Tag Archive for: Affect

Carpetright is latest British business to be hit by cyber attack as hackers target company HQ to affect hundreds of customer orders

/in


  •  Hackers targeted the company HQ in Purfleet, Essex on Tuesday



Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders. 

Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access. 

Carpetright’s network was taken offline due to the cyber attack but bosses insist that the virus was isolated before any data was swiped. 

However phone lines are still down with callers met with the automated message ‘Thank you for your patience while we work on a solution’.

Staff and hundreds of customers were affected by the malicious virus with employees reportedly unable access their payroll information.   

Flooring chain Carpetright is the latest British business to be hit by a cyber attack affecting hundreds of customer orders (file pic)
Hackers targeted the company HQ in Purfleet, Essex on Tuesday, sending malware to gain unauthorised access (stock photo)

A source told The Sun: ‘Some staff networks were taken down including the portals that workers use to book time off and look at payslips.

‘It happened abruptly and was worrying because customers couldn’t get through to helplines.

READ MORE: Hackers publish NHS patients’ data after cyber attack including names, addresses and medical conditions – as they vow to post thousands more unless ransom is paid

‘Everything at HQ was taken offline as that was the best way to stop the attack spreading to customer data.’

A spokesperson for Carpetright said: ‘We would like to apologise for any inconvenience caused.

‘We are not aware of any customer or colleague data being impacted by this incident and are testing and resetting systems, with investigations ongoing.’

The cyber attack at the flooring chain comes after hackers managed to access a ‘small number’ of patients’ data last month. 

Ransomware group – INC Ransom – targeted NHS Dumfries and Galloway and claimed it was in possession of three terabytes of data from NHS Scotland.

A post on its dark web blog included a ‘proof pack’ of some of the data, which was…

Source…

New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands

/in


Dec 08, 2023NewsroomVulnerability / Mobile Network

5G Modems Flaws

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.

Of the 14 flaws – collectively called 5Ghoul (a combination of “5G” and “Ghoul”) – 10 affect 5G modems from the two companies, out of which three have been classified as high-severity vulnerabilities.

“5Ghoul vulnerabilities may be exploited to continuously launch attacks to drop the connections, freeze the connection that involve manual reboot or downgrade the 5G connectivity to 4G,” the researchers said in a study published today.

As many as 714 smartphones from 24 brands are impacted, including those from Vivo, Xiaomi, OPPO, Samsung, Honor, Motorola, realme, OnePlus, Huawei, ZTE, Asus, Sony, Meizu, Nokia, Apple, and Google.

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

The vulnerabilities were disclosed by a team of researchers from the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), who also previously uncovered BrakTooth in September 2021 and SweynTooth in February 2020.

The attacks, in a nutshell, attempt to deceive a smartphone or a 5G-enabled device to connect a rogue base station (gNB), resulting in unintended consequences.

“The attacker does not need to be aware of any secret information of the target UE e.g., UE’s SIM card details, to complete the NAS network registration,” the researchers explained. “The attacker only needs to impersonate the legitimate gNB using the known Cell Tower connection parameters.”

5G Modems Flaws

A threat actor can accomplish this by using apps like Cellular-Pro to determine the Relative Signal Strength Indicator (RSSI) readings and trick the user equipment to connect to the adversarial station (i.e., a software-defined radio) as well as an inexpensive mini…

Source…

Ransomware attack continues to affect 2 CT hospital systems

/in


A ransomware attack continued to disrupt some services Friday at two Connecticut health care systems owned by Prospect Medical Holdings. 

Eastern Connecticut Health Network, which operates Manchester Memorial Hospital and Rockville General Hospital in Vernon, and Waterbury Health, which operates Waterbury Hospital, reported on their websites Friday that some services and locations continued to be temporarily closed nearly a week after their parent company reported being hit by a ransomware attack.  

“The outage has affected some of our outpatient services, mostly blood draw and some patient appointments. We have contacted and will continue to contact any affected patients,” Waterbury Health said on its website, referring patients to an appointment information line, 203-573-6595, for more information. 

Waterbury Health’s website reported that blood draw locations were closed, except for an outpatient blood drawing location at Waterbury Hospital.

ECHN said on its website that GI procedures were unavailable and that Evergreen and Tolland Imaging, outpatient blood drawing and its Women’s Center were closed, along with outpatient medical imaging on weekdays. 

ECHN posted a list of temporary numbers for patients to contact its offices and providers. 

In a statement earlier this week, Nina Kruse, ECHN’s vice president for communications and public affairs, said, “Prospect Medical Holdings Inc. recently experienced a data security incident that has disrupted our operations. Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists.” 

The state Department of Public Health said Tuesday that it had opened an investigation into Manchester Memorial Hospital. “We can confirm that there is an open investigation, but cannot release any details or additional information,” Christopher Boyle, spokesperson for DPH. 

The FBI is also investigating the ransomware attack, which has disrupted hospital systems run by Prospect Medical Holdings in…

Source…

How Will the Metaverse Affect Cloud Security?

/in


An immersive digital world enabled by a range of technologies, including the internet of things (IoT), blockchain, and virtual and augmented reality, the metaverse allows us to see and interact with objects and people. This virtual environment is enhanced by photorealistic avatars that can reproduce your real body through wearable sensors that measure your movements and immersive smart glasses that enable virtual and augmented reality. With these technologies, what you do in the real world controls your experience in the virtual world and vice versa.

Supporting a virtual universe requires vast computing and storage resources. These resources are readily available in the cloud. This predicted uptake of cloud services should lead to purpose-built cloud technologies purpose-built to serve the needs of the metaverse.

As the cloud forms the basis of the metaverse, in what ways will the metaverse affect cloud security?

Top Metaverse security concerns

For a virtual world to operate like the physical world, it must sustain continuous online availability with real-time feedback and continuous operation. High-scale interactions are supported by high-speed information transmission and computing systems. The ideal compute infrastructure for the metaverse supports low latency and big data flows.

Technologies such as cloud computing, 5G, IoT, edge computing, and high-performance computing are ideal for supporting metaverse computing and processing requirements. Adopting these technologies in the metaverse will require more devices connected to the cloud and an increase in cloud infrastructure. Looking at this expansion from a security perspective, an increase in endpoints connected to the cloud will undoubtedly lead to an overall increase in the exposed attack surface.

For example, IoT devices are highly targeted vulnerability points for attackers. This is because they commonly contain weak security controls and portability—a recipe for infiltrating multiple networks. IoT botnets are not uncommon occurrences, which might be replicated in the metaverse. Attackers target botnets as they allow them to automatically distribute malware, slow down compute power by mining for cryptocurrency,…

Source…