Security Leftovers
-
Press Release - August 9, 2023 - Governor Hochul Announces Nation-Leading Cybersecurity Strategy | Department of Financial Services [Ed: After watering-down Right to Repair to make it toothless?]
Governor Kathy Hochul today announced New York’s first-ever statewide cybersecurity strategy aimed at protecting the State’s digital infrastructure from today’s cyber threats. The Strategy articulates, for the first-time, a set of high-level objectives for cybersecurity and resilience across New York. It clarifies agency roles and responsibilities, outlines how existing and planned initiatives and investments knit together into a unified approach, and reiterates the State's commitment to providing services, advice, and assistance to county and local governments. New York State’s cybersecurity strategy provides public and private stakeholders with a roadmap for cyber risk mitigation and outlines a plan to protect critical infrastructure, networks, data, and technology systems.
-
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability [Ed: Even a fully patched Microsoft Exchange Server is not secure; Microsoft can intentionally seat for 3 months on unpatched holes while fully aware those are being exploited, as happened before]
You have have read about the hack of the Electoral Commission recently. In this piece we take a look at what happened, show they were running Microsoft Exchange Server with Outlook Web App (OWA) facing the internet, and the unpatched vulnerability that presented.
The Electoral Commission ran Microsoft Exchange Server on IP 167.98.206.41 (found by TechCrunch) — this was online until later in 2022, at which point it dropped offline. According to the Electoral Commission’s advisory, they became aware of the incident in October 2022.
-
US cyber body to review cloud computing safety, Microsoft breach
A U.S. cyber safety body will review issues relating to cloud-based identity and authentication infrastructure that will include an assessment of a recent Microsoft (MSFT.O) breach that led to the theft of emails from U.S. government agencies, the Department of Homeland Security (DHS) said on Friday.
The review by the Cyber Safety Review Board will look at the malicious targeting of cloud computing environments, the DHS said in a statement.
-
How the FBI goes after DDoS cyberattackers
In 2016, hackers using a network of compromised internet-connected devices — vulnerable security cameras and routers — knocked some of the then biggest websites on the internet offline for several hours. Twitter, Reddit, GitHub and Spotify all went down intermittently that day, victims of what was at the time one of the largest distributed denial-of-service attacks in history.
-
EvilProxy Cyberattack Flood Targets Execs via Microsoft 365
Attackers have unleashed an EvilProxy phishing campaign to target thousands of Microsoft 365 user accounts worldwide, sending a flood of 120,000 phishing emails to more than 100 organizations across the globe in the three-month period between March and June alone. The goal? To take over C-suite and other executive accounts, in order to mount further attacks deeper within the enterprise.
-
Cummins Behavioral Health Systems discovers cyberattack when it finds ransom note [Ed: A "victim of a cyberattack" means target of yet another Microsoft breach]
Sometime between Feb. 2 and March 9 of this year, Cummins Behavioral Health Systems (CBHS) in Indiana became a victim of a cyberattack.
CBHS is a private not-for-profit organization providing behavioral health services in Boone, Hendricks, Marion, Montgomery, Putnam, and surrounding counties in Central and West Central Indiana. It provides care to persons of all ages in a variety of office and community-based settings, including school-based services for students with mental health issues.
CBHS discovered the incident when they found a ransom note in their environment on March 9. There was no encryption of data. CBHS does not name the attackers or say whether they paid the demanded ransom, but there’s no language about getting any assurances about deletion of data, so they probably didn’t pay.
-
One year later, Tift Regional Medical Center notifies patients of Hive attack
In September 2022, DataBreaches broke the story of how Hive had attacked Tift Regional Medical Center in Georgia between July and August. The attack did not involve encryption of systems but Hive claimed to have exfiltrated about 1 TB of data, including files with protected health information.
On October 14, Tift notified HHS of an incident. They used 500 as the number affected, which suggested that at that point, they had not yet determined exactly how many patients had been affected.