Security Leftovers

posted by Roy Schestowitz on Apr 15, 2024

• Open Source Security (Audio Show) ☛ Episode 424 – The Notepad++ Parasite Website

  Josh and Kurt talk about a Notepad++ fake website. It’s possibly not illegal, but it’s certainly ethically wrong. We also end up discussing why it seems like all these weird and wild things keep happening.

• Omni Hotels & Resorts attack claimed by Daixin Team; 3.5 million guests’ data stolen (2)

  As many people suspected, Omni Hotels & Resorts was the target of a ransomware attack in March.

  Omni first described the incident as a chain-wide “outage” due to IT issues. By April 1, guests were losing patience with the “outage.” Bleeping Computer noted guests complaining online claiming that they had to send text messages to the front desk requesting to be let into their rooms, and it might take 30 minutes for someone to show up. Others complained on social media that they were spending hours or days trying to reach someone to make or change reservations.

• The Record ☛ ‘Large-scale cyberattack’ hits five French municipalities, impact may last ‘months’

  Five municipalities near the river Loire on the west coast of France have been hit by a “large-scale cyberattack” on their shared computer servers, leaving staff without the ability to access documents or get on with their work.

  Services are currently down across Saint-Nazaire, Montoir-de-Bretagne, Donges, La Chapelle-des-marais and Pornichet, according to a statement on the Saint-Nazaire website. Clustered around a seaport, they have a combined population of around 100,000.

  Officials have warned local media that recovery may take months. Crisis meetings are being chaired by the mayor of Saint-Nazaire and are currently being held twice a day, at 11 a.m. and 5 p.m. France’s cybersecurity agency ANSSI is providing support.

• Star Tribune ☛ Minneapolis therapy clinic sues over cyberattack at UnitedHealth subsidiary

  Twin Cities Counseling says it hasn’t been able to submit payment claims for more than 100 appointments — resulting in thousands of dollars in missing reimbursements — since UnitedHealth Group took down the claims processing system at its Change Healthcare division to contain the IT threat.

  Because of the billing mess, Twin Cities Counseling couldn’t cover its payroll in March, the lawsuit says. Additionally, recently hired therapy providers at the clinic haven’t been able to transition their patients to the practice.

  The complaint, which was filed Wednesday as a class action lawsuit in the U.S. District Court for Minnesota, says the Change Healthcare outage has meant that many health care providers across the country have lost their primary, and in some cases their only, system for obtaining payments from health insurers.

  “Twin Cities Counseling LLC can no longer verify prospective clients’ insurance benefits,” states the lawsuit, which only names Change Healthcare as a defendant. “Without access to the Change platform, plaintiff has no way of knowing if a referrals’s insurance is active, what the plan’s copayment and deductible amounts are, or even whether the clinic’s providers are in network for the plan.

• The Record ☛ Prominent US senator sees new momentum for healthcare cybersecurity push

  Warner’s legislation, the Health Care Cybersecurity Improvement Act, would require healthcare providers experiencing cash-flow problems due to a cyberattack to meet “minimum cybersecurity standards” before receiving emergency funds from the Centers for Medicare and Medicaid Services (CMS). If the cyberattack targeted one of the provider’s vendors, that vendor would also need to meet the minimum standards before the provider could receive funding.

  The bill leaves it up to the HHS secretary to determine what constitutes minimum cyber standards. HHS recently published health-specific Cybersecurity Performance Goals based on broader guidance from the Cybersecurity and Infrastructure Security Agency (CISA).

• Bitcoin ☛ Former Security Engineer Sentenced to Three Years for Hacking Two Decentralized Exchanges

  Shakeeb Ahmed, a former security engineer accused of hacking two decentralized cryptocurrency exchanges, has been sentenced to three years in prison by U.S. District Judge Victor Marrero. Ahmed has also been ordered to forfeit approximately $12.3 million and a significant quantity of cryptocurrency.

  According to a statement from the U.S. Attorney’s Office, Ahmed must pay more than $5 million in restitution to Nirvana and the unnamed decentralized exchanges (dex). The judge also sentenced Ahmed, 34, to three years of supervised release.

• Instructionals/Technical

  • SEToolkit: Master the Social-Engineer Toolkit Command Line

    SEToolkit, or the Social-Engineer Toolkit, is an open-source software suite specifically designed for simulating social engineering attacks, such as phishing, spear phishing, credential harvesting, and more.

  • SEToolkit Command-Line Cheat Sheet

    This cheat sheet is designed to briefly reference some of the most commonly used SEToolkit commands, along with a brief description and practical examples to illustrate their use.

  • aSYNcrone: The Ultimate Guide to Using the SYN Flood DDoS Tool

    aSYNcrone is a specialized command-line tool designed to execute SYN flood attacks, such as a Distributed Denial of Service (DDoS) attack.

  • Mastering Netwag: The Ultimate Guide to Using the Netwag GUI

    Netwag is a versatile graphical interface for network protocol analysis and configuration designed to simplify the complexities of network troubleshooting and security assessments.

  • Mastering Hping3: The Ultimate Command-Line Guide for Network Testing

    Hping3 is a powerful network tool that analyses, tests, and diagnoses network interfaces, servers, and firewalls.