Security and Windows TCO
Windows TCO
-
Computing UK ☛ Breach linked to third-party vendor
Okta, a leading identity services provider, has issued breach notifications to nearly 5,000 current and former employees following a security incident involving one of its third-party vendors.
-
PCLinuxOS Magazine ☛ ICYMI: Malicious Ads Injected Into [Buzzword-marketed] Bing Chat
Malicious advertisements are now being injected into Microsoft's [Buzzword-marketed] Bing Chat responses, promoting fake download sites that distribute malware, according to an article on BleepingComputers. Bing Chat, powered by OpenAI's GPT-4 engine, was introduced by Microsoft in February 2023 to challenge Google's dominance in the search industry. By offering users an interactive chat-based experience instead of the traditional search query and result format, Bing Chat aimed to make online searches more intuitive and user-friendly. In March, Microsoft began injecting ads into Bing Chat conversations to generate revenue from this new platform. However, incorporating ads into Bing Chat has opened the door to threat actors, who increasingly take out search advertisements to distribute malware. Furthermore, conversing with AI-powered chat tools can instill unwarranted trust, potentially convincing users to click on ads, which isn't the case when skimming through impersonal search results.
-
Windows TCO
-
Bleeping Computer ☛ New Microsoft Exchange zero-days allow RCE, data theft attacks
-
Data Breaches ☛ Update: Sensitive patient data leaked from TransForm ransomware incident; hospitals and centers affected
As predicted, Daixin has leaked the third part of the data they exfiltrated from TransForm and Canadian healthcare entities. DataBreaches reported the first leak when Daixin publicly claimed responsibility for the attack. The second leak followed two days later, and less than one day later, the third tranche dropped.
As with the first two leaks, this latest leak also contains numerous files with internal information and some personnel information, but it also contains a great deal of sensitive patient information and IT-related information.
While no major databases have been leaked (yet), DataBreaches came across a database with discharge data on patients from 2015. There were almost 800 entries for patients where the fields consisted of the patient’s name, date of birth, age, date of admission, date of discharge, their diagnosis, a field labeled CMG, their appointment at TDFHT (Tillsbury District Family Health Team), their discharge status, whether the patient was readmitted in 30 days, the name of the primary care provider, and a field for comments. Yet another spreadsheet contained the same structure, but included 340 rows of data for patients discharged in 2013 and 652 rows for patients discharged in 2014. Not all of these represent unique patients because some patients appear to have been admitted and discharged in more than one calendar year. DataBreaches did a quick search to try to determine if these were real patient data by conducting a google search for named patients whose records had been marked as “deceased” in the spreadsheets. DataBreaches was able to find obituaries for those patients whose names, ages, and Ontario location corresponded to the information in the spreadsheets.
-
CBC ☛ 2023-10-31 [Older] Patient, employee data taken in ransomware attack of 5 Ontario hospitals could be exposed
-