Tag Archive for: hard

20+ hospitals in Romania hit hard by ransomware attack on IT service provider • Graham Cluley


20+ hospitals in Romania hit hard by ransomware attack on IT service provider20+ hospitals in Romania hit hard by ransomware attack on IT service provider

Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems.

Romania’s National Cybersecurity Directorate (DNSC) said in a statement that the attackers encrypted hospital data using the Backmydata ransomware – a variant of Phobos.

The DNSC advises not to contact the IT teams at affected hospitals “so they can focus on restoring IT services and data! This is the priority at the moment.”

Sign up to our free newsletter.
Security news, advice, and tips.

The affected hospitals all used the Hipocrate IT platform, developed by Romanian software company RSC to manage patients’ data and track their progress from initial admission to discharge.

Affected hospitals include:

  • Azuga Orthopaedics and Traumatology Hospital
  • Băicoi City Hospital
  • Buzău County Emergency Hospital
  • C.F. Clinical Hospital no. 2 Bucharest
  • Colțea Clinical Hospital
  • Emergency County Hospital “Dr. Constantin Opriș” Baia Mare
  • Emergency Hospital for Plastic, Reconstructive and Burn Surgery Bucharest
  • Fundeni Clinical Institute
  • Hospital for Chronic Diseases Sf. Luca
  • Institute of Cardiovascular Diseases Timișoara
  • Medgidia Municipal Hospital
  • Medical Centre MALP SRL Moinești
  • Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta
  • Oncological Institute “Prof. Dr. Al. Trestioreanu” Institute Bucharest (IOB)
  • Pitești Emergency County Hospital
  • Regional Institute of Oncology Iasi (IRO Iasi)
  • Sighetu Marmației Municipal Hospital
  • Slobozia County Emergency Hospital
  • St. Apostol Andrei Emergency County Hospital Constanta
  • Târgoviște County Emergency Hospital

The DNSC reports that 79 more hospitals using Hipocrate have disconnected from the internet in the wake of the attack. The attack was first spotted on Saturday, February 10 at the Pitești Paediatric Hospital.

According to the DNSC, most affected hospitals have backups of the data encrypted by the ransomware, which should aid recovery. But in at least one case, the most recent backup was saved 12 days ago.

Hat-tip: Thanks to reader Gheorghe for his assistance with this…

Source…

Avira Antivirus Is Causing Windows PCs To Run So Hard They Freeze Up, Fix Available


One of the telltale signs that your PC has become ill with a virus is an unexpected slowdown in performance. Various forms of malware can sometimes feast on your system’s resources, whether it’s a hidden cryptocurrency miner, keylogger, or something else. Ironically, a recent update to Avira’s antivirus software is having the same effect on system PCs, with users reporting system freezes in Windows.

The issue came to light this week in a post on Reddit. A user who goes by “kiiniiwiinii” reported that their PC had suddenly begun freezing up, which prompted them to start disabling background apps one by one, until only Avira remained running.

“Two other people I know had the same issue (both have Avira). Fixed it by going into safe startup and uninstalling Aviera. This along with the game booster (that we didn’t enable) causing lag (took forever to figure out the cause) and the horrible support, I will be cancelling my subscription and keeping Avira uninstalled,” the user wrote.

Several others chimed in to the Reddit thread and said they too were experiencing the same performance hiccup. One user said they noticed the apparent glitch was causing Avira to utilize 100% of their processor and memory resources. Others reported seeing the same issue on dozens of client PCs. So, what gives?

Avira’s parent company, Gen Digital, confirmed the issue in a statement to Heise.de. According to Gen Digital, a bug in Avira’s firewall was causing the issue “under a certain condition.” The company also said that the issue has been resolved via a new software update.


“We are aware that a recent update from Avira has caused problems for some Windows 10 and Windows 11 users. These were automatically resolved by an update released on Monday, December 11th [at] 11:30 a.m. (CET). In the unlikely event that the update has not reached all computers, users can contact the Avira support team who will be happy to help them,” Gen Digital said.

Interestingly, Gen Digital also said that if the update does not arrive for some reason,…

Source…

AI, Hybrid Cloud, Ransomware Detection, and the Enduring Role of Hard Disk Drives in Data Storage Evolution


Scality, a global leader in reliable, secure, and sustainable data storage software, shared its annual data storage predictions for 2024. With the use of generative AI skyrocketing and cyberattacks continuing to infect organizations, ongoing demands to decrease IT complexity with secure, efficient solutions will dominate IT budgets into the new year. In addition, perennial data storage management challenges — growing data volumes, tight budgets, skills shortages, complicated IT installations, and increasing cyber threats — will persist.

While these are standard assumptions, this year, Scality focused its predictions on the ongoing conversations led by customers and thought leaders in the data storage industry.

Giorgio Regni, CTO at Scality, said, “We’ve had some interesting industry debates with thought leaders this past year, including the potential death of the hard disk drive (HDD), the role on-premises data storage can play to help advance data management and AI, and, finally, what it really takes to protect data from ransomware. This year’s predictions play off all of these themes.”

Recommended AI News: Riding on the Generative AI Hype, CDP Needs a New Definition in 2024

AIThority Predictions Series 2024 bannerHDDs will live on, despite predictions of a premature death
Some all-flash vendors prognosticate the end of spinning disk (HDD) media in the coming years. While flash media and solid state drives (SSDs) have clear benefits when it comes to latency, are making major strides in density, and the cost per GB is declining, we see HDDs holding a 3-5x density/cost advantage over high-density SSDs through 2028.

Therefore, the current call for HDD end-of-life is akin to the tape-is-dead arguments from 20 years ago. In a similar way, HDDs will likely survive for the foreseeable future as they continue to provide workload-specific value.  

End users will discover the value of unstructured data for AI
The meteoric rise of large language models (LLMs) over the past year highlights the incredible potential they hold for organizations of all sizes and industries. They primarily leverage structured, or text-based, training data. In the coming year, businesses will discover the value of their vast troves…

Source…

“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard


“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard

Getty Images

A vulnerability that allows attackers to bypass multifactor authentication and access enterprise networks using hardware sold by Citrix is under mass exploitation by ransomware hackers despite a patch being available for three weeks.

Citrix Bleed, the common name for the vulnerability, carries a severity rating of 9.4 out of a possible 10, a relatively high designation for a mere information-disclosure bug. The reason: the information disclosed can include session tokens, which the hardware assigns to devices that have already successfully provided credentials, including those providing MFA. The vulnerability, tracked as CVE-2023-4966 and residing in Citrix’s NetScaler Application Delivery Controller and NetScaler Gateway, has been under active exploitation since August. Citrix issued a patch on October 10.

Repeat: This is not a drill

Attacks have only ramped up recently, prompting security researcher Kevin Beaumont on Saturday to declare: “This vulnerability is now under mass exploitation.” He went on to say, “From talking to multiple organizations, they are seeing widespread exploitation.”

He said that as of Saturday, he had found an estimated 20,000 instances of exploited Citrix devices where session tokens had been stolen. He said his estimate was based on running a honeypot of servers that masquerade as vulnerable Netscaler devices to track opportunistic attacks on the Internet. Beaumont then compared those results with other data, including some provided by Netflow and the Shodan search engine.

Meanwhile, GreyNoise, a security company that also deploys honeypots, was showing exploits for CVE-2023-4966 coming from 135 IP addresses when this post went live on Ars. That’s a 27-fold increase from the five IPs spotted GreyNoise saw five days ago.

The most recent numbers available from security organization Shadowserver showed that there were roughly 5,500 unpatched devices. Beaumont has acknowledged that the estimate is at odds with his estimate…

Source…