Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data. Show all posts
Tech Industry
Cyberattacks CyberCriminal Cybersecurity CyberThreat Data Data Minimizations GDPR Privacy Tech Industry

Tech's Move Toward Simplified Data Handling

 


The ethos of the tech industry for a long time has always been that there is no shortage of data, and that is a good thing. Recent patents from IBM and Intel demonstrate that the concept of data minimization is becoming more and more prevalent, with an increase in efforts toward balancing the collection of information from users, their storage, and their use as effectively as possible. 

It is no secret that every online action, whether it is an individual's social media activity or the operation of a global corporation, generates data that can potentially be collected, shared, and analyzed. Big data and the recognition of data as a valuable resource have led to an increase in data storage. Although this proliferation of data has raised serious concerns about privacy, security, and regulatory compliance, it also raises serious security concerns. 

There is no doubt that the volume and speed of data flowing within an organization is constantly increasing and that this influx brings both opportunities and risks, because, while the abundance of data can be advantageous for business growth and decision-making, it also creates new vulnerabilities. 

There are several practices users should follow to minimize the risk of data loss and ensure an environment that is safer, and one of these practices is to closely monitor and manage the amount of digital data that users company retains and processes beyond its necessary lifespan. This is commonly referred to as data minimization. 

According to the principle of data minimization, it means limiting the amount of data collected and retained to what is necessary to accomplish a given task. This is a principle that is a cornerstone of privacy law and regulation, such as the EU General Data Protection Regulation (GDPR). In addition to reducing data breaches, data minimization also promotes good data governance and enhances consumer trust by minimizing risks. 

Several months ago IBM filed a patent application for a system that would enable the efficient deletion of data from dispersed storage environments. In this method, the data is stored across a variety of cloud sites, which makes managing outdated or unnecessary data extremely challenging, to achieve IBM's objective of enhancing data security, reducing operational costs, and optimizing the performance of cloud-based ecosystems, this technology has been introduced by IBM. 

By introducing the proposed system, Intel hopes to streamline the process of removing redundant data from a system, addressing critical concerns in managing modern data storage, while simultaneously, Intel has submitted a patent proposal for a system that aims to verify data erasure. Using this technology, programmable circuits, which are custom-built pieces of hardware that perform specific computational tasks, can be securely erased.

To ensure the integrity of the erasure process, the system utilizes a digital signature and a private key. This is a very important innovation in safeguarding data security in hardware applications, especially for training environments, where the secure handling of sensitive information is of great importance, such as artificial intelligence training. A growing emphasis is being placed on robust data management and security within the technology sector, reflected in both advancements. 

The importance of data minimization serves as a basis for the development of a more secure, ethical, and privacy-conscious digital ecosystem, as a result of which this practice stands at the core of responsible data management, offering several compelling benefits that include security, ethics, legal compliance, and cost-effectiveness. 

Among the major benefits of data minimization is that it helps reduce privacy risks by limiting the amount of data that is collected only to the extent that is strictly necessary or by immediately removing obsolete or redundant information that is no longer required. To reduce the potential impact of data breaches, protect customer privacy, and reduce reputational damage, organizations can reduce the exposure of sensitive data to the highest level, allowing them to effectively mitigate the potential impact of data breaches. 

Additionally, data minimization highlights the importance of ethical data usage. A company can build trust and credibility with its stakeholders by ensuring that individual privacy is protected and that transparent data-handling practices are adhered to. It is the commitment to integrity that enhances customers', partners', and regulators' confidence, reinforcing the organization's reputation as a responsible steward of data. 

Data minimization is an important proactive measure that an organization can take to minimize liability from the perspective of reducing liability. By keeping less data, an organization is less likely to be liable for breaches or privacy violations, which in turn minimizes the possibility of a regulatory penalty or legal action. A data retention policy that aligns with the principles of minimization is also more likely to ensure compliance with privacy laws and regulations. 

Additionally, organizations can save significant amounts of money by minimizing their data expenditures, because storing and processing large datasets requires a lot of infrastructure, resources, and maintenance efforts to maintain. It is possible to streamline an organization's operation, reduce overhead expenditures, and improve the efficiency of its data management systems by gathering and retaining only essential data. 

Responsible data practices emphasize the importance of data minimization, which provides many benefits that are beyond security, including ethical, legal, and financial benefits. Organizations looking to navigate the complexities of the digital age responsibly and sustainably are critical to adopting this approach. There are numerous benefits that businesses across industries can receive from data minimization, including improving operational efficiency, privacy, and compliance with regulatory requirements. 

Using data anonymization, organizations can create a data-democratizing environment by ensuring safe, secure, collaborative access to information without compromising individual privacy, for example. A retail organization may be able to use anonymized customer data to facilitate a variety of decision-making processes that facilitate agility and responsiveness to market demands by teams across departments, for example. 

Additionally, it simplifies business operations by ensuring that only relevant information is gathered and managed to simplify the management of business data. The use of this approach allows organizations to streamline their workflows, optimize their resource allocations, and increase the efficiency of functions such as customer service, order fulfillment, and analytics. 

Another important benefit of this approach is strengthening data privacy, which allows organizations to reduce the risk of data breaches and unauthorized access, safeguard sensitive customer data, and strengthen the trust that they have in their commitment to security by collecting only essential information. Last but not least, in the event of a data breach, it is significantly less impactful if only critical data is retained. 

By doing this, users' organization and its stakeholders are protected from extensive reputational and financial damage, as well as extensive financial loss. To achieve effective, ethical, and sustainable data management, data minimization has to be a cornerstone.
Read more »
Ransomware
Backups Cyber Security Data Ransomware

Ransomware Attacks Expose Gaps in Backup Practices: The Case for Modern Solutions

 


Ransomware attacks are becoming increasingly sophisticated and widespread, posing significant risks to organizations worldwide. A recent report by Object First highlights critical vulnerabilities in current backup practices and underscores the urgency of adopting modern solutions to safeguard essential data.

Outdated Backup Systems: A Growing Concern

Nearly every organization still relies on outdated backup technologies, leaving them exposed to cyberattacks. According to the survey, 34% of respondents identified outdated backup systems as a severe vulnerability, emphasizing their inability to combat modern ransomware tactics devised by malicious actors.

