Security and Windows TCO Leftovers
-
The Register UK ☛ Apple warns 'extremely sophisticated [sic] attack' targets iThings
The patches fix a flaw in USB Restricted Mode, a feature Apple introduced in 2018 and which disables the Lightning or USB ports on iPhones and iPads if they’re locked for more than hour. Apple locks the ports to prevent attacks that involve connecting a cable to the ports. Once a user authenticates and unlocks a device, the ports come back to life.
-
Macworld ☛ iOS 18.3.1 released to fix 'extremely sophisticated' security flaw
Apple just issued a small update to iOS and iPadOS, bringing the version up to 18.3.1. The only change appears to be this security fix for USB Restricted Mode.
-
Security Week ☛ Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ [sic] Attack
The security defect, tracked as CVE-2025-24200, allows attackers with physical access to a locked iPhone or iPad to disable USB Restricted Mode – a key protection mechanism – to access unpatched iPhones.
In a barebones advisory, Cupertino’s security response team confirmed the defect led to “an extremely sophisticated [sic] attack against specific targeted individuals.” The issue has been fixed in iOS 18.3.1 and iPadOS 18.3.1.
-
Security Week ☛ Orthanc Server Vulnerability Poses Risk to Medical Data, Healthcare Operations
The US cybersecurity agency CISA last week published an ICS medical advisory to inform organizations about CVE-2025-0896, a critical authentication issue discovered in Orthanc, an open source and lightweight DICOM server for medical imaging. The product is used worldwide in the healthcare and public health sector.
CISA revealed that Orthanc server versions prior to 1.5.8 can allow a remote attacker to gain access to the system because basic authentication is not active by default when remote access is enabled.
-
Windows TCO / Windows Bot Nets
-
Tech Central (South Africa) ☛ Why it's time to take cybersecurity compliance seriously
Compliance with cybersecurity standards such as CIS Critical Security Controls and NIST frameworks is essential for mitigating risk and protecting valuable assets. However, compliance should not be viewed as a one-time exercise – ongoing self-assessment and monitoring allow entities to stay ahead of emerging threats and evolving regulations.
When companies rely solely on external audits or react to incidents after they occur, they miss critical opportunities to strengthen their security posture. Proactive self-monitoring sees that vulnerabilities are identified and addressed at once, limiting the likelihood of breaches and the hefty penalties that follow.
-
The Register UK ☛ All your 8Base are belong to us as ransomware crew busted
The 8Base ransomware group has been active since 2022. Bavarian police seized the gang's dark web portal, as spotted by a security researcher on Monday. Both Europol and the UK's National Crime Agency (NCA) have confirmed to The Register that they have been involved in the police action.
-
Scoop News Group ☛ Thai authorities detain four Europeans in ransomware crackdown
Additionally, the data leak site domain used by the 8Base group had a seizure notice posted Monday, bearing the insignia of several law enforcement agencies, including the FBI and the DoD Cyber Crime Center.
In the cybercrime underground, 8Base positioned itself as a data-extortion operation rather than a traditional ransomware entity, gaining notoriety due to the vast number of victims displayed on their data leak site. The group was extremely active in 2023 to the point that the group combined with two other notorious RaaS gangs — Cl0p and LockBit — to account for 48% of all cyberattacks recorded in July of that year.
-
The Register UK ☛ 'Cyber event' delaying US newspaper prints enters 2nd week
Lee Enterprises, a publicly traded media company, publishes more than 70 daily newspapers and nearly 350 weekly and special-interest publications across 25 states.
Many of its daily newspapers have reported varying degrees of disruption. Some, like Virginia's Daily Progress, were unable to produce print or e-edition journalism as of February 3, the day the attack took hold. By February 7, however, its editors regained access to production tools.
-
Security Week ☛ Information of 120,000 Stolen in Ransomware Attack on Georgia Hospital
Memorial Hospital and Manor is notifying 120,000 individuals that their personal information was stolen in a November 2024 ransomware attack.
The small rural hospital in Bainbridge, Georgia, disclosed the ransomware attack in early November, announcing that its systems were down and that staff had to revert to pen and paper to record patient information.
-
Security Week ☛ HPE Says Personal Information Stolen in 2023 Russian Hack
The incident was disclosed a year ago, when HPE notified the US Securities and Exchange Commission that the state-sponsored hacking group known as Midnight Blizzard compromised its cloud-based email environment and accessed a small percentage of mailboxes.
Also known as APT29, Cozy Bear, the Dukes, and Yttrium, and believed to be backed by the Russian government, Midnight Blizzard is known for various high-profile intrusions, including attacks targeting Microsoft systems and TeamViewer.
-
-
Confidentiality
-
Almost one year later, NorthBay Health notifies 569,012 people of breach of sensitive information
While some states are decreasing the amount of time entities have to notify the state or individuals of a breach, the reality is that many entities are nowhere near complying with even more lenient deadlines.
HIPAA, for example, allows entities no more than 60 calendar days from discovery of a breach (the first day they knew they had a breach or with reasonable diligence, would have known). Yet some entities take almost a year or more to notify individuals.
-
Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack
In December, DataBreaches reported that the Indiana Attorney General’s Office had brought charges against Westend Dental for a number of HIPAA violations. The state had started investigating the dental practice after a patient complained about them not providing a copy of their records in response to a request. In looking into that complaint, the state discovered evidence of a ransomware attack that had never been disclosed honestly to the state, nor timely. When questioned about the 2020 ransomware attack involving Medusa Locker, the dental practice repeatedly denied that their had been a ransomware attack. And they kept denying it until a witness admitted during a sworn statement in January 2023 that a ransomware incident had occurred.
A consent order, which had not yet been approved by the court at the time of that reporting, called for Westend Dental to pay $350,000 as a monetary penalty, to notify everyone affected, and to comply with HIPAA, the Indiana Disclosure of Security Breach Act (DSBA), and other requirements. Read more about the state’s case and the terms of the consent order.
-
-
Integrity/Availability/Authenticity
-
The Verge ☛ [Cracker] pleads guilty of taking over SEC’s X account to post fake Bitcoin news
The 25-year-old Alabama resident had used a SIM-swapping attack to move a phone number associated with the @SEC account to the SIM card in an iPhone he had purchased. After others obtained the personal information of a person with access to the account, Council printed off a fake ID and used it to get AT&T to give him control of their number so that he could have the account’s recovery codes sent to his own phone. The co-conspirators paid Council in Bitcoin for his role in the scheme.
-
Unmitigated Risk ☛ The Account Recovery Problem and How Government Standards Might Actually Fix It
Account recovery is where authentication systems go to die. We build sophisticated authentication using FIDO2, WebAuthn, and passkeys, then use “click this email link to reset” when something goes wrong. Or if we are an enterprise, we spend millions staffing help desks to verify identity through caller ID and security questions that barely worked in 2005.
This contradiction runs deep in digital identity. Organizations that require hardware tokens and biometrics for login will happily reset accounts based on a hope and a prayer. These companies that spend fortunes on authentication will rely on “mother’s maiden name” or a text message of a “magic number” for recovery. Increasingly we’ve got bank-vault front doors with screen-door back entrances.
-