:Blog: – Page 3 – WindowsTechs.com

Germany’s Christian Democratic party hit by ‘serious’ cyberattack

Posted on June 4, 2024 by Dissent Doe PHD

Euractiv and Reuters report: Germany’s Christian Democratic Union (CDU), the country’s leading opposition party, has been hit by a major cyberattack and has taken parts of its IT-infrastructure off the grid as a precautionary measure, authorities said … Continue reading Germany’s Christian Democratic party hit by ‘serious’ cyberattack→

WD & Associates had a breach in February 2023. Individuals still haven’t been notified.

Posted on May 31, 2024 by Dissent Doe PHD

From a summary of Rhode Island’s data breach notification law, as summarized by PerkinsCoie: Notification Obligation. Any Entity to which the statute applies shall provide notification of (i) any disclosure of PI or (ii) any breach of the securit… Continue reading WD & Associates had a breach in February 2023. Individuals still haven’t been notified.→

Surge in fake pharmacy campaigns abusing Firebase link shortener

Posted on May 30, 2024 by Chandler Newman

Fake pharmacies sell prescription-only drugs without a license and without requiring a valid prescription from a doctor. The storefronts are advertised to consumers through web searches, social media, and unsolicited spam emails. As you might expect, many of these platforms attempt to block known fake pharmacies.

Netcraft analysts have observed evidence of a 12-month spike in fake pharmacy campaigns using page.link (Firebase Dynamic Links), more than doubling since last year. Many of these campaigns bounce visitors through a series of redirects to disguise the eventual destination, inadvertently making it easy for fraudsters to hide malicious links in shortened URLs.

What are fake pharmacies?

Fake pharmacies are a type of counterfeit online shopping website that market prescription drugs, often advertising them as well-known products from established pharmaceutical companies.

Usually operating outside the countries to which they’re selling, these stores are unlicensed and unregulated and will often include false accreditations and phony endorsements from reputable organizations to build perceived credibility.

The majority of fake pharmacies accept standard credit cards and PayPal, with some accepting cryptocurrency for a discount.

Figure 1 Extract from a fake pharmacy site, with spoofed endorsements

Some sites will simply steal payment details. However, unlike other fake online shopping websites, most fake pharmacies will deliver drugs to victims. These could be counterfeit, diluted, or expired drugs and may contain unexpected, potentially fatal ingredients.

Figure 2 Fake pharmacies sell unlicensed drugs without a prescription, often in very high quantities

Low-quality counterfeits can pose a serious threat to consumers’ health and legitimate pharmaceutical products, with buyers being driven away from real retailers by the lure of large savings and no prescription requirements.

As well as the risks to public health, fake pharmacies have a significant financial impact, with the World Health Organization estimating that $431 billion in drugs are counterfeited …

Continue reading Surge in fake pharmacy campaigns abusing Firebase link shortener→

May 2024 Web Server Survey

Posted on May 30, 2024 by Survey

In the May 2024 survey we received responses from 1,097,398,145 sites across 268,137,699 domains and 12,898,459 web-facing computers. This reflects an increase of 4.4 million sites, 202,938 domains, and 26,168 web-facing computers.

Cloudflare experienced the largest gain of 4.4 million sites (+3.84%) this month, and now accounts for 10.8% (0.36pp) of sites seen by Netcraft. OpenResty made the next largest gain of 3.2 million sites (+2.91%).

nginx experienced the largest loss of 4.6 million sites (-1.92%) this month, reducing its market share to 21.5% (-0.51pp). Apache suffered the next largest loss, down by 2.2 million sites (-1.00%).

Vendor news

Amazon announced that S3 will no longer charge for requests that fail due to several HTTP error codes, following a blog post by engineer Maciej Pocwierz, who received a $1,300 bill after creating an empty private S3 bucket. The bucket unintentionally received almost 100 million requests in a day as it shared the same name as a placeholder used by a popular open-source backup tool.
Apache Tomcat versions 9.0.89, 10.1.24 and 11.0.0-M20 were released.
LiteSpeed versions 6.0.12 and 6.1.2 were released, containing security fixes, improvements, and bug fixes.
Amazon announced a new AWS edge location in Cairo, Egypt.
Microsoft announced that Azure no longer charges for data transfer between Availability Zones.

