom URL link, so its possible someone will bother to catalogue that your particular Zoom link is medical. So, again, same problem.
This is not a HIPAA problem under your control, but perhaps some client education on browser privacy settings is in order?
https://infosec.exchange/@malwaretech/111019619190896517
For people who for some reason still want to use Chrome:
Settings > Privacy >Ad privacy, then just toggle everything off.
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
»Chrome extensions can steal plaintext passwords from websites« 🤷♂️🙄
https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-plaintext-passwords-from-websites/
--
#google #password #fail #chrome #steal #plaintext #web #website #unsecure #cleantext #security #itsecurity
Happy Friday everyone, I hope you all have a fun and safe long weekend!
With the #Qakbot botnet down (hopefully permanently and not just for the moment) Secureworks researchers provide technical behaviors of the attack chain. Surprise! They found that phishing was used, which led to a user clicking on a malicious link then a zip file being downloaded. Once the user opened up the zip file Regsvr32 was abused to execute a script a Qakbot binary. Again, another surprise is that #CobaltStrike was involved, #rclone was used to exfil data, and ended with Black Basta #ransomware. A great article I would recommend taking the time to read! Enjoy and Happy Hunting!
QAKBOT CAMPAIGN DELIVERED BLACK BASTA RANSOMWARE
https://www.secureworks.com/blog/qakbot-campaign-delivered-black-basta-ransomware
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Good day all! If you have been looking for technical and behavioral artifacts regarding CVE-2023-2868, look no further! Mandiant (now part of Google Cloud) takes a deep-dive into #UNC4841, a Chinese-nexus threat group, activity that shows how the group is growing in maturity and sophistication. There is a lot to learn about TTPs from this article and I hope you enjoy it as much as I did! Happy Hunting everyone!
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Good day everyone! The DFIR Report released their latest report detailing an attack that involved two different adversaries, one acted as the distributor while the other filled the role of hands on keyboard. #TA551 was responsible for the phishing campaign and a #Nokoyawa ransomware affiliate was responsible for the rest! I hope you enjoy this and find it as useful as I did, and as always, #HappyHunting!
HTML Smuggling Leads to Domain Wide Ransomware
https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
Some MITRE ATT&CK TTPs (Thanks to the DFIR team):
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing Attachment
TA0002 - Execution
T1509.001 - Command and Scripting Interpreter: Powershell
TA0003 - Persistence
T1053.005 - Scheduled Task/Job: Scheduled Task
TA0009 - Collection
T1560 - Archon Collected Data
TA0005 - Defense Evasion
T1027.006 -Obfuscated Files or Information: HTML Smuggling
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday #MitreMonday
Today we published an advisory for Busybox cpio. When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this.
Full advisory: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability
„There is no cloud. It’s just someone else’s computer.“
#cloud #encryption #itsecurity #privacy #opensource https://social.anoxinon.de/@gnulinux/110950852956204987
Diese #TryHackMe-#Windows-Räume sind ja auch eher schmerzhaft. #Microsoft-Produkte sollten unter die Genfer Konventionen fallen. :/ #ITSec #Sicherheit #ITSecurity
Mit Exodus, #fdroid und trackercontrol können #android Benutzers unerwünschte "Nebenwirkungen" von apps ergründen und datensparsame Alternativen finden.
https://reports.exodus-privacy.eu.org/de/
https://f-droid.org/packages/net.kollnig.missioncontrol.fdroid/
#privacy #datenschutz #tracking #dsgvo #datensparsamkeit #itsec #itsecurity
Es wird zwar noch viele Monate dauern, aber ich bereite mich auf ein neues #smartphone vor. Bisher ging es mir meist um Bequemlichkeit sowie günstigen Preis, ich hab wenig auf specs geachtet, aber ich will die Hoheit über meine Daten zurück... Mist, zu spät 😉
Was würdet ihr unter Berücksichtigung gestiegener Anforderungen an #privacy und #itsecurity auswählen?
#android #fairphone #nitrokey #NitroPhone #shiftphone #murena #fdroid
Confronted our IT mgmt. with the microsoft key theft today. Answer: "its ok, our managed security provider said we're not affected."
Followup question about the underlying issues of gross negligence and security theater on ms' part: no more answer.
Of course. What would you answer if you had no exit strategy?
