Windows TCO Leftovers
-
Pen Test Partners ☛ Bypassing MFA on Abusive Monopolist Microsoft Microsoft trap Azure Entra ID
TL;DR Even though MFA is effective it is one security control amongst many
-
The Record ☛ UnitedHealth CEO confirms company paid $22 million ransom in heated Senate hearing
Witty confirmed previous reporting for the first time that the company paid a $22 million ransom to the BlackCat/AlphV ransomware gang.
Witty blamed the attack on a server within Change Healthcare’s systems that did not have multifactor authentication enabled and more broadly explained that the company — which UnitedHealth controversially acquired about two years ago — was still undergoing a technology revamp that was moving slower than expected.
-
Cyble Inc ☛ UAE Attack: Hacker Claims Data Breach Of Several Agencies
The victims in the alleged UAE attack include major UAE government bodies such as the Telecommunications and Digital Government Regulatory Authority, the Federal Authority for Nuclear Regulation, and the Executive Council of Dubai, along with key government initiatives such as Sharik.ae and WorkinUAE.ae. Various ministries are also affected, including the UAE Ministry of Health and Prevention, Ministry of Finance, and the UAE Space Agency.
-
The Register UK ☛ Microsoft admits VPN problems in Windows after April update
The security update was released on April 9, and Microsoft admitted that VPNs might malfunction for some users late on April 30. The company did not elaborate on the cause of the issue, stating only that "Windows devices might face VPN connection failures after installing the April 2024 security update or the April 2024 non-security preview update" and it was "working on a resolution."
The update has not been the smoothest experience for some users. Another known issue in KB5036893 is a problem with changing an account profile picture, which might result in error code 0x80070520. Microsoft said it was working to fix it, but the issue is still present in KB5036980, released on April 23.
-
Tom's Hardware ☛ Microsoft confirms recent Windows security update breaks VPNs, no fix yet
Microsoft describes the issue as "Windows devices might face VPN connection failures" on the new updates — the wording makes it unclear whether the bug effects all users or only some. Microsoft has not given any updates on when the bug will be fixed or what the reason for it is, but we can rest assured it will solve the problem "in an upcoming release." The bug affects security updates extended to Windows 10 and 11 releases and various Windows Server releases, as seen below:
-
Kansas Reflector ☛ UnitedHealth CEO savaged for failings in massive cyberattack that’s crippled health care
A Russia-linked cybercrime organization dubbed “BlackCat” infiltrated a vulnerable server in February belonging to Change Healthcare, a subsidiary of the massive Minnesota-based UnitedHealth. The [attackers] demanded ransom for stolen data.
-
Security Week ☛ UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike
According to Witty, a ransom was indeed paid, in an effort to “protect peoples’ personal health information”. However, after BlackCat pulled an exit scam, the hackers extorted UnitedHealth Group a second time, and it remains to be seen whether the healthcare giant paid out both times.
Witty’s testimony confirms once again that both personally identifiable information (PII) and protected health information (PHI) was compromised in the attack. The full extent of the data breach has yet to be determined, but the stolen information “could cover a substantial proportion of people in America”.
-
US News And World Report ☛ UnitedHealth Hackers Used Stolen Login Credentials to Break In, CEO Says
On the morning of Feb. 21, the cybercriminal gang AlphV, aka BlackCat, locked up Change Healthcare's systems and demanded a ransom to unlock them, Witty will tell the House panel, according to a copy of his written testimony posted to the panel's website on Monday.
"Not knowing the entry point of the attack at the time, we immediately severed connectivity with Change’s data centers to eliminate the potential for further infection," the testimony says.
-
Tech Central (South Africa) ☛ How much South African firms pay ransomware gangs
Cybercriminals are enjoying unprecedented successes in their attacks. Sophos data shows that the global average for ransom payments has increased fivefold, from $400 000 in 2022 to $2-million in 2023.
Among South African companies surveyed, 69% reported having experienced a ransomware attack, with 43% eventually paying the ransom to have their data decrypted.