Another alarming gap is the lack of encryption in backup processes, noted by 31% of IT professionals. Encryption is essential for the secure storage and transfer of sensitive data. Without it, backup files are vulnerable to breaches. Additionally, 28% of respondents reported experiencing backup system failures, which can significantly impede recovery efforts and prolong downtime following an attack.

Backup data, once considered the last line of defense against ransomware, has become a primary target for attackers. Cybercriminals now focus on corrupting or deleting backup files, rendering traditional approaches ineffective. This underscores the necessity of adopting advanced solutions capable of withstanding such tampering.

Immutable storage has emerged as a powerful defense against ransomware. This technology ensures that once data is stored, it cannot be altered or deleted. The report revealed that 93% of IT professionals consider immutable storage critical for ransomware protection. Furthermore, 97% of organizations are planning to incorporate immutable storage into their cybersecurity strategies.

Immutable systems align with the Zero Trust security model, which operates on the principle that no user or system is inherently trustworthy. This approach minimizes the risk of unauthorized access or data manipulation by continuously validating access requests and limiting permissions.

Challenges in Adopting Modern Solutions

Despite their effectiveness, implementing advanced backup systems is not without challenges. Approximately 41% of IT professionals acknowledged a lack of the necessary skills to manage complex backup technologies. Budget constraints also pose a significant hurdle, with 69% of respondents admitting they cannot afford to hire additional security experts.

The growing threat of ransomware demands immediate action. Businesses must prioritize upgrading their backup systems and investing in immutable storage solutions. At the same time, addressing skill shortages and overcoming financial barriers are crucial to ensuring robust, comprehensive protection against future attacks.

Read more »
User Tracking
Data DEA FBI FTC Location Privacy surveillance User Tracking

FTC Stops Data Brokers from Unlawful User Location Tracking

FTC Stops Data Brokers from Unlawful User Location Tracking


Data Brokers Accused of Illegal User Tracking

The US Federal Trade Commission (FTC) has filed actions against two US-based data brokers for allegedly engaging in illegal tracking of users' location data. The data was reportedly used to trace individuals in sensitive locations such as hospitals, churches, military bases, and other protected areas. It was then sold for purposes including advertising, political campaigns, immigration enforcement, and government use.

Mobilewalla's Allegations

The Georgia-based data broker, Mobilewalla, has been accused of tracking residents of domestic abuse shelters and protestors during the George Floyd demonstrations in 2020. According to the FTC, Mobilewalla allegedly attempted to identify protestors’ racial identities by tracing their smartphones. The company’s actions raise serious privacy and ethical concerns.

Gravy Analytics and Venntel's Accusations

The FTC also suspects Gravy Analytics and its subsidiary Venntel of misusing customer location data without consent. Reports indicate they used this data to “unfairly infer health decisions and religious beliefs,” as highlighted by TechCrunch. These actions have drawn criticism for their potential to exploit sensitive personal information.

Unlawful Data Collection Practices

The FTC revealed that Gravy Analytics collected over 17 billion location signals from more than 1 billion smartphones daily. The data was allegedly sold to federal law enforcement agencies such as the Drug Enforcement Agency (DEA), the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI).

Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, stated, “Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk. This is the FTC’s fourth action this year challenging the sale of sensitive location data, and it’s past time for the industry to get serious about protecting Americans’ privacy.”

FTC's Settlements

As part of two settlements announced by the FTC, Mobilewalla and Gravy Analytics will cease collecting sensitive location data from customers. They are also required to delete the historical data they have amassed about millions of Americans over time.

The settlements mandate that the companies establish a sensitive location data program to identify and restrict tracking and disclosing customer information from specific locations. These protected areas include religious organizations, medical facilities, schools, and other sensitive sites.

Additionally, the FTC’s order requires the companies to maintain a supplier assessment program to ensure consumers have provided consent for the collection and use of data that reveals their precise location or mobile device information.

Read more »
Vladimir Putin mansions
bodyguard data leak Cyber Security Data heatmap data location tracking sensitive location exposure Strava app privacy Vladimir Putin mansions

Strava's Privacy Flaws: Exposing Sensitive Locations of Leaders and Users Alike

 



Strava, a popular app for runners and cyclists, is once again in the spotlight due to privacy concerns. Known for its extensive mapping tools, Strava’s heatmap feature can inadvertently expose sensitive locations, as recently highlighted by a report from French newspaper Le Monde. The report claims Strava data revealed the whereabouts of high-profile individuals, including world leaders, through activity tracking by their bodyguards.

Unlike a vague location like “the White House” or “Washington, D.C.,” Le Monde discovered Strava's data might pinpoint undisclosed meeting places and hotels used by these leaders. In one example, activity by Vladimir Putin’s bodyguards near properties he allegedly owns could reveal his movements. Additionally, the location history of bodyguards connected to Melania Trump, Jill Biden, and secret service agents from two recent assassination attempts on Donald Trump was reportedly exposed.

Strava's global heatmap, built from user-contributed data, tracks common running and cycling paths worldwide. Premium users can view detailed street-level data, showing where routes are popular, even in rural or isolated areas. If used carefully, the heatmap and location-based features like Segments are mostly safe. However, in low-traffic areas, routes can reveal too much.

Determining someone’s identity from Strava data isn’t difficult. By analyzing heatmaps and repeated routes, investigators—or even stalkers—can identify users and match their profiles to real-world identities. If an account continually shows up in a particular area where a leader is known to be, patterns can be drawn.

Despite privacy concerns, Strava remains popular because of its social features. Users enjoy sharing achievements and compete on Segments—specific road or trail sections where the fastest earn titles like CR (Course Record) or KOM/QOM (King or Queen of the Mountain).