Well, into the CMA folder the thread goes. I'm sure it'll come in handy some day. #itsecurity #incompetence
Not a day goes by that I don't miss working in the IT Security field. I left the field more than 15 years ago because of a horrible manager. Leaving was a mistake. Sadly, with the length of time that I've been out of the field, and my age (56), my wanting to rejoin the field is probably just a dream at this point. #ITSecurity #CyberSecurity #infosec
We are so excited to share that @BleepingComputer has published a story on @tompohl's #zeroday discovery! Our team is committed to shining a spotlight on the need for manufacturers to improve their private key #security and prioritize fixing vulnerabilities. Tom will also be presenting this information at #DEFCON31 tomorrow, so please stop by if you are in the area!
Read the story here: https://www.bleepingcomputer.com/news/security/dell-compellent-hardcoded-key-exposes-vmware-vcenter-admin-creds/
Read our press release here: https:https://www.lmgsecurity.com/news/new-dell-private-key-vulnerability-discovered-by-lmg-security-researcher/
Der Verlust von Daten ist meist sehr ärgerlich. Habt ihr schon einmal eine Datei verloren, der ihr heute noch nachtrauert? Oder konnte euch eine Sicherung schon vor einer persönlichen Katastrophe „retten“? Wir sind gespannt auf eure Kommentare!
Aktuelle Infos zu Sicherheitslücken und weitere Informationen zum Retten von Daten hier:
https://www.bsi.bund.de/dok/131216
#DeutschlandDigitalSicherBSI #IT #ITSicherheit #Sicherheit #CyberSecurity #ITSecurity #InfoSec #CyberCrime #Datensicherung
A torrent of newly discovered software vulnerabilities over the past few months has some within the cybersecurity research community calling this the “hot zero-day summer.” #cybersecurity #infosec #ITsecurity
https://www.scmagazine.com/feature/as-hot-zero-day-summer-rolls-on-experts-think-this-might-be-the-new-normal
Real human here. The purpose of this bot is to educate, not annoy people. So I'm doing a poll. What option below would be best?
Thanks,
Michael
~~
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords #infosec @infosec #telehealth #netneutrality #socialengineering
U.S. federal agencies have been ordered to patch a newly discovered maximum severity #Ivanti software bug that was exploited in an attack against a dozen Norwegian government ministries. #cybersecurity
#infosec #ITsecurity
https://www.scmagazine.com/news/ivanti-bug-exploited-in-attack-on-norwegian-government
Mehr Drama in der Cyberkatastrophe von Anhalt-Bitterfeld 2021: Das BSI muss ein weiteres Mal kommen. 41 Personentage investiert die Bundesbehörde in den Landkreis. Und nach dem BSI kommt: die Bundeswehr. "Cyberkavallerie" heißt die Folge #Podcast "You are fucked - Deutschlands erste Cyberkatastrophe". Und am Ende: der vertrauliche Abschlussbericht des BSI zur Cyberkatastrophe.
https://www.ardaudiothek.de/sendung/you-are-fucked-deutschlands-erste-cyberkatastrophe/94585814/
#cyberkatastrophe #anhaltbitterfeld
#cybersicherheit #cybersecurity #itsecurity #itsicherheit
#SymLink: The article acknowledges the difficulties of securing an enterprise environment, emphasizing the expense, complexity, and underappreciation of the task, and provides insights and practical advice from a recent Security Tech Field Day event. #SecurityChallenges #EnterpriseSecurity #ITSecurity #XFD9 @alex
https://www.yobyot.com/cloud/security-is-hard/2023/07/05/
@Yobyot #XFD9 #Roundtable
Old customer infrastructure based on #Proxmox 5 and an ancient #Dell server running an outdated #pfSense.
They asked me to update everything because the ERP provider (a small software house) accessing via #VPN claims the pfSense version is too old. I agree and decide to upgrade Proxmox.
On the old Dell, I install #OpenBSD and, in agreement with the ERP provider, a #Wireguard VPN.
After a few days, they 'recall' me because, for their internal compliance and following their '#security manual,' they need to enter the password manually every time they connect, and Wireguard doesn't support user/password concept.
They ask for the possibility to change the PSK with each access to ensure that the one in their configuration files is not the current one - an absurd operation. I don't have a maintenance contract and can't take this responsibility, as it doesn't make sense. Clearly, they agreed on Wireguard without even knowing what it was.
To avoid issues, I ask them what to install instead. They suggest #OpenVPN might be acceptable. I proceed accordingly. They contact me again: 'The version of OpenVPN is not suitable, and OpenBSD is not certified according to our security procedures.' I ask them to tell me what is certified. They respond: '#Debian 7, #Wheezy - and the version of OpenVPN from Debian 7.'
