Tag: Exposing | SpinSafe

Microsoft hack exposing government emails could have accessed other types of files: researchers

July 22, 2023/in Computer Security

The suspected Chinese-backed hack of U.S. government emails on Microsoft servers could be more damaging than previously thought, cybersecurity researchers said.

Microsoft announced this month that Chinese-backed hackers had accessed the email accounts of multiple government employees, putting information at risk. The U.S. government said that no classified information was disclosed in the cyberattack.

However, researchers at the cloud security firm Wiz claim that the method the hackers used to access emails — forged encryption keys — may also be used to access Microsoft Teams information, OneDrive files and other apps that have Microsoft logins.

“Identity provider’s signing keys are probably the most powerful secrets in the modern world,” Wiz Head of Research Shir Tamari said.

“With identity provider keys, one can gain immediate single hop access to everything, any email box, file service or cloud account.”

The researchers used internet archives to determine that the key used by the hackers was one of a small group of public keys used to verify logins, meaning that the hackers could effectively use the forged key to login to any account they wanted.

“The full impact of this incident is much larger than we initially understood it to be. We believe this event will have long lasting implications on our trust of the cloud and the core components that support it, above all, the identity layer which is the basic fabric of everything we do in cloud.” Tamari said.

“At this stage, it is hard to determine the full extent of the incident as there were millions of applications that were potentially vulnerable, both Microsoft apps and customer apps, and the majority of them lack the sufficient logs to determine if they were compromised or not,” he added.

The compromised public key has since been removed, meaning accounts are no longer vulnerable.

Microsoft downplayed the possibility of the attack going beyond emails.

“Many of the claims made in this blog…

Source…

Econsult suffers ransomware attack, exposing personal data

June 30, 2023/in Internet Security

Econsult Solutions, an economic analysis and consulting company whose clients include the City of Philadelphia, Pew Charitable Trusts, and other major institutions in the region, has reportedly suffered a data breach that exposed employees’ financial information to hackers.

According to internal messages shared with Billy Penn, the company’s data is being held for ransom.

Current Econsult employees appear to have received an email from management about an “IT incident” that exposed the company’s data, including some workers’ 2022 W-2, with their social security number included, per the email.

It’s currently unclear whether data generated through the company’s many partnerships — including with city and state government — has been exposed in the ransomware attack.

Wendy Gabriele, Econsult’s chief administrative officer and treasurer, said she couldn’t get into specifics due to the company’s ongoing investigation, but shared the following statement:

“Earlier this month, ESI discovered a cybersecurity incident that temporarily impacted some of our network systems. We launched an investigation and are working diligently with the assistance of external experts to identify the nature and scope of information that may have been involved.

ESI takes data security and the protection of all data in our possession very seriously. We are in the process of providing appropriate notice to all clients and potentially affected individuals as we learn additional information.”

The City of Philadelphia is one of Econsult’s clients and was advised of the breach, according to city spokesperson Sarah Peterson, who noted that the information used to generate reports for the city is all publicly available.

“Econsult notified the city on June 27, 2023, regarding potential exposure,” Peterson said. “Econsult plans to keep the city posted as progress continues to fully resolve this matter.”

Source…

Ransomware attacks on America’s health care systems more than doubled from 2016 to 2021, exposing the personal health information of millions

January 17, 2023/in Internet Security

The annual number of ransomware attacks on health care provider organizations more than doubled from 2016 to 2021, exposing the personal health information of nearly 42 million individuals. A new report from the University of Minnesota School of Public Health (SPH), published in the Journal of the American Medical Association (JAMA) Health Forum, shows that ransomware attacks on healthcare providers are not just increasing in frequency, they are also becoming more severe — exposing larger quantities of personal health information and affecting large organizations with multiple health care facilities.

To conduct the study, researchers created a database called the Tracking Healthcare Ransomware Events and Traits (THREAT), a unique tool that for the first time allows researchers to track the occurrence of ransomware attacks on health care provider organizations.

Ransomware is a type of malicious software that prevents users from accessing their electronic systems and demands a ransom to restore access. While some prominent ransomware attacks on health care delivery organizations have received media attention, there is currently no systematic documentation of the extent and effect of ransomware attacks on our health care system.

In the first-ever comprehensive analysis of ransomware attacks on U.S. health care providers, researchers documented that between 2016 and 2021:

374 instances of ransomware attacks on health care delivery organizations exposed the personal health information of nearly 42 million individuals.
Ransomware attacks more than doubled on an annual basis, from 43 to 91 per year.
The number of individuals whose personal health information was exposed increased from approximately 1.3 million in 2016 to more than 16.5 million in 2021.
Disruptions in care for patients as a result of ransomware incidents occurred in 166 — or 44% — of attacks.
Among health care delivery facilities, clinics were the most frequent targets of ransomware attacks, followed by hospitals, ambulatory surgical centers, mental/behavioral health facilities, dental practices and post-acute care organizations.

“As health care delivery organizations have…

Source…

Researchers find 3,000+ mobile apps exposing Twitter API keys

August 2, 2022/in Mobile Security

Cybersecurity researchers have discovered more than 3,000 mobile apps exposing Twitter Inc. application programming interface keys that can be used to gain access to or take over Twitter accounts.

Detailed today by security firm CloudSEK, 3,207 apps were found to be leaking valid Consumer Key and Consumer Secret keys. Some 230 apps, some of which are described as belonging to unicorn startups, were found to leak all four Twitter authentication credentials that could be used to take over Twitter accounts fully.

With full access, an attacker would gain the ability to perform actions such as reading direct messages, retweeting, liking, deleting and removing and adding followers, along with the ability to change account settings and the display picture on the account.

The researchers explain that the exposure of the API keys is typically the result of mistakes in which developers embed their authentication keys in the Twitter API but then forget to remove them when the mobile application is released.

By exposing the API keys, the risk of exploitation is genuine. A malicious actor who has access to the API keys can use them to create a “