For those concerned about privacy, Strava offers several settings to limit data exposure. In Privacy Controls, users can opt out of adding data to heatmaps, restrict their profile to followers, and hide activity start and end points.
Read more »
Yutaka Sejiyama
Cyber Security Data Japanese security researcher Safety Sonic Wall Yutaka Sejiyama

Ransomware Groups Exploiting SonicWall VPN Vulnerability for Network Breaches

 

Ransomware operators Akira and Fog are increasingly gaining unauthorized access to corporate networks by exploiting SonicWall VPN vulnerabilities. The attackers are believed to be targeting CVE-2024-40766, a critical flaw in SonicWall's SSL VPN access control, to breach networks and deploy ransomware.

SonicWall addressed this vulnerability in August 2024. However, within a week, reports indicated that it was already being actively exploited. According to Arctic Wolf security researchers, Akira ransomware affiliates have been observed using this flaw to establish an initial foothold in victim networks. In their latest findings, Arctic Wolf disclosed that at least 30 network intrusions involving Akira and Fog ransomware began with unauthorized VPN access through SonicWall accounts.

Of the incidents reported, Akira affiliates accounted for 75% of breaches, with the remainder linked to Fog ransomware. Notably, the two groups appear to use shared infrastructure, suggesting ongoing collaboration, a trend previously noted by cybersecurity firm Sophos.

Although researchers can't confirm the vulnerability was exploited in every case, all breached systems were running unpatched versions susceptible to the flaw. In most attacks, ransomware encryption followed initial access within about ten hours, with some cases taking as little as 1.5 to 2 hours. The attackers often connected through VPNs or VPSs to mask their IP addresses.

Arctic Wolf highlights that many targeted organizations had unpatched endpoints, lacked multi-factor authentication for their VPN accounts, and were running services on default port 4433. In cases where firewall logs were available, events indicating remote user logins (message IDs 238 or 1080) were observed, followed by SSL VPN logins and IP assignments.

The ransomware groups moved swiftly, targeting virtual machines and backups for encryption. Stolen data mainly included documents and proprietary software, though files older than six months were often disregarded, with more sensitive files retained up to 30 months.

Fog ransomware, active since May 2024, typically uses compromised VPN credentials for initial network access. Meanwhile, the more established Akira ransomware has recently faced some downtime with its Tor site, though access has been gradually restored.

Japanese security researcher Yutaka Sejiyama reports approximately 168,000 SonicWall endpoints remain vulnerable to CVE-2024-40766. Sejiyama also suggested that the Black Basta ransomware group might be exploiting this flaw in recent attacks.
Read more »
Unauthorized
Breach Casio Cyber Attacks Cyberattack Cybersecurity Data Disruption losses restructuring services Unauthorized

Casio Hit by Cyberattack Causing Service Disruption Amid Financial Challenges

 

Japanese tech giant Casio recently experienced a cyberattack on October 5, when an unauthorized individual accessed its internal networks, leading to disruptions in some of its services.

The breach was confirmed by Casio Computer, the parent company behind the iconic Casio brand, recognized for its watches, calculators, musical instruments, cameras, and other electronic products.

"Casio Computer Co., Ltd. has confirmed that on October 5, its network was accessed by an unauthorized third party," the company revealed in a statement today. Following an internal review, the company discovered the unauthorized access led to system disruptions, which have caused some services to be temporarily unavailable. Casio mentioned it cannot provide further details at this stage, as investigations are still ongoing. The company is working closely with external specialists to assess whether personal data or confidential information was compromised during the attack.

Although the breach has disrupted services, Casio has yet to specify which services have been impacted.

The company reported the cyber incident to the relevant data protection authorities and quickly implemented measures to prevent further unauthorized access. BleepingComputer reached out to Casio for more information, but a response has not yet been provided.

So far, no ransomware group has claimed responsibility for the attack on Casio.

This attack comes nearly a year after a previous data breach involving Casio's ClassPad education platform, which exposed customer data from 149 countries, including names, email addresses, and other personal information.

The recent cyberattack adds to the company's challenges, as Casio recently informed shareholders of an expected $50 million financial loss due to significant personnel restructuring.
Read more »
Ransomware
American Water Works Cyber Attacks Data HMI IT system Ransomware

American Water Works faces Cyberattack





American Water Works, the country's largest provider of water services to 14 states, recently reported that it was cyber attacked on its information technology system. The current report has indicated that operational technology systems that control delivery of water within the company are not affected. As reported by Bloomberg, the company disclosed to shareholders in a filing with the U.S. Securities and Exchange Commission which forced the company to temporarily suspend billing and limit customer support.

On its website, the American Water Works explained its statement in announcing that certain systems were turned off in an attempt to prevent more damages on its customers' information. Its MyWater online service has been temporarily halted, thus stopping billing processes until the systems can be brought back online. The company assured that water quality is not affected and safe for drinking. Whether the customers' information was accessed remains a determination to be made.

Response to the Incident

The company cannot yet fully assess the impact of the incident but confirms that its water and wastewater operations are unaffected. American Water Works first detected unauthorised activity in its networks on October 3. Upon discovery, the company activated its cybersecurity response protocols and sought the assistance of third-party cybersecurity specialists to help contain and investigate the incident. Law enforcement was notified promptly and are actively involved in ongoing inquiries.

The company's IT teams are scrambling to protect data by isolating some systems that might prevent any possible damage. The exact nature of the attack is still unknown, but such cases of ransomware attacks scare cybersecurity experts, who have noted recent instances in which hackers carried out ransomware attacks. The separation of the IT network from the OT networks by the company, a critical step in cybersecurity for critical infrastructures, may have allowed it to contain the spread of the attack that did not penetrate the core operations.


Cyber Threats Against Water Utilities

The incident is part of a worrying trend of cyberattacks on water utilities. Just two weeks back, a Kansas water utility fell under similar attacks, reviving the renewed debate on protection of critical services. According to a report by Cyble, a cybersecurity firm, groups such as Russia-linked People's Cyber Army are increasingly threatening the water sector through cyber attacks. The report has identified significant vulnerabilities and pointed out that many US water utilities are using outdated systems and those lacking in their cybersecurity practices.

Notably, a similar alarm is sounded by the latest GAO report against the Environmental Protection Agency, which presses for better cybersecurity requirements in water utility providers. A review of the water utilities through inspections reported that almost 70% of them don't comply with basic cybersecurity guidelines, which puts it at the risk of a potential disruption in its operations or even contamination. Cyble's research calls out for contemporary security measures such as network segmentation and strengthening of controls over control systems, among others.