I politely point out that Debian 7 reached its End of Life in 2016, and even the extended LTS has been unsupported for 3 years. They don't care, they must abide by their manual - it's safe for them.
The customer asks me to accommodate them anyway, but I reflect on the fact that when they inevitably get compromised, it will be my fault for installing something so outdated today.
I declined the job - limiting myself to updating Proxmox.
I'm not sure if I'm more offended by the bureaucracy of certain 'internal manuals' or by the closed-mindedness of certain colleagues who can't stand up against such dynamics.
#ITSecurity #InfrastructureUpgrade #ClientIssues #IT #SyaAdmin
Siderea,
Exactly.
Google Analytics is now a topic of conversation on the Baltimore Therapist listserv.
Your point about classism is well taken.
QUESTION: Am I correct in assuming that Google Analytics is likely to be harvesting client-side data and storing it? Asking for an educated guess as we might not know...
For the less-than-tech-saavy medical professionals and therapists in the room -- what log analyzers might they ask for when they speak to their marketing and IT teams about this issue?
Thanks,
Michael
@siderea @infosec @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords #infosec @infosec #telehealth #netneutrality #socialengineering #marketing #seo #therapy
#psychology #counseling #socialwork #psychotherapy #mentalhealth #psychiatry #healthcare
My interpretation of this article is that hospitals, clinics, insurance companies, etc. need to get links and repost icons for Facebook, Twitter, etc. OFF their websites. If you work for a big institution -- talk to your marketing team as they are used to doing this routinely. If you are a small provider, look at your website -- especially if you created it years ago back when no one thought of the problems and you just wanted some traffic.
~~~~~~~~
TITLE: FTC, HHS warn health providers not to use tracking tech in websites, apps
The Federal Trade Commission (FTC) and Department of Health and Human Services (HHS) sent a joint letter to about 130 hospital systems and telehealth providers Thursday, warning of security risks posed by tracking technologies such as the Meta/Facebook Pixel and Google Analytics.
https://therecord.media/apps-website-tracking-healthcare-ftc-hhs-warning
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords #infosec @infosec #telehealth #netneutrality #socialengineering #marketing #seo #therapy
#psychology #counseling #socialwork #psychotherapy @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry
@infosec #mentalhealth #psychiatry #healthcare
Was passiert eigentlich, wenn eine Behörde nicht arbeiten kann, weil die Computer nicht benutzt werden können? Sie improvisiert. Heute erscheint die dritte Folge vom #Podcast "You are fucked - Deutschlands erste Cyberkatastrophe". Darin geht es um Studierende der Hochschule Anhalt, die in ihren Heimatländern stranden. Wegen falscher Papiere vom Landkreis.
https://www.ardaudiothek.de/sendung/you-are-fucked-deutschlands-erste-cyberkatastrophe/94585814/
#cyberkatastrophe #anhaltbitterfeld
#cybersicherheit #cybersecurity #itsecurity #itsicherheit #verwaltung #behörden
Gerade gelesen und für geil befunden: „IT-Sicherheit ist wie Tetris. Deine Erfolge verschwinden, aber Deine Misserfolge nicht.“
(Mikko Hyppönen, was vernetzt ist, ist angreifbar, S. 45)
@thisismissem
It's not #creepy, it's #physics.
AND: there is so much more to hack in #itsecurity.
:-)
#use and #intention
vs.
#fact and #structure
We are looking for a #security expert joining our team as a senior security engineer in #munich, Germany. If you are interested or know somebody else, please DM me for details.
German language is not required, we speak English internally.
Fediverse-vise I am living more in a ham radio bubble than in an infosec one so if you have security folks as followers, please boost.
Die #cyberkatastrophe von Anhalt-Bitterfeld - und jetzt?
Ein paar Erkenntnisse aus unser Live-#Podcast Folge von "Digital leben" am vergangenen Freitag in Halle zur Langen Nacht der Wissenschaften, als wir zu Besuch bei der @Cyberagentur sein durften.
Zu Gast auch die unvergleichliche @evawolfangel
You are fucked - Deutschlands erste Cyberkatastrophe.
Ein #Podcast des MDR über den Hackerangriff auf den Landkreis Anhalt-Bitterfeld.
