Tag Archive for: Cluley

Hacking hotels, Google’s AI goof, and cyberflashing • Graham Cluley

/in


Smashing Security podcast #365: Hacking hotels, Google’s AI goof, and cyberflashingSmashing Security podcast #365: Hacking hotels, Google’s AI goof, and cyberflashing

Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google’s AI search pushes malware and scams.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus’s Maria Varmazis.

Warning: This podcast may contain nuts, adult themes, and rude language.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Maria Varmazis – mstdn.social/@varmazis

Episode links:

Sponsored by:

  • Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
  • Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 20% off!
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Source…

Fujitsu hack raises questions, after firm confirms customer data breach • Graham Cluley

/in


Fujitsu hack raises questions, after firm confirms customer data breachFujitsu hack raises questions, after firm confirms customer data breach

Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.

The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered the presence of malware on its computers, the potential theft of customer data, and apologised for any concern or inconvenience caused.

Fujitsu announcementFujitsu announcement
Announcement published on Fujitu’s Japanese website.

The press release (a Google-translated version can be read here), is somewhat scant on detail.

For instance:

  • Fujitsu doesn’t disclose the malware found, the number of affected computers, or the internal systems or databases accessed.
  • Fujitsu doesn’t specify the type of malware found – a remote access backdoor? ransomware? something else?
  • Fujitsu doesn’t share details about the stolen information, calling it “personal information and customer information.” For instance, does it include contact details, passwords, or payment information?
  • Fujitsu announced on Friday 15 March that it suffered a cyber attack, but didn’t specify when it was discovered or how long the hackers had access to its systems and data.

Fujitsu says it has reported the incident to regulators and will contact affected individuals and customers.

The company also says that it has not seen any reports of the potentially stolen information being misused. Statements like these are meant to reassure affected parties, but they don’t make you feel much more comfortable in reality.

An absence of evidence is not evidence of absence. How could a company ever confidently and honestly claim it has incontrovertible proof that exfiltrated data has not been exploited by malicious hackers and online fraudsters?

Sign up to our free newsletter.
Security news, advice, and tips.

In the past, there have been many incidents where data stolen in a hack has not immediately shown up, before appearing on the dark web months or even years later.

Source…

20+ hospitals in Romania hit hard by ransomware attack on IT service provider • Graham Cluley

/in


20+ hospitals in Romania hit hard by ransomware attack on IT service provider20+ hospitals in Romania hit hard by ransomware attack on IT service provider

Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems.

Romania’s National Cybersecurity Directorate (DNSC) said in a statement that the attackers encrypted hospital data using the Backmydata ransomware – a variant of Phobos.

The DNSC advises not to contact the IT teams at affected hospitals “so they can focus on restoring IT services and data! This is the priority at the moment.”

Sign up to our free newsletter.
Security news, advice, and tips.

The affected hospitals all used the Hipocrate IT platform, developed by Romanian software company RSC to manage patients’ data and track their progress from initial admission to discharge.

Affected hospitals include:

  • Azuga Orthopaedics and Traumatology Hospital
  • Băicoi City Hospital
  • Buzău County Emergency Hospital
  • C.F. Clinical Hospital no. 2 Bucharest
  • Colțea Clinical Hospital
  • Emergency County Hospital “Dr. Constantin Opriș” Baia Mare
  • Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest
  • Fundeni Clinical Institute
  • Hospital for Chronic Diseases Sf. Luca
  • Institute of Cardiovascular Diseases Timișoara
  • Medgidia Municipal Hospital
  • Medical Centre MALP SRL Moinești
  • Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta
  • Oncological Institute “Prof. Dr. Al. Trestioreanu” Institute Bucharest (IOB)
  • Pitești Emergency County Hospital
  • Regional Institute of Oncology Iasi (IRO Iasi)
  • Sighetu Marmației Municipal Hospital
  • Slobozia County Emergency Hospital
  • St. Apostol Andrei Emergency County Hospital Constanta
  • Târgoviște County Emergency Hospital

The DNSC reports that 79 more hospitals using Hipocrate have disconnected from the internet in the wake of the attack. The attack was first spotted on Saturday, February 10 at the Pitești Paediatric Hospital.

According to the DNSC, most affected hospitals have backups of the data encrypted by the ransomware, which should aid recovery. But in at least one case, the most recent backup was saved 12 days ago.

Hat-tip: Thanks to reader Gheorghe for his assistance with this…

Source…

China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns • Graham Cluley

/in


China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warnsChina is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns

Got two-and-a-half hours to spare?

Maybe instead of settling down to watch “Mission: Impossible – Dead Reckoning Part One”, you could check out this video where FBI director Christopher Wray warned the US Congress earlier this week of the risks posed by Chinese state-sponsored hackers.

As Wray described to the House select committee on the Chinese Communist party, a botnet operated by Volt Typhoon hacking group has been disrupted by law enforcement agencies.

The “vast majority” of affected routers are out-of-date NetGear and Cisco gear that are deemed to have reached their “end of life” and are no longer receiving security updates.

The routers were vulnerable to being recruited into Volt Typhoon’s so-called KV botnet if left unpatched. However, a court-approved US operation has deleted the malware from affected routers and took steps to prevent reinfection.

Sign up to our free newsletter.
Security news, advice, and tips.

According to the FBI’s Wray, Volt Typhoon is compromising small businesses and home office routers to hide the origin of future Chinese-backed cyber attacks.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict. Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.”

Committee chairman Mike Gallagher said the attacks were the “cyberspace equivalent of placing bombs on American bridges, water treatment facilities and power plants.”

Although it’s a headline-grabbing thing to say, there is some truth in it. We have seen cyber attacks by nation-states against water facilities and electricity grids in the past. If successful, such attacks could have a significant impact.

Russia, for instance, managed to cut off internet access for tens of millions of Ukrainians, and in a separate cyber attack disrupted the power grid in the war-torn country.

“There is no economic benefit for these actions. There is no intelligence-gathering rationale,” continued Gallagher. “The sole purpose is to be ready to destroy American infrastructure, which will…

Source…