Experts recommend network segmentation for water utilities to separate IT from OT systems; also HMIs that can lock down their monitoring systems. As more and more water utilities bring their systems onto the internet, the chance of cyber threats increases continually. Even as American Water Works works through its recent cyber incident, pressure is growing throughout the industry to harden its defences and protect critical infrastructure in a manner that ultimately protects public health.

Recently, the American Water Works was attacked via a cyber attack that portrays a need for stronger cybersecurity practices in the water industry. As attacks increase in terms of frequency and complexity, companies must implement strong security measures to protect the essentials and assure the public regarding the safety of delivering water.


Read more »
Security
Cyber Attacks Data Data Safety data security perso Safety Security

Cyberattack on Maui's Community Clinic Affects 123,000 Individuals in May

 

The Community Clinic of Maui, also known as Mālama, recently notified over 123,000 individuals that their personal data had been compromised during a cyberattack in May. Hackers gained access to sensitive information between May 4 and May 7, including Social Security numbers, passport details, financial account information (such as CVV codes and expiration dates), and extensive medical records.

In addition to this, hackers obtained routing numbers, bank names, financial account details, and some biometric data. A total of 123,882 people were affected by the breach, which resulted in the clinic taking its servers offline.

Local reports suggested the incident was a ransomware attack, sparking public frustration as Mālama was forced to close for nearly two weeks. Upon reopening at the end of May, the clinic operated with limited services, and nurses had to rely on paper charts due to system-wide computer outages.

Following the attack, Mālama worked with law enforcement and cybersecurity experts to investigate the breach, with the findings confirmed on August 7. 

In a statement on its website, the clinic offered complimentary credit monitoring to those whose Social Security numbers may have been exposed, although a regulatory filing in Maine indicated that identity theft protection services were not provided. The organization has not responded to requests for clarification, and a law firm is reportedly exploring potential lawsuits against Mālama related to the breach.

The ransomware group LockBit, which was taken down by law enforcement earlier this year, claimed responsibility for the attack in June. On Tuesday, Europol and other agencies announced a coordinated effort to target the gang, resulting in four arrests and the seizure of servers critical to LockBit's operations in France, the U.K., and Spain.

In 2024, healthcare providers across the U.S. have been increasingly targeted by cyberattacks, disrupting services and threatening public safety. Notably, McLaren Health Care and Ascension, two major health systems, have faced severe ransomware incidents, and last week, one of the region's only Level 1 trauma centers had to turn away ambulances following a cyberattack.

Read more »
X
AI Algorithm Chatbot copyright Data FTC Grok Linkedin personalization Privacy Snapchat Social Media Technology training user content X

Social Media Content Fueling AI: How Platforms Are Using Your Data for Training

 

OpenAI has admitted that developing ChatGPT would not have been feasible without the use of copyrighted content to train its algorithms. It is widely known that artificial intelligence (AI) systems heavily rely on social media content for their development. In fact, AI has become an essential tool for many social media platforms.

For instance, LinkedIn is now using its users’ resumes to fine-tune its AI models, while Snapchat has indicated that if users engage with certain AI features, their content might appear in advertisements. Despite this, many users remain unaware that their social media posts and photos are being used to train AI systems.

Social Media: A Prime Resource for AI Training

AI companies aim to make their models as natural and conversational as possible, with social media serving as an ideal training ground. The content generated by users on these platforms offers an extensive and varied source of human interaction. Social media posts reflect everyday speech and provide up-to-date information on global events, which is vital for producing reliable AI systems.

However, it's important to recognize that AI companies are utilizing user-generated content for free. Your vacation pictures, birthday selfies, and personal posts are being exploited for profit. While users can opt out of certain services, the process varies across platforms, and there is no assurance that your content will be fully protected, as third parties may still have access to it.

How Social Platforms Are Using Your Data

Recently, the United States Federal Trade Commission (FTC) revealed that social media platforms are not effectively regulating how they use user data. Major platforms have been found to use personal data for AI training purposes without proper oversight.

For example, LinkedIn has stated that user content can be utilized by the platform or its partners, though they aim to redact or remove personal details from AI training data sets. Users can opt out by navigating to their "Settings and Privacy" under the "Data Privacy" section. However, opting out won’t affect data already collected.

Similarly, the platform formerly known as Twitter, now X, has been using user posts to train its chatbot, Grok. Elon Musk’s social media company has confirmed that its AI startup, xAI, leverages content from X users and their interactions with Grok to enhance the chatbot’s ability to deliver “accurate, relevant, and engaging” responses. The goal is to give the bot a more human-like sense of humor and wit.

To opt out of this, users need to visit the "Data Sharing and Personalization" tab in the "Privacy and Safety" settings. Under the “Grok” section, they can uncheck the box that permits the platform to use their data for AI purposes.

Regardless of the platform, users need to stay vigilant about how their online content may be repurposed by AI companies for training. Always review your privacy settings to ensure you’re informed and protected from unintended data usage by AI technologies
Read more »
Security
Cybersecurity Data Data Breach Data Safety data security Safety Security

Fortinet Confirms Data Breach Involving Limited Number of Customers, Linked to Hacker "Fortibitch"

 

Fortinet has disclosed a data breach impacting a "small number" of its clients after a hacker, using the alias "Fortibitch," leaked 440GB of customer information on BreachForums. The hacker claimed to have accessed the data from an Azure SharePoint site, following the company's refusal to meet a ransom demand. This incident emphasizes the need for companies to secure data stored in third-party cloud services, cybersecurity experts have noted.

In a statement released on September 12, Fortinet reported that the breach involved unauthorized access to files stored on its cloud-based shared file drive. The company did not confirm the exact source of the breach but reassured that the affected data represented less than 0.3% of its over 775,000 customers—approximately 2,300 organizations. Fortinet also stated that no malicious activity had been detected around the compromised data, and no ransomware or data encryption was involved. The company has since implemented protective measures and directly communicated with impacted customers.