Unser Trailer ist online:
https://www.mdr.de/mdr-sachsen-anhalt/podcast/you-are-fucked/deutschlands-erste-cyberkatastrophe-hack-anhalt-bitterfeld-100.html
📳 zum RSS-Abo
Interesting Blogpost by Sucuri Blog:
Demystifying Website Hacktools: Types, Threats, and Detection
https://blog.sucuri.net/2023/06/demystifying-website-hacktools-types-threats-and-detection.html
Bad News:
EU gründet Arbeitsgruppe gegen Verschlüsselung und Anonymität
neues Prinzip
„Security-by-Design“ & „Access by Design“
Wer kennt es nicht? Der USB-Stick hat nur Schokoladenseiten. 🍫
#DeutschlandDigitalSicherBSI #IT #ITSicherheit #Sicherheit #CyberSecurity #ITSecurity
Any big plans for the weekend? 🤨
👩💻 How about finally applying for a new job?
🕵️♂️ If #ITsecurity is your game, check out our new #vacancy and join #teamDIGIT.
Find out more & apply 👉 https://europa.eu/!JFHHDg
"Basler Schulnetz gehackt, Schülerdaten im Darknet"
Oida, da ist alles dabei: Zeugnisse, psychologische Gutachten über die Kinder... 😡
1,2 TB Daten, unpackbar.
Aus gegebenem Anlass: wenn ihr Handys verkauft, dann setzt die vorher zurück und löscht eure Daten!
Nicht wie der Typ, dessen Handy ich gekauft habe, wo WhatsApp, Fotos, Musik und sein ganzes Leben noch drauf waren.
WTF, nicht mal screenlock war da eingestellt. 😮
@protonmail entwickelt #PasswortManager:
Proton Pass: Neuer Passwortmanager startet Beta-Phase #ITSecurity #ITSicherheit
https://www.heise.de/news/Proton-Pass-Neuer-Passwortmanager-startet-Beta-Phase-8974269.html
#SecurityByDesign und #SecurityByDefault:
Internationale Cyber-Sicherheitsbehörden
fordern IT-Hersteller auf, Sicherheitsaspekte bei der Produktentwicklung stärker zu berücksichtigen.
via @bsi
To all #website developers who allow multiple #U2F hardware keys to be added for #2FA: Thank you.
To all who don't: Freaking add the option for adding multiple keys.
I have different #Yubikey variants for different devices (USB A, USB C, NFC) and I don't want to be forced to fiddle around with these flimsy plastic things and adapters.
In meinem #DatenschutzPodcast passiert momentan wenig, weil ich seit Langem grübele, wie es damit weitergehen soll. Das Thema #Datenschutz ist schon länger zu eng. Die Themen waren zuletzt zusätzlich auch #ITSecurity und #Netzpolitik.
Die Frage in die #Community ist daher: Was möchtet Ihr denn gerne an Themen hören? Gibt es Menschen, mit denen ich mich im #Podcast mal unterhalten sollte? Irgendwas, was Ihr mir sonst zum Datenschutz Podcast sagen möchtet?
Do you have:
🔴 Experience with large-scale #IT solutions?
🟡 Experience in script-based automation (e.g. PowerShell)?
🟢 Interest in #ITsecurity matters?
Check out our new #vacancy & join us in #teamDIGIT 👉 https://europa.eu/!KXf9Tj
👩💻 We look for an experienced IT professional to deliver Digital Workplace solutions, such as #Microsoft365 and other #cloud solutions.
🕵️ Interest in #ITsecurity matters would come handy.
🔎 Check out our #vacancy & join #teamDIGIT 👉 https://europa.eu/!cqGpGc
👩💻 Join the Computer Security Incident Response Team and make sure that the EU institutions, bodies and agencies implement #ITsecurity measures.
🖱️ Find out more in the #vacancy 👉 https://europa.eu/!X4qy8r
We look forward to welcoming you in #teamDIGIT!
#Intro time then
I asked ChatGPT "can you help me write an introduction post for a social network? I live in Perth, Western Australia and work in IT. I have no cats"
The response is WAY better than I could ever write. See alt-txt for full text.
