Tag Archive for: press

The Long Island Press Amplifies a RevBits White Paper that Explores a Devastating 2022 Cyber Hack on the Computer Systems of Suffolk County New York

/in





Mineola, N.Y., United States:
 

RevBits, a cyber security solution company based on Long Island, New York, completed a review of the 2022 Suffolk County, New York, cyber hack that rendered government systems largely inoperable for months, affecting municipal work and citizen interaction with their county government. The RevBits white paper, Suffolk Hack Part of a Chinese Plot?, was recently profiled in a companion piece in the September edition of The Long Island Press.


 

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230919470113/en/


 

One year ago, on September 8, 2022, an anonymous email appeared on the Suffolk County government computer system announcing a devastating hack: unnamed thieves had sized four terabytes of data – some 300 million pages of detailed government information, including highly confidential personal information regarding 26,000 current and former employees as well as banking and personal information related to more than 400,000 people who have received traffic and parking tickets over the past years.


 

The hack brought government systems to a halt: crippling the billion-dollar real estate industry, sideswiping tens of millions of dollars in vital payments to mom-and-pop suppliers and disabled key functions of the county’s 911 emergency system.


 

The RevBits white paper reveals that top US law enforcement and intelligence officials are convinced the intrusion was executed by Chinese government hacking teams as part of Beijing’s drive toward global supremacy by 2049.


 

The white paper, initiated by RevBits CEO David Schiffer, who founded and headed Safe Banking Systems prior to running RevBits, is a veteran of the cyber-world, having intersected with many of the biggest computer cases of the past decades from Kremlin money laundering to security lapses at the FAA. “This hack hits close to home for us – we are a Long Island-based company, and I have been a Long Island resident nearly my whole life,” said Schiffer. “The scourge of state-sponsored hacking needs to be taken seriously by companies but, even…

Source…

Virginia Retirement System hack demands transparency and accountability – Daily Press

/in


Through no fault of their own, thousands of Virginians are learning that their names, social security numbers, birthdates and partial addresses may have been exposed on the internet as part of a massive data breach affecting millions of Americans.

Most of those whose personal information may have been compromised are retired public employees who receive pension benefits through the Virginia Retirement System. VRS initially told Channel 8 News in Richmond that active members of the retirement system were not affected by the hack, but later backed away from that blanket statement. The hack compromised personal information of some survivors and beneficiaries of retirees, a group that includes some current teachers and other state employees. As many as 230,000 people may be affected.

Retirement systems in other states have also been targeted by the hackers, as have other public pension and private-sector retirement plans, state and federal agencies. California’s public employee retirement system, the largest in the nation, announced in June that hackers had stolen confidential data of about 769,000 retirees and beneficiaries.

How did this happen? After all, those in the commonwealth’s retirement system don’t have a choice about giving their personal information to VRS. Was VRS careless with the data in its files? The answer is complicated.

Like many other retirement systems, VRS contracts with a company called Pension Benefits Information to verify information about retirees and guard against overpayment. PBI, like many organizations around the world, uses the MOVEit Transfer software to share data, supposedly securely.

In May, a Russian ransomware group calling itself Clop apparently discovered a flaw in the MOVEit Transfer software and exploited it to gain access to a great deal of confidential personal information before the flaw was discovered and repaired.

Clop and similar cyber criminals steal data and then demand ransom in exchange for not making the information public. Clop wasn’t zeroing in on retired Virginia public employees, but all those whose personal details are now in the hands of unscrupulous crooks should be concerned.

It’s a fact of 21st century life:…

Source…

Ransomware Hackers Publish Patient Info from Mayanei Hayeshua Hospital | The Jewish Press – JewishPress.com | Hana Levi Julian | 21 Elul 5783 – Thursday, September 7, 2023

/in


Photo Credit: Chaim Goldberg / Flash 90

Hackers who stole patient information from the servers at Mayanei Hayeshua Medical Center in Bnei Brak have made good on their threat to publish the data.

The “Ragnar Locker” group demanded a ransom totaling tens of millions of shekels for the information after the break-in, which took place about a month ago, according to Israel Hayom.

Not having received the money, the ransomware hackers announced on their Telegram account that they had released 402 gigabytes of data in the first tranche.

The group threatened to publish the rest of the information it claimed it was holding if the ransom is not paid, including the personal, medical and psychiatric records of patients who include government and Knesset members, rabbonim, Torah sages and other prominent haredi religious patients.

Prime Minister Benjamin Netanyahu underwent treatment for a prostate issue at the hospital in 2015, according to the report.

There is fear in the haredi public that the hackers will create a “Medical WikiLeaks” that could cause serious damage to many members of the Orthodox population, according to the haredi B’Chadarei Haredim news outlet.

Health and Interior Minister MK Moshe Arbel said in response to the initial threat that the government has not previously succumbed to extortion attacks on government data and will not succumb to such attacks on the health system either.

“Along with my instructions to budget tens of millions of shekels for a multi-year cyber preparedness plan in the health system, I also believe it appropriate to publish, on my own initiative, the results of a CT scan I performed at Mayanei Hayeshua Medical Center after a partial resection of my right kidney for a cancerous tumor that was found during tests to determine my eligibility to donate the kidney.

“There is no room for surrendering to blackmail and threats from cyber attackers,” he said. “We must stand as a wall to protect the right to privacy of every patient in the Israeli health system.”

Mayanei Hayeshua Medical Center also responded to the threat, saying in a statement, “The hospital, in cooperation with the Ministry of Health, the…

Source…

This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack

/in


Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice something odd about those two vulnerabilities, but I promise the 2020 date is only the tip of the iceberg here.

Let’s start with PostgreSQL. That vulnerability was only present in version 12.2, which released in February of 2020, and was fixed with the 12.3 release in May of that same year. The problem is a stack buffer overflow, which doesn’t seem to enable code execution, but does cause a denial of service situation. To trigger the bug? Repeatedly send the PostgreSQL daemon the SIGHUP signal.

If you’re familiar with Linux signals, that might sound odd. See, the SIGHUP signal technically indicates the end of a user session, but most daemons use it to indicate a restart or reload request. And to send this signal, a user has to have elevated privileges — elevated enough to simply stop the daemon altogether. Put simply, it’s not a security vulnerability, just a minor bug.

And now on to curl — This one is just bizarre. The issue is a integer overflow in the --retry-delay argument, which specifies in seconds how often curl should retry a failing download. The value is multiplied by 1000 to convert to milliseconds, resulting in an overflow for very large values. The result of that overflow? A smaller value for the retry delay.

[Daniel Stenberg] makes the point that this tale is a wonderful demonstration of the brokenness of the CVE system and NVD’s handling of it. And in this case, it’s hard not to see this as negligence. We have to work really hard to construct a theoretical scenario where this bug could actually be exploited. The best I’ve been able to come up with is an online download tool, where the user can specify part of the target name and a timeout. If that tool had a check to ensure that the timeout was large enough to avoid excess traffic, this bug could bypass that check. Should we be assigning CVEs for that sort of convoluted, theoretical attack?

But here’s the thing, that attack scenario should rate something like a CVSS of 4.8 at absolute worst. NVD assigned…

Source…