Dark Reading noted that the hacker also leaked financial and marketing documents, product information, HR data from India, and some employee records. After unsuccessful attempts to extort the company, the hacker released the data. There was also a mention of Fortinet’s acquisitions of Lacework and NextDLP, as well as references to a Ukrainian threat group, though no direct connections were identified.

This breach highlights the growing risk of cloud data exposure. A recent analysis by Metomic revealed that more than 40% of sensitive files on Google Drive were vulnerable, with many shared publicly or with external email addresses. Experts stress the importance of using multifactor authentication (MFA), limiting employee access, and regularly monitoring cloud environments to detect and mitigate potential security lapses. They also recommend encrypting sensitive data both in transit and at rest, and enforcing zero-trust principles to reduce the risk of unauthorized access.
Read more »
Ransomware
Cyber Security Data Data Leak data security Ransomware

Planned Parenthood Cyberattack: How Bad Actors Are Targeting Medical Institutions

Planned Parenthood Cyberattack: How Bad Actors Are Targeting Medical Institutions

The healthcare sector has become an increasingly attractive target for cybercriminals. The latest victim in this alarming trend is Planned Parenthood of Montana, which recently fell prey to a ransomware attack by a group known as RansomHub. This incident not only underscores the vulnerabilities within healthcare organizations but also highlights the broader implications of such breaches on public health and safety.

About the Attack

On September 1, 2024, Planned Parenthood of Montana announced that it had been targeted by a ransomware attack. The hackers, identified as the RansomHub group, claimed to have stolen approximately 93GB of sensitive data. They are now threatening to release this data unless a ransom is paid by September 11. The stolen data reportedly includes patient records, financial information, and internal communications, making this breach particularly concerning.

The Bigger Picture

The timing of this attack is especially significant. It comes at a moment when abortion rights advocates in Montana have successfully gathered enough signatures to put the issue on the ballot in November. This has raised suspicions that the attack may have political motivations, aiming to influence public opinion and voter behavior. Regardless of the hackers’ intentions, the breach has created a climate of fear and uncertainty among patients and staff alike.

What is the damage?

The immediate impact of the breach is multifaceted. For patients, the exposure of sensitive medical information can lead to severe emotional distress and potential discrimination. For the organization, the financial and reputational damage can be devastating. Planned Parenthood of Montana now faces the daunting task of securing its systems, notifying affected individuals, and potentially paying a hefty ransom to prevent the release of the stolen data.

How Can Organizations Stay Safe?

1. Invest in Advanced Security Technologies

Healthcare organizations must invest in cutting-edge security technologies such as artificial intelligence (AI) and machine learning (ML) to detect and respond to threats in real-time. These technologies can analyze vast amounts of data to identify unusual patterns and potential security breaches before they cause significant damage.

2. Implement Multi-Factor Authentication (MFA)

Multi-factor authentication adds an extra layer of security by requiring users to provide two or more verification factors to gain access to systems and data. This can significantly reduce the risk of unauthorized access, even if login credentials are compromised.

3. Data Encryption

Encrypting sensitive data ensures that even if it is stolen, it cannot be easily read or used by unauthorized individuals. Healthcare organizations should implement encryption protocols for data both at rest and in transit to protect patient information.

Read more »
RansomHub
cyber attack Data Halliburton organisations RansomHub

Halliburton Hit by Cyberattack, Data Stolen


 

Halliburton, one of the world’s largest energy companies, has confirmed that it was the victim of a cyberattack. Hackers infiltrated the company’s systems and stole sensitive information. The attack occurred last week, and Halliburton is still determining the extent of the data that was taken.

In a recent filing with government regulators, Halliburton acknowledged the breach but has yet to disclose the full details of what was stolen. The company is currently investigating the incident and deciding what legal notifications are required. In response to the attack, Halliburton took certain systems offline as a precaution and is working to restore normal operations, especially for its oil and fracking businesses. 

When approached for additional comments, company spokesperson Amina Rivera declined to elaborate further, stating that Halliburton would not provide more information beyond what was mentioned in its official filing.

Although Halliburton has not officially confirmed it, there are signs that the cyberattack may have been part of a ransomware campaign. TechCrunch obtained a ransom note related to the incident, which claims that hackers encrypted Halliburton’s files and stole sensitive data. A group known as RansomHub is believed to be behind the attack. This gang is notorious for carrying out similar cyberattacks, using stolen data as leverage to demand ransom payments. 

RansomHub typically publishes stolen files on its dark web platform when victims refuse to pay. So far, Halliburton has not been listed as one of RansomHub’s victims, but this could change if negotiations fail. RansomHub has been responsible for over 210 attacks since its rise to prominence earlier this year, and it has targeted other large organisations, including Change Healthcare.

Halliburton, with around 48,000 employees spread across various countries, is a major player in the global energy industry. In the past, the company gained notoriety due to its role in the Deepwater Horizon oil spill disaster in 2010, for which it paid over $1 billion in fines.

The recent cyberattack is expected to have financial repercussions for the company, though the exact costs are yet to be determined. In 2023, Halliburton reported $23 billion in revenue, with CEO Jeff Miller earning $19 million in total compensation. Halliburton has noted that it will continue to bear costs related to the cyberattack as they work on restoring systems and resolving the situation.

As the investigation unfolds, much of Halliburton’s online services remain down, and the company is assessing the full impact of the breach. Halliburton has been tight-lipped about its cybersecurity efforts, declining to provide information on who is currently overseeing their response.

This attack is a reminder of how large corporations remain vulnerable to cyber threats. Halliburton's situation underscores the importance of investing in strong cybersecurity measures to safeguard sensitive data and avoid disruptions in critical operations. The company will likely provide more updates as it works to recover from this breach.


Read more »
Protonmail
AI Assistant AI tools Data Emails Languages Privacy Protonmail

Emailing in Different Languages Just Got Easier— This AI Will Amaze You


 


Proton, a company known for its commitment to privacy, has announced a paradigm altering update to its AI-powered email assistant, Proton Scribe. The tool, which helps users draft and proofread emails, is now available in eight additional languages: French, German, Spanish, Italian, Portuguese, Russian, Chinese, and Japanese. This expansion enables users to write emails in languages they may not be proficient in, ensuring that their communications remain accurate and secure. Proton Scribe is particularly designed for those who prioritise privacy, offering a solution that keeps their sensitive information confidential.

