Tonya Riley – Page 34 – WindowsTechs.com

Popular technology that hospitals use to send lab samples is vulnerable, researchers found

Posted on August 2, 2021 by Tonya Riley

A key technology that hospitals use to deliver medications, blood and other vital lab samples are at significant risk of hacking, new findings suggest. Researchers from the security vendor Armis found nine critical vulnerabilities in the control panel that powers the Translogic pneumatic tube systems from logistics automation company Swisslog Healthcare. The Translogic pneumatic tube system is used by more than 3,000 hospitals worldwide and over 80% of hospitals in North America, according to a report published Monday. Researchers warn that the vulnerability could be used to launch a ransomware attack against the delivery system, crippling hospital functions. Hackers could also use such access to leak sensitive medical data. There’s no evidence attackers have exploited the software issue for their own gain. Ransomware attacks against hospitals have risen dramatically in recent years, costing organizations millions of dollars and sometimes crippling emergency care. Five of the vulnerabilities, which researchers have collectively […]

Continue reading Popular technology that hospitals use to send lab samples is vulnerable, researchers found→

FTC’s right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers

Posted on July 30, 2021 by Tonya Riley

When the Federal Trade Commission voted unanimously on July 21 to enforce rules against manufacturers who have made it difficult for consumers to fix their own devices, it marked a significant win for the “right-to-repair” movement that includes farmers, hackers and consumer advocates among its ranks. The consumer watchdog agency’s decision to ramp up enforcement actions against illegal right-to-repair restrictions came after Americans, for years, had been limited by legal restrictions that prevented them from fixing technology they already purchased. For instance, manufacturers can withhold repair tools and implement software-based locks that prevent owners from making even simple updates unless they visit a repair shop authorized by the company. That has been the ongoing struggle for John Deere owners, some of whom resorted to hacking their tractors with Ukrainian software in order to fix them. Companies like Apple, as well as industry groups, fought for years against state and federal […]

The post FTC’s right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers appeared first on CyberScoop.

Continue reading FTC’s right-to-repair ruling is a small step for security researchers, giant leap for DIY hackers→

Criminals are using call centers to spread ransomware in a crafty scheme

Posted on July 29, 2021 by Tonya Riley

An ongoing ransomware campaign that employs phony call centers to trick victims into downloading malware may be more dangerous than previously thought, Microsoft researchers say. Because the malware isn’t in a link or document within the email itself, the scam helps attackers bypass some phishing and malware detecting services, Microsoft researchers noted in a report Thursday. When the company first examined it in May, the scheme features attackers posing as subscription service providers who lure victims onto the phone to cancel a non-existent subscription. Once there, the call center worker guides them to download malware onto their computer. Researchers now say that the malware not only allows hackers a one-time backdoor into the device, as previously thought, but to also remotely control the affected system. That means it’s even easier for them to sweep for files and find high-end user credentials that could be used to drop ransomware such as Ryuk or […]

The post Criminals are using call centers to spread ransomware in a crafty scheme appeared first on CyberScoop.

Continue reading Criminals are using call centers to spread ransomware in a crafty scheme→

Biden issues memo to push critical infrastructure cybersecurity upgrades

Posted on July 28, 2021 by Tonya Riley

President Joe Biden on Wednesday signed a national security memorandum tasking a group of federal agencies to develop cybersecurity performance goals for critical infrastructure. The directive is the latest effort from the Biden administration to get critical industries on board with improving cybersecurity in areas that could impact national security and the economy. The executive memo follows a security directive handed down by the Transportation Security Administration last week requiring owners and operators of TSA-designated critical pipelines to implement mitigations to protect against ransomware and other threats. “Our current posture is woefully insufficient given the evolving threat we face today,” a senior administration official told reporters in a call on Tuesday. “We really kicked the can down the road for a long time. The administration is committed to leveraging every authority we have, though limited, and we’re also open to new approaches, both voluntary and mandatory.” The Department of Homeland […]

The post Biden issues memo to push critical infrastructure cybersecurity upgrades appeared first on CyberScoop.

Continue reading Biden issues memo to push critical infrastructure cybersecurity upgrades→

Justice Department officials urge Congress to pass ransomware notification law

Posted on July 27, 2021 by Tonya Riley

U.S. Justice Department officials came out in strong support of legislation requiring companies to report ransomware attacks and other severe data breaches to federal authorities. “Without prompt reporting, investigative opportunities are lost, our ability to assist other victims facing the same attacks is degraded and the government and Congress does not have a full picture of the threat facing American companies,” said Richard Downing, deputy assistant attorney general for the criminal division of the U.S. Department of Justice, at a Senate Judiciary hearing on ransomware Tuesday. The sentiment was shared by Bryan Vorndran, assistant director of the cyber division at the FBI. “We need a federal cyber incident reporting standard for breaches that pose significant risks because inconsistent volunteer reporting is simply not enough,” said Vorndran. Current versions of reporting legislation circulating on Capitol Hill put the Department of Homeland Security’s cybersecurity agency at the center of reporting. Eric Goldstein, […]

The post Justice Department officials urge Congress to pass ransomware notification law appeared first on CyberScoop.

Continue reading Justice Department officials urge Congress to pass ransomware notification law→

Cyber job listings excluded Colorado workers after salary transparency law went into effect

Posted on July 27, 2021 by Tonya Riley

Dozens of technology companies, including several cybersecurity firms, have excluded remote workers in Colorado from searches for job candidates since a state law requiring pay transparency in job listings went into effect. CyberScoop identified at least five cybersecurity firms or tech companies with active security-related job listings excluding Colorado workers from remote work. The companies represent a small subset of hundreds of employers navigating 2019’s Equal Pay For Equal Work Act, which went into effect on January 1 and requires employers to include compensation in job postings and keep job descriptions and wage records for two years after an employee leaves the company. Advocates for equal pay say that salary transparency is a powerful tool in closing the wage gap between men and women. Companies that implement pay transparency tend to have a lower wage gap at all job levels, the salary data site PayScale found in a 2020 study. A […]

The post Cyber job listings excluded Colorado workers after salary transparency law went into effect appeared first on CyberScoop.

Continue reading Cyber job listings excluded Colorado workers after salary transparency law went into effect→

Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says

Posted on July 23, 2021 by Tonya Riley

The tides may be starting to turn on the ransomware epidemic, new industry findings show. The average ransomware payment declined to $136,576 in the second quarter of 2021, according to numbers published Friday by ransomware response firm Coveware. The company did not share how many companies that data was based on. The 38% decrease is a dramatic drop from the average demand of $220,298 that the firm reported in April for the first quarter. That number was a 43% increase from the last quarter of 2020. The decline comes in the shadow of three major ransomware attacks hitting the U.S. supply chain. Since May, U.S. officials have faced three high-profile ransomware attacks against fuel provider Colonial Pipeline, meat supply company JBS, and most recently Florida IT company Kaseya. The latter two attacks have been attributed to REvil, a ransomware gang thought to be based in Russia. The resulting wake-up call in both […]

The post Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says appeared first on CyberScoop.

Continue reading Average ransomware payment declined by 38% in second quarter of 2021, new Coveware report says→

Kaseya obtains decryption key for victims of massive ransomware attack

Posted on July 22, 2021 by Tonya Riley

Roughly three weeks after Russia-based ransomware group REvil attacked Kaseya, the Florida-based IT firm has obtained a working decryption key to unlock encrypted files belonging to hundreds of victims, a spokesperson confirmed to CyberScoop on Thursday. Dana Liedholm, the company’s senior vice president of marketing, declined to comment on the source of the key, other than to say it came from a “trusted third party.” She also declined to comment when asked if the company had paid to obtain the key, or and on long it would take to remediate all the clients that had been impacted by the attack. The news was first reported by NBC’s Kevin Collier. Kaseya has estimated the number of affected companies at somewhere between 800 and 1,500. Private cybersecurity firms have suggested a higher figure, as Huntress Labs estimated the number of victims at closer to 2,000. Sophos Labs identified 145 victims in the […]

The post Kaseya obtains decryption key for victims of massive ransomware attack appeared first on CyberScoop.

Continue reading Kaseya obtains decryption key for victims of massive ransomware attack→

New legislation would boost the FTC’s role in fighting ransomware

Posted on July 21, 2021 by Tonya Riley

A new bill could direct the Federal Trade Commission’s international efforts towards taking on ransomware. Rep. Gus Bilirakis (R-Fla.), the top Republican on the House Energy and Commerce consumer protection subcommittee, filed legislation Tuesday that would require the agency to report the number of ransomware and cyberattack-related complaints it receives, and how it cooperated with international law enforcement to respond to those issues. The new text would update a 2006 law enabling the agency to work with foreign law enforcement agencies on consumer protection issues. Under the amended law, the FTC would also be charged with providing recommendations for legislation and best practices to mitigate and defend against ransomware. The FTC has always played a role in trying to mitigate data breaches and online fraud, including the enforcement of privacy policies and pursuing companies like Equifax for failing to take basic security precautions. It has in the past also offered […]

The post New legislation would boost the FTC’s role in fighting ransomware appeared first on CyberScoop.

Continue reading New legislation would boost the FTC’s role in fighting ransomware→

UK man arrested in connection with massive Twitter hack, alleged cyberstalking

Posted on July 21, 2021 by Tonya Riley

Spanish national police arrested a U.K. citizen Wednesday charged by U.S. law enforcement in connection with a July 2020 Twitter hack that compromised over 130 accounts, the Justice Department announced. The 2020 breach compromised dozens of high profile accounts including those of former president Barack Obama, Tesla CEO Elon Musk, Microsoft founder Bill Gates and rapper Kanye West. Attackers gained access to internal account management systems by targeting employees. Twitter changed security practices for its administrative tools after the hack. The suspect, Joseph O’Connor, is also charged with allegedly hacking TikTok and Snapchat user accounts as well as cyberstalking a juvenile. Details about those incidents were not immediately clear. O’Connor is charged by the U.S. District Court of California with nine charges in total, including making extortive and threatening communications. CyberScoop could not immediately locate an attorney for O’Connor to seek comment. Florida teenager Graham Ivan Clark pleaded guilty earlier […]

The post UK man arrested in connection with massive Twitter hack, alleged cyberstalking appeared first on CyberScoop.

Continue reading UK man arrested in connection with massive Twitter hack, alleged cyberstalking→