#technology
#ITSecurity
#outside
#camping
#beer
#happiness
#bipolar
#Australia
You have three years of experience in #ITSecurity, including:
🟥 Operations
🟨 Risk management
🟩 Compliance
🟦 Processes and implementation measurements
🟪 Audit or consulting
Take a look at this #vacancy and join us in #teamDIGIT 👉 https://europa.eu/!fQ3GFv
Zusammen mit @evawolfangel habe ich mir deutsche Hochschulen genauer angeschaut. Es konnten diverse Schwachstellen gefunden werden. Einige nicht nennenswert, andere hingegen fatal. Das Ergebnis wurde über @zeitonline veröffentlicht #ITsecurity
https://www.zeit.de/2023/04/it-sicherheit-hochschule-sicherheitsluecken-hacker/seite-3
Danke @evawolfangel, die auch teils bis in die Nacht gearbeitet hat. Auch ein großes Dankeschön an @kantorkel (CCC), der die Schwachstellen für ZEIT ONLINE bewertet und mir nebenbei extrem wertvollen Input gegeben hat.
Daniel Gruss von der TU Graz forscht daran, wie man IT-Security nachhaltiger und energieeffizienter machen kann. Er hat dafür 1,5 Mio Euro EU-Forschungsgelder bekommen. Der Ansatz, an dem er arbeitet, hört sich revolutionär an. Eines meiner spannendsten Interviews dieses Jahr: https://futurezone.at/amp/science/it-sicherheit-energieeffizienz-nachhaltigkeit-tu-graz-forschung-kryptografie/402235191
Womöglich Datenlücke bei Twitter ausgenutzt: 400 Millionen Konten kompromitiert
Sicherheitsforscher berichten, dass 400 Millionen möglicherweise echte Twitter-Konten mit E-Mail-Adressen und Telefonnummern zum Verkauf angeboten werden.
I never wrote a proper #introduction so here goes.
I have been working in "IT" for over 15 years. Starting all the way at the bottom and working my way up.
I mostly work in small and medium sized business as a security professional. Helping them to uplift their security posture. This involves a lot of education around the basics and what is and isn't good practise and/or value for money.
Being in that space does mean I still do a lot of "traditional" IT work (i.e. IT Ops). I really enjoy the variety that brings.
Outside of work I play video games, dabble in 3D printing and home automation.
Other people tell me I'm a foodie, so I guess I am. I'd probably describe myself more as a dessert aficionado 😋
I'm #nonbinary and prefer they/them. But won't get upset at you if you forget.
#PlayStation #VR #InfoSec #SecurityBasics #3DPrinting #HomeAutomation #Dessert #Foodie #ITSecurity #ITOps
Die #Ransomware-Gruppe kam vermutlich über eine #Phishing-E-Mail in die Netze, sagte mir ein Insider. Wenn sie wirklich "nur" vier Wochen in den Netzen waren, ist die Ausbeute beeindruckend/erschreckend.
Immerhin: Aus Continental-Unternehmenskreisen wurde mir versichert, man lasse sich nicht erpressen, ganz egal, wie hoch der Schaden sei, der durch eine Veröffentlichung entstehe.
Hier nochmal der Link zum Text (Paywall): https://www.zeit.de/digital/datenschutz/2022-12/continental-cyberangriff-hack-daten-angestellte/seite-3
#cybersecurity #Itsec #ITSecurity
Hallo Fediverse!
Das Fraunhofer-Institut FOKUS ist ab sofort auch auf Mastodon aktiv! 🥳
Wir erforschen die Digitale Vernetzung und ihre Auswirkungen auf Gesellschaft, Wirtschaft und Technologie.
Wir freuen uns auf den gemeinsamen Austausch und auf die Vernetzung hier auf dieser Plattform.
Vielen Dank @bfdi für die Einladung!
#neuhier
#Digitalisierung
#Digitalisierungsforschung
#ITsecurity
#wirvernetzenalles
I'm a PhD candidate from Germany working on improving #ITsecurity with good #usability. A lot of my work is focused on authentication, especially risk-based authentication (see link in bio). I also brought my expertise to the industry (e.g., Meta, Telenor).
Looking forward to some connections here. Also, feel free to reach out anytime.
#introduction #science #academia #cybersecurity #infosec #ux #HCI
Why, hello there you Mastodons! I’m Flemming, and I created this account and an account for my #music (@flagfarm) today. Music is one of my passions.
#Painting, #writing #fiction and #nonfiction and #poetry, #itsecurity, #drawing, #sculpting, #japanese #culture are some of the others I have.
I’m old enough to be a grumpy man, but I’m not. I try to be a fuc%*+]ng nice human being.
I identify as a #zen #atheist #stoic and I respect other peoples faith or lack there off.