What sets Proton Scribe apart from other AI services is its focus on privacy. Unlike many AI tools that process data on external servers, Proton Scribe can operate locally on a user’s device. This means that the data never leaves the user's control, offering an added layer of security. For users who prefer not to run the service locally, Proton provides a no-logs server option, which also ensures that no data is stored or shared. Moreover, users have the flexibility to disable Proton Scribe entirely if they choose. This approach aligns with Proton’s broader mission of enabling productivity without compromising privacy.

The introduction of these new languages follows overwhelming demand from Proton’s user base. Initially launched for business users, Proton Scribe quickly gained traction among consumers seeking a private alternative to conventional AI tools. By integrating Proton Scribe directly into Proton Mail, users can now manage their email communications securely without needing to rely on third-party services. Proton has also expanded access to Scribe, making it available to subscribers of the Proton Family and Proton Duo plans, in addition to Proton Mail Business users who can add it on as a feature.

Proton’s commitment to privacy is further emphasised by its use of zero-access encryption. This technology ensures that Proton itself has no access to the data users input into Proton Scribe. Unlike other AI tools that might be trained using data from user interactions, Proton Scribe operates independently of user data. This means that no information typed into the assistant is retained or shared with third parties, providing users with peace of mind when managing sensitive communications.

Eamonn Maguire, head of machine learning at Proton, underlined the company's dedication to privacy-first solutions, stating that the demand for a secure AI tool was a driving force behind the expansion of Proton Scribe. He emphasised that Proton’s goal is to provide tools that enable users to maintain both productivity and privacy. With the expansion of Proton Scribe’s language capabilities and its availability across more subscription plans, Proton is making it easier for a broader audience to access secure AI tools directly within their inboxes.

Proton continues to set itself apart in the crowded field of AI-driven services by prioritising user privacy at every step. For those interested in learning more about Proton Scribe and its features, Proton has provided additional details in their official blog announcement.


Read more »
US semiconductor manufacturer
Breach Data Microchip Technology attack Play ransomware ransomware cyberattack US semiconductor manufacturer

Play Ransomware Claims Attack on US Semiconductor Manufacturer Microchip Technology

 

The Play ransomware group has claimed responsibility for last week's cyberattack on the American semiconductor company Microchip Technology. On Tuesday, the group added Microchip Technology to its data leak site, as noted by multiple cybersecurity researchers. Play is notorious for its use of custom tools and double-extortion tactics, which involve both encrypting victims' files and threatening to release stolen data.

Microchip Technology reported last week that intruders had disrupted "certain servers and some business operations." Upon discovering the breach, the company took immediate steps to isolate the affected systems, shut down some services, and initiate an investigation.

Microchip Technology has not commented on the Play gang's involvement in the attack. The company produces products such as microcontrollers, embedded security devices, and radio frequency devices, which it supplies to sectors including automotive, industrial, aerospace, and defense. In 2024, its sales reached $7.6 billion.

The Play group typically gives its victims 72 hours to pay a ransom before making stolen data public. However, Kevin O’Connor, a researcher at U.S.-based cybersecurity firm Adlumin, noted that in this case, the timeline was extended, with Play claiming responsibility a week after Microchip Technology reported the incident to the SEC (Securities and Exchange Commission). O'Connor added that while it's not uncommon for ransomware groups to delay data release, it often indicates ongoing negotiations.

Adlumin's research suggests that the Play ransomware operation has significantly expanded over the past year, likely due to its shift to an affiliate model, complicating the attribution of attacks. O'Connor also mentioned that it's still unclear whether the core group or its affiliates were behind the attack on Microchip Technology.

Play ransomware was first identified in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) has reported that the group typically encrypts systems after data exfiltration, impacting various businesses and critical infrastructure organizations across North America, South America, Europe, and Australia. According to Trend Micro's research published in July, the majority of Play's attacks this year have been concentrated in the United States.
Read more »
Technology
Bitcoin Data Decentralization Nostr Technology

Bitcoin and Nostr: What Lies Beyond Decentralization and Freedom

Bitcoin and Nostr: What Lies Beyond Decentralization and Freedom

In today's digital expanse, in some countries governments and corporations wield immense power, two remarkable projects—Bitcoin and Nostr—have emerged as champions of decentralization. Their stories are quite similiar, revealing their struggle for financial autonomy, censorship resistance, and individual empowerment.

Bitcoin: The Genesis of Digital Gold

The Mysterious Creator

In 2009, an enigmatic figure known as Satoshi Nakamoto introduced Bitcoin to the world. Nakamoto's true identity remains shrouded in mystery, but their creation sparked a revolution. Bitcoin wasn't just a currency; it was a paradigm shift—a departure from centralized financial systems.

The Decentralized Ledger

At its core, Bitcoin operates on a decentralized ledger called the blockchain. Imagine a vast, incorruptible book where every transaction is recorded. Miners—individuals who dedicate computational power—verify these transactions, ensuring transparency and security. No central authority governs Bitcoin; it thrives on collective trust.

Digital Gold and Pseudonymity

Bitcoin's scarcity—capped at 21 million coins—gives it a unique allure. Investors liken it to digital gold, a store of value immune to inflation. Yet, unlike gold, Bitcoin transactions occur in the digital realm. Users remain pseudonymous, their identities veiled behind cryptographic addresses.

Nostr: A Community's Rebellion

The Rise of Nostr

Enter Nostr, a lesser-known but equally significant tech. Nostr's story diverges from Bitcoin's, emphasizing community governance and censorship resistance.

Community-Driven Governance

Nostr's strength lies in its community. Decisions—upgrades, proposals, and network changes—are made collectively. No central authority dictates terms; instead, users shape the network's destiny. Transparency prevails, and the community guards against undue influence.

Censorship Resistance

Nostr's architecture is a fortress against censorship. Content creators, developers, and users participate without fear of suppression. In a world where platforms silence dissenting voices, Nostr stands firm—a bastion of free expression.

