Tag Archive for: disclosed

Norton Healthcare disclosed a data breach after ransomware attack

/in


Norton Healthcare disclosed a data breach after a ransomware attack

Pierluigi Paganini
December 09, 2023

Kentucky health system Norton Healthcare disclosed a data breach after it was a victim of a ransomware attack in May.

Norton Healthcare disclosed a data breach after a ransomware attack that hit the organization on May 9, 2023. The security breach exposed personal information belonging to patients, employees, and dependents. The health system notified federal law enforcement and launched an investigation into the incident with the help of a leading forensic security provider.

Norton Healthcare is a healthcare system based in Louisville, Kentucky (US). It is a leading provider of health services and medical care in the region. Norton Healthcare operates a network of hospitals, medical centers, physician practices, and other healthcare facilities.

Norton Healthcare operates more than 40 clinics and hospitals in and around Louisville, Kentucky.

“On May 9, 2023, Norton Healthcare discovered that it was experiencing a cybersecurity incident, later determined to be a ransomware attack.” reads the notice of security incident. “Our investigation determined that an unauthorized individual(s) gained access to certain network storage devices between May 7, 2023, and May 9, 2023, but did not access Norton Healthcare’s medical record system or Norton MyChart.”

Threat actors gained access to files containing personal information of patients, employees, and dependents. The compromised information varied for each person and could have included: name, contact information, Social Security Number, date of birth, health information, insurance information, and medical identification numbers.  In some instances, the exposed data may have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures.

Norton Healthcare is offering impacted individuals two years of credit monitoring.

On May 25, 2023, the AlphV/BlackCat group claimed responsibility for the attack. BlackCat claimed to have exfiltrated 4.7 TB of data and leaked dozens of files as proof of the hack.

At the time of this writing the dark web leak site of the…

Source…

Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

/in


Industrial and IoT cybersecurity firm Claroty on Thursday disclosed the details of five vulnerabilities that can be chained in an exploit potentially allowing threat actors to hack certain Netgear routers.

The vulnerabilities were first presented at the 2022 Pwn2Own Toronto hacking competition, where white hat hackers earned a total of nearly $1 million for exploits targeting smartphones, printers, NAS devices, smart speakers and routers.

Claroty’s router exploit, which targeted Netgear’s Nighthawk RAX30 SOHO router, earned the company’s researchers $2,500 at Pwn2Own. 

The flaws used in the exploit chain are tracked as CVE-2023-27357, CVE-2023-27367, CVE-2023-27368, CVE-2023-27369, and CVE-2023-27370. They were all patched by Netgear with the release of firmware version 1.0.10.94 in early April.

Three of the vulnerabilities have been rated ‘high severity’ and their exploitation can lead to remote code execution, authentication bypass and command injection. Chaining all the flaws can have a significant impact.

“Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections and redirect traffic to malicious websites, or inject malware into network traffic,” Claroty warned on Thursday. 

“An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks,” the company added. 

One mitigating factor is that executing the exploit requires access to the LAN — it’s not a WAN attack that can be executed from the internet, which is why it earned a smaller reward at Pwn2Own. 

Advertisement. Scroll to continue reading.

“These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited,” Netgear explained in its advisory.

Related: Netgear Neutralizes Pwn2Own Exploits With Last-Minute Nighthawk Router Patches

Related: Game Acceleration Module Vulnerability Exposes Netgear Routers to Attacks

Source…

Hackers got into L.A. school computers earlier than disclosed

/in


An intrusion into the computer systems of the Los Angeles school district began more than a month earlier than previously disclosed and likely exposed confidential information, including Social Security numbers, of more than 500 people who worked for district contractors, according to information filed with the state.

As the district previously disclosed, the security breach does not appear to extend to the payroll records and Social Security numbers for the tens of thousands of district employees. An undisclosed number of students enrolled at some point from 2013 through 2016 and some employees during that period appear to have lost information that includes their date of birth and address. California school districts don’t collect student Social Security numbers.

The updated information comes by way of a “Notice of Data Breach” that the nation’s second-largest school system was required under state law to send to potential victims.

School district officials Friday did not provide information on the number of possible victims. In addition to having to notify victims, a notice letter must be filed with the state attorney general when the number of those affected surpasses 500 California residents, the mandated threshold for public notification.

District officials had previously stated that there would be a small but not-yet-determined number of victims — “outliers,” as Supt. Alberto Carvalho described them. The victims would be notified and assisted, he added, while emphasizing that the overriding narrative was one of a worse disaster averted.

Hackers made off with about 500 gigabytes of data — a figure agreed on by both the hackers and the school system. That’s a large haul compared with what an individual user would maintain, but a tiny fraction of the data under the control of L.A. Unified.

Stealing data is only one part of an attack. The second part involves encrypting computer systems so that its users cannot get in, paralyzing the ability to conduct everyday business. Hackers managed to encrypt servers in the district’s facilities division, but had limited success elsewhere, even though normal operations, including classroom instruction and…

Source…

GT investigates: Hacking China’s medical institutes at COVID-19 outbreak, targeting aerospace firms during China’s space missions – Cyberattacks from India disclosed

/in


Photo: CFP

Photo: CFP

Evil flower in South Asia, lure of beauty, ghost war elephants roaming the Himalayas … To many people, these fantastic code names could only be heard in thrilling hacker movies. 

It turns out that they are real groups from India with possible intelligence background and state support. Investigations conducted by several of China’s leading cybersecurity companies have revealed a sophisticated network: they have constantly attacked defense and military units as well as state-owned enterprises in China, Nepal and Pakistan over the past few years, and such attacks are on the rise under new disguises of international trendy topics. 

These groups are normally known as Advanced Persistent Threat (APT) organizations made up of hackers with government support which focuses on persistent network attacks against specific targets. APT organizations are spread in the world, with many having been active in attacks against key infrastructure and government departments for years. 

Chinese cybersecurity analysts and diplomatic relations observers often mention that the next world war will be fought not on the ground, or in the air or under water, but virtually in the cyberspace. 

China has been victims of cyberattacks for many years and the rising attacks from India once again revealed the severity of the situation and the urgency to speed up building of a cybersecurity safeguard system.

Cyberattacks from South Asian regions, mainly India, target China's key industries. Graphic: Feng Qingyin/GT

Cyberattacks from South Asian regions, mainly India, target China’s key industries. Graphic: Feng Qingyin/GT

Accurate attacks with varying tactics 

India is a country that might be overlooked as a threat by the world intelligence community. Even other countries in South Asia may not be fully aware of its advanced cyber capabilities. 

“Since March, we have detected several phishing activities targeting government, defense and military units, as well as state-owned enterprises in China, Pakistan, and Nepal,” Antiy Labs, one of China’s renowned cybersecurity companies, said in a statement sent to the Global Times. 

The organization behind the attacks is from India and its activities can be traced back to as early as April 2019. So far, more than 100 phishing counterfeit websites created by the…

Source…