Tag Archive for: Action

No federal privacy law? After the 23andMe hack, it’s time to take action

/in


This is a guest post by Kate Krauss, a digital rights advocate based in Philadelphia.

On Oct. 6, 23andMe announced the loss of customer data to hackers who targeted Ashkenazi Jews. The data of as many as a million people was reportedly stolen and is currently being sold anonymously on the Internet. The hack exploited customers who reused passwords and the platform’s feature called “DNA Relatives,” linking one person to another.

We won’t easily forget this awful hack — but every year, tens of millions of Americans become victims of information leaks, so many that they have begun to blur together. Microsoft, for one, has been hacked at least 10 times since 2018.

Victims range from ordinary people, like those in the 23andMe hack, to the most politically sensitive: the State Department’s China diplomats; the Secretary of Commerce. Hackers access people’s email and steal their social security numbers or their home addresses, and in one case, in-depth psychological profiles needed for top security clearances.

If we use the frog-in-hot-water analogy for Americans and their information privacy, this frog is dead.

Weak laws let companies get away with weak security.

Current US privacy laws are so ineffective that Europeans are afraid to send their data here lest it be hacked, leaked, or surveilled. This fear was the basis of the tensely negotiated “Data Privacy Framework” between the EU and the US over whether and how to allow the personal data of European citizens to be sent to this country.

Without the risk of a giant fine or, say, jail time, many tech giants can and do get away with managing their data security badly. They fail to update security keys, encrypt users’ credit card numbers or enforce multi-factor authentication.

Weak laws let companies get away with weak security. For instance, 23andMe didn’t require users to use two-factor authentication or warn users about the dangers of enabling “DNA Relatives.” If they have to pay a small fine — small to them — that’s the cost of doing business.

In 2019, the year that the Cambridge Analytica scandal caught up with Facebook, the company paid $5 billion to the FTC for illegally sharing…

Source…

VMware’s ESXi security issues spur new ransomware gang into action

/in


The popularity of ESXi combined with a lack of security tools makes it an “attractive target” for threat actors

Pro

Image: GEtty via Dennis

Security experts have issued a warning over a new ransomware-as-a-service (RaaS) gang that has been observed targeting VMware ESXi servers.

Researchers at CrowdStrike said the new group, dubbed ‘MichaelKors’, was first identified operating in the wild in April this year.

The group was observed providing affiliate groups with ransomware binaries specifically targeting Windows and ESXi/Linux systems.

 
advertisement


 

The discovery comes amid a period of rising concern over threat actors increasingly targeting ESXi interfaces due to a pervasive lack of security tools, researchers said.

“More and more threat actors are recognising that the lack of security tools, lack of adequate network segmentation of ESXi interfaces, and in-the-wild vulnerabilities for ESXi create a target-rich environment,” they said.

CrowdStrike said it has “increasingly observed big game hunting threat actors” deploying Linux versions of ransomware tools to target VMware’s ESXi vSphere hypervisors.

This trend escalated significantly in the first quarter of 2023, the company added.

“RaaS platforms including ALPHV, LockBit and Defray – tracked by CrowdStrike Intelligence as Alpha Spider, Bitwise Spider and Sprite Spider – have been leveraged to target ESXi,” researchers at the firm said.

ESXi vulnerabilities

According to CrowdStrike, the emergence of an aggressive new RaaS group could pose significant risks for organizstions leveraging VMware’s hypervisor.

ESXi by design, researchers said, “does not…

Source…

Class action suit filed against LVHN over ransomware hack

/in


A Philadelphia law firm has filed a class action suit against Lehigh Valley Health Network alleging the hospital has prioritized money over patient privacy after photos of cancer patients were posted on the internet in a ransomware hack.

The suit filed by Saltz Mongeluzzi & Bendesky focuses on photos that were published by hackers with the ransomware collective BlackCat over the last couple of weeks of cancer patients who received treatment through the network. The suit does not name a financial amount being sought for damages, instead requesting that the amount be determined by trial or the court.

The hackers acquired the photos through a ransomware attack on a physician’s practice owned by LVHN. The attack occurred in February and caused a leak of 132 gigabytes of patient data and photos. LVHN leaders have stated they refuse to pay the ransom, a tactic often touted by law enforcement and some cybersecurity experts, but in response, the hackers posted some of the photos online and have threatened to release more sensitive information if their demands are not met.

The suit filing states not only was the leak of these photos regrettable but that LVHN engaged in the “knowing, reckless, and willful, decision to let the hackers post the nude images” of Doe and others to the internet. And it accuses LVHN of “publicly patting itself on the back for standing up to the hackers” but “consciously and intentionally ignoring the real victims.”

Source…

Why We Need to Take Action Now

/in


As technology continues to advance at a rapid pace, so do the methods used by hackers to exploit vulnerabilities in computer systems and networks.

Hacking has become an increasingly sophisticated threat to the security of individuals and organizations alike. In this article, we will explore why hacking will be a major threat in the future and what steps can be taken to mitigate the risks.

Why Hacking Will Be a Major Threat in the Future?

Hacking

As the world becomes more connected through the internet of things (IoT), the number of devices and systems vulnerable to hacking increases. From smart homes to self-driving cars, every connected device represents a potential target for hackers.  In recent years, cyber warfare has become a significant concern for governments and military organizations. Nation-states and other actors use hacking as a means of espionage, sabotage, and warfare. With the increasing reliance on technology in modern warfare, the potential consequences of a cyber attack are severe.

One of the primary motivations for hackers is financial gain. Cybercriminals target financial institutions, businesses, and individuals to steal sensitive information and money. As technology continues to evolve, so do the methods used by hackers to exploit vulnerabilities in computer systems and networks. Many individuals and organizations do not take cybersecurity seriously. They fail to implement basic security measures such as strong passwords, encryption, and regular updates. This lack of awareness makes them easy targets for hackers.

What Can You Do To Mitigate the Risks?

hacking x

Increase Cybersecurity Awareness

The first step in mitigating the risks of hacking is to increase cybersecurity awareness. Individuals and organizations must understand the importance of strong passwords, encryption, regular updates, and other basic security measures. This includes training employees on cybersecurity best practices and establishing clear policies and procedures.

Implement Multi-Factor Authentication

Multi-factor authentication provides an additional layer of security by requiring users to provide a second form of authentication in addition to a password, such as a code sent to their mobile…

Source…