Proof of Reputation (PoR)

While Bitcoin relies on proof-of-work (PoW) and proof-of-stake (PoS), Nostr pioneers a different path: Proof of Reputation (PoR). Reputation is earned through contributions, expertise, and positive interactions. It's a nod to meritocracy, where influence aligns with genuine value.

Why They Matter

1. Evading State Repression

In regions where there is censorship on data, Bitcoin and Nostr offer escape routes. Citizens preserve wealth and communicate freely, shielded from state interference. Nostr's community-driven model ensures that no single entity can silence dissent.

2. Financial Inclusion

Both projects empower the unbanked. Bitcoin's global accessibility and Nostr's community-driven ethos allow participation in the global economy. No longer bound by traditional banking, individuals find newfound freedom.

3. Hedging Against Fiat Devaluation

As governments print money, inflation erodes fiat currency value. Bitcoin's scarcity and Nostr's stability provide a hedge. They're shields against economic uncertainty.

4. Technological Pioneering

Bitcoin's Lightning Network accelerates transactions, while Nostr experiments with consensus mechanisms. Both drive technological progress, shaping the future of finance.

Bitcoin and Nostr- although they can be different yet intertwined—remind us that decentralization isn't a mere buzzword. It's a way forward, heading the way toward financial sovereignty and individual empowerment.

Read more »
Vulnerabilities and Exploits
Data Flaws Patch Safety Security flaw Vulnerabilities and Exploits

CISA Issues Warning on Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Released

 

The Cybersecurity and Infrastructure Security Agency (CISA) has released a security advisory highlighting several critical vulnerabilities discovered in Vonets WiFi Bridge devices. These vulnerabilities present significant risks, including the potential for attackers to execute arbitrary code, access sensitive data, or disrupt device operations.

This poses a serious threat to the security of industrial and commercial networks that depend on these devices. Despite the gravity of these issues, Vonets has not responded to CISA’s outreach for collaboration on mitigation efforts, leaving users at risk.

Key Vulnerabilities and Their Impacts:

The vulnerabilities identified in the Vonets devices vary in severity and include:

  • CVE-2024-41161 (CVSSv4 8.7): This flaw involves the use of hard-coded credentials, allowing unauthorized users to bypass authentication and gain full device access using pre-set administrator credentials that cannot be disabled. This makes it a particularly dangerous vulnerability.
  • CVE-2024-29082 (CVSSv4 8.8): An issue with improper access control permits attackers to bypass authentication and perform a factory reset on the device through unprotected endpoints, leading to potential service disruptions and loss of configuration data.
  • CVE-2024-41936 (CVSSv4 8.7): A directory traversal vulnerability that enables attackers to read arbitrary files on the device, bypassing authentication and exposing sensitive information.
  • CVE-2024-37023 (CVSSv4 9.4): OS command injection vulnerabilities allow authenticated attackers to execute arbitrary operating system commands on the device, potentially giving them control over its operation.
  • CVE-2024-39815 (CVSSv4 8.7): A flaw in the handling of exceptional conditions could lead to a denial-of-service (DoS) scenario when attackers send specially crafted HTTP requests to the device.
  • CVE-2024-39791 (CVSSv4 10): The most severe vulnerability, a stack-based buffer overflow, allows remote attackers to execute arbitrary code, potentially gaining full control of the device without needing authentication.
  • CVE-2024-42001 (CVSSv4 6.1): An issue with improper authentication enables attackers to bypass authentication by sending specially crafted requests during an active user session.

CISA’s Recommendations

In light of Vonets' lack of response, CISA has issued several recommendations to help organizations mitigate the risks associated with these vulnerabilities:

  • Minimize Network Exposure: Ensure that control system devices and networks are not directly accessible from the internet to reduce the risk of unauthorized access.
  • Isolate Control Systems: Position control system networks and remote devices behind firewalls and separate them from business networks to prevent cross-network attacks.
  • Secure Remote Access: When remote access is necessary, use secure methods like Virtual Private Networks (VPNs). However, it's crucial to keep VPNs updated and ensure the security of connected devices.
CISA stresses the importance of conducting thorough impact analysis and risk assessments before implementing any defensive measures to avoid unintended operational disruptions.

While no public exploitation of these vulnerabilities has been reported yet, the critical nature of these issues demands immediate attention. Organizations and individuals must act swiftly to safeguard their networks and reduce the risk of potential attacks
Read more »
User Security
Data Data Breach Safety Security User Data User Privacy User Safety User Security

Massive Data Leak Exposes Sensitive Information for Millions

 


A significant data breach has compromised the personal information of millions of individuals across the United States, United Kingdom, and Canada. The leaked data, obtained from a company called National Public Data, includes highly sensitive information such as names, mailing addresses, and social security numbers.

The leaked database, consisting of nearly 2.7 billion records, was reportedly offered for sale on the dark web. While the exact scope of the breach is still being investigated, numerous individuals have confirmed the presence of their personal data within the leaked files.

The exposed information poses a serious risk of identity theft and other malicious activities. Scammers may use this data to target individuals with phishing attempts or fraudulent transactions.

To protect yourself:

1. Be wary of suspicious emails: Avoid clicking on links or opening attachments in unsolicited emails, even if they appear to be from legitimate sources.
2. Verify the sender: Double-check the sender's email address to ensure it is authentic.
3. Use strong, unique passwords: Create complex passwords for all your online accounts and avoid reusing them across different platforms.
4. Monitor your accounts: Regularly check your bank statements, credit reports, and online accounts for any unauthorized activity.

If you believe your personal information may have been compromised in this data breach, it is recommended to take steps to protect your identity and report the incident to the appropriate authorities.

Read more »
User Privacy
Data Data Breach data security Safety Security Third Party Data User Data User Privacy

National Public Data Hacked: Personal Information of Millions at Risk

 


National Public Data, a company specializing in background checks and fraud prevention, has experienced a significant data breach. The data collected by the company has reportedly fallen into the hands of a hacking group known as "USDoD," which began selling access to the stolen information in April. The stolen data is said to include details of users from the US, UK, and Canada.

