Security Leftovers

posted by Roy Schestowitz on Aug 05, 2023,
updated Aug 05, 2023

• Teach a Man to Phish and He’s Set for Life

  One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents.

• Reproducible Builds: Reproducible Builds in July 2023

  Welcome to the July 2023 report from the Reproducible Builds project. In our reports, we try to outline the most important things that we have been up to over the past month. As ever, if you are interested in contributing to the project, please visit the Contribute page on our website.

• Windows TCO

  • Ransomware Attacks on Hospitals Have Changed

    Hospitals may feel powerless to stop [successful] cyberattacks and their motivations, but that is far from the case. Hospitals can improve their cyber defense and resilience by appreciating the new foes and risk levels they face, updating cybersecurity and enterprise risk management practices to correlate to the elevated threat level, and communicating the nature and seriousness of ransomware threats to staff, business partners, public policy organizations, law enforcement agencies and legislators.

  • [NATO]’s cybersecurity chief: “We’re always on the back foot in cyber defence”

    [NATO] deployed its first serious cybersecurity defences in 2004. “We quickly realised that we’re always on the back foot,” West said. Nato, like other organisations, mostly relies on commercially available software and applications – all of which have vulnerabilities. “We’re constantly evolving our defences trying to keep up with the evolving threats.”

  • The 5×5—Cyber conflict in international relations: A policymaker’s perspective

    In last month’s edition of the 5×5, we featured a group of leading scholars to share their views on cyber conflict in international relations. Contributors discussed the important interplay between the scholarly community and the policymaking sphere, as scholarly debate over cyber conflict’s place in international relations has driven seminal government strategies. For instance, key underpinnings of US Cyber Command’s 2018 decision to shift its strategy away from a deterrence-based approach and toward the concepts of Defend Forward and Persistent Engagement—which has improved effectiveness since—can be traced back to a series of scholarly articles embodied in a recent book by Michael Fischerkeller, Emily Goldman (featured below), and Richard Harknett (featured in last month’s 5×5).

    This time around, we brought together a group of distinguished individuals with past and present cyber policy experience across a range of government organizations to share their perspective on the topic. They address cyber conflict’s fundamental place in international relations, some of their recommended readings for aspiring policymakers, disconnects between scholars and policymakers, and ideas for how both communities can more effectively engage one another.

  • [Repeat] Tenable chief says no way to verify Microsoft claims about fixing Azure flaw

    Microsoft claims it has completely fixed a critical security issue in its Azure cloud platform, found in March by researchers from security firm Tenable, who then told Microsoft about it. Tenable chief executive and chairman Amit Yoran had claimed in a blog post on Wednesday that it took more than 90 days for Microsoft to effect a partial fix.

    [...]

    "When we find vulns in other products, vendors usually inform us of the fix so we can validate it effectively. With Microsoft Azure that doesn't happen, so it's a black box, which is also part of the problem. The 'just trust us' lacks credibility when you have the current track record."

  • Cyberattack causes multiple hospitals to shut emergency rooms and divert ambulances

    The ransomware attack happened at Prospect Medical Holdings of Los Angeles, which has hospitals and clinics in Connecticut, Pennsylvania, Rhode Island and Texas. Prospect Medical is investigating how the breach happened and is working on resolving the issue, the company said in a statement Friday.

  • A cyberattack has disrupted hospitals and health care in several states

    A cyberattack has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted, and many primary care services remained closed on Friday as security experts worked to determine the extent of the problem and resolve it.

    The “data security incident” began Thursday at facilities operated by Prospect Medical Holdings, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island and Pennsylvania.

  • A Cyberattack Has Disrupted Hospitals and Health Care in Five States

    A [computer breach] has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted.

  • A [computer breach] has disrupted hospitals and health care in several states

    Hospitals and clinics in several states on Friday began the time-consuming process of recovering from a [breach] that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted.

    Many primary care services at facilities run by Prospect Medical Holdings remained closed on Friday as security experts worked to determine the extent of the problem and resolve it.

  • A [computer breach] has disrupted hospitals and health care in five states, including Connecticut

    The “data security incident” began Thursday at facilities operated by Prospect Medical Holdings, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island and Pennsylvania.

    “We have a national Prospect team working and evaluating the impact of the attack on all of the organizations,” Jillian Menzel, chief operating officer for the Eastern Connecticut Health Network, said in a statement.

  • Cyberattack on Prospect Medical Holdings: Hospitals, health care disrupted in 5 states

    Elective surgeries, outpatient appointments, blood drives and other services were suspended, and while the emergency departments reopened late Thursday, many primary care services were closed on Friday, according to the Eastern Connecticut Health Network, which runs the facilities. Patients were being contacted individually, according to the network’s website.

    Similar disruptions also were reported at other facilities systemwide.

  • Hospital computer systems in multiple states hit by cyberattack

    The attack began at facilities operated by Prospect Medical Holdings. The company’s facilities in California, Texas, Connecticut, Rhode Island and Pennsylvania were affected by the [computer breach].