Developer	April 2024	Percent	May 2024	Percent	Change
nginx	240,853,969	22.04%	236,239,936	21.53%	-0.51
Apache	219,442,734	20.08%	217,239,604	19.80%	-0.28
Cloudflare	114,173,199	10.45%	118,561,124	10.80%	0.36
OpenResty	111,039,981	10.16%	114,268,616	10.41%	0.25

Web server market share for active sites

Developer	April 2024	Percent	May 2024	Percent	Change
Apache	38,954,840	20.18%	37,106,437	19.17%	-1.01
nginx	34,523,025	17.88%	34,944,050	18.06%	0.17
Cloudflare	26,456,014	13.70%	28,767,697	14.86%	1.16
Google	20,158,672	10.44%	19,116,508	9.88%	-0.56

For more information see Active Sites.

Web server market share for top million busiest sites

Developer	April 2024	Percent	May 2024	Percent	Change
Cloudflare	227,710	22.77%	228,120	22.81%	0.04
nginx	205,397

… Continue reading May 2024 Web Server Survey→

Cops Are Just Trolling Cybercriminals Now

Posted on May 28, 2024 by Dissent Doe PHD

Matt Burgess reports: Russian cybercriminals are almost untouchable. For years, hackers based in the country have launched devastating ransomware attacks against hospitals, critical infrastructure, and businesses, causing billions in losses. But they’r… Continue reading Cops Are Just Trolling Cybercriminals Now→

Japan Man Arrested for Creating Virus Using Generative AI Systems; ‘I Thought I Could Do Anything if I Asked AI’

Posted on May 28, 2024 by Dissent Doe PHD

The Yomiuri Shimbun reports: A 25-year-old unemployed man from Kawasaki has been arrested for allegedly creating a computer virus by using interactive generative artificial intelligence available online. This is believed to be the first case in the nat… Continue reading Japan Man Arrested for Creating Virus Using Generative AI Systems; ‘I Thought I Could Do Anything if I Asked AI’→

More than 540,000 patients notified so far about Cencora/Lash Group data breach

Posted on May 25, 2024 by Dissent Doe PHD

– Only partial numbers so far – Only partial list of clients so far – No group has as yet claimed responsibility for the hack and data exfiltration As the week draws to a close, clients of Cencora and The Lash Group have been submitt… Continue reading More than 540,000 patients notified so far about Cencora/Lash Group data breach→

Mālama I Ke Ola Health Center cyberattack affecting services

Posted on May 24, 2024 by Dissent Doe PHD

The Mālama I Ke Ola Health Center Team discovered a breach on May 7 that they initially described as an IT or tech incident. They have now made it clearer that this was a cyberattack. In a statement on their website on May 23, they write: Aloha Patient… Continue reading Mālama I Ke Ola Health Center cyberattack affecting services→

Negotiating with health care hackers

Posted on May 21, 2024 by Dissent Doe PHD

Ben Leonard and Chelsea Cirruzzo of Politico report: YOU’VE BEEN HACKED. NOW WHAT? Health care companies are retaining help — often from Silicon Valley — to manage ransomware attacks. The debilitating breaches at Change Healthcare, owned by UnitedHealt… Continue reading Negotiating with health care hackers→

Mosaic Mental Health notifies patients of breach

Posted on May 20, 2024 by Dissent Doe PHD

On September 25, 2023, Riverdale Mental Health d/b/a Mosaic Mental Health (“MOSAIC”) notified HHS of an incident that affected 7,281 patients. The incident was coded as a “hacking/IT incident” involving their network, but no fur… Continue reading Mosaic Mental Health notifies patients of breach→