The company is now facing a class-action lawsuit, as reported by Bloomberg Law. The lawsuit was filed by Christopher Hoffman, a resident of California, after his identity protection service alerted him that his personal data had been compromised in the breach.

The scope of the data leak could be one of the largest ever recorded, though the full extent is still unconfirmed. National Public Data has not yet responded to requests for comment. However, in June, malware repository VX Underground reviewed the stolen data, which was initially on sale for $3.5 million.

VX Underground confirmed the authenticity of the massive 277.1GB uncompressed file, noting that the data included real and accurate information. They verified several individuals' details, who consented to the search of their information. According to VX Underground, the stolen data encompasses Social Security numbers, full names, and user address history spanning over three decades. It appears that the personal information of users who opted out of data collection was not included. USDoD acted as a broker for the sale, while a mysterious individual known as "SXUL" was behind the breach.

Although USDoD intended to sell the data to private buyers, it has reportedly been circulating freely on a popular hacker forum, posing a significant risk of identity theft. The archive is said to include dates of birth and phone numbers, though users who have downloaded the 277GB file report numerous duplicates. Some entries pertain to the same individual at different addresses, and others cover deceased persons. As a result, the actual number of affected individuals is estimated to be closer to 225 million, rather than the initially believed 2.9 billion.

National Public Data had previously advertised its People Finder tool, claiming access to over 2.2 billion merged records covering the entire adult population of the USA and its territories. In response to the breach, some identity protection services have already begun analyzing the stolen data and notifying affected consumers whose Social Security numbers were found in the archive. Hoffman's class-action lawsuit demands that National Public Data pay damages and implement several IT security changes, including the deletion of stored data on US users unless a reasonable justification is provided.
Read more »
Security
CISO Cyber Security Data Private Equity Safety Security

The CISO: A Cornerstone of Private Equity Success

 


In the dynamic landscape of private equity, the Chief Information Security Officer (CISO) has emerged as a critical player. Beyond safeguarding digital assets, the CISO is instrumental in driving business growth and ensuring regulatory compliance.

The CISO's role extends far beyond technical expertise. They are strategic architects, designing security frameworks aligned with business objectives. Proactive risk identification and mitigation are paramount, requiring a deep understanding of the evolving threat landscape. Effective communication of security posture to leadership is essential for securing buy-in and support.

  • Operational Excellence and Incident Response
Day-to-day security operations, from policy enforcement to incident management, fall under the CISO's purview. Building a resilient organization capable of weathering cyberattacks involves meticulous planning, employee training, and a robust security operations center (SOC).
  • Governance, Compliance, and Culture
Navigating a complex regulatory environment is a core competency for CISOs. Ensuring adherence to standards like GDPR and CCPA while fostering a security-conscious culture is vital. Effective third-party risk management and transparent reporting to stakeholders are essential for maintaining trust.
  • Overcoming Challenges
Balancing security with business agility, scaling defenses with company growth, and managing the impact of security changes are ongoing challenges. CISOs must be adept at finding innovative solutions to these complex issues.
  • Security Teams in a Portfolio Context
Private equity firms often manage diverse portfolios with varying risk profiles. Centralized oversight, shared resources, and a risk-based approach are essential for effective security management across the portfolio.

By operating as strategic partners, CISOs can significantly contribute to the long-term success of private equity firms and their portfolio companies.
Read more »
Vulnerabilities and Exploits
artificial intelligence (AI) and machine learning (ML) Cloud Security Cloud technology Data Security Vulnerabilities and Exploits

Cloud Security Challenges Extend Beyond Technology


 

As cloud technologies become integral to business operations, organisations face not only opportunities but also pertaining challenges. The widespread use of cloud services has created a complex environment involving multiple providers and regions, each with its own regulations and standards. This complexity has led to various security issues, including fragmented environments, access control challenges, API vulnerabilities, interoperability issues, and difficult monitoring practices. These challenges can result in gaps in security and inconsistencies in data protection, which have caused numerous IT security incidents over the years.

Case Study: Multi-Cloud and Hybrid Cloud Strategies

In observed situations, transitioning to cloud environments can reveal these vulnerabilities. One such case involved a multinational financial services company that adopted multi-cloud and hybrid cloud strategies. They used a public cloud for advanced risk modelling and a private on-premises cloud for storing sensitive financial data to meet regulatory requirements. However, this approach led to inconsistent security measures due to the differing technologies and security services in use. During an audit, we discovered that sensitive financial data had been exposed because of access control misconfigurations on the public cloud.

Several factors contributed to the breach. The diverse and complex cloud environment allowed extensive access through API calls and other technologies. Additionally, the organisation lacked the specialised skills needed to maintain high-level security across all environments. The breach questioned the integrity of the risk model and posed a severe reputational risk to the company.

To address these challenges, organisations should consider using specific toolsets that provide visibility across diverse cloud deployments. Managed Detection and Response (MDR) solutions, along with a 24x7 Security Operations Centre (SOC), can centralise data from various sources and technologies. This centralization helps improve response times, reduce alert fatigue, and improve the organisation’s visibility and understanding of its environment.

The Importance of Security Culture

Optimising tools and skills is not enough; a proper security culture within the organisation is crucial. Management must prioritise security and risk as key drivers of organisational culture, influencing decisions and processes. Effective governance structures for data, security, compliance, and risk management should be established and integrated into everyday practices. Basic systems like incident response and resilience programs should be well-communicated, and identity and access management practices must be rigorously maintained.

As cloud environments grow more complex with advancements in AI and machine learning, the security challenges will intensify. The dynamic nature of cloud environments, characterised by continuous resource changes, requires advanced security solutions capable of adapting to these shifts. Ensuring consistent security policies across diverse cloud platforms is a humongous challenge that necessitates robust and flexible security strategies.

By addressing these challenges, organisations can improve their security posture, reduce the complexity of technology implementations, and mitigate associated risks. This approach not only enhances security but also supports the achievement of primary business goals, making cloud environments a reliable and secure foundation for business operations.


Read more »
Subscribe to: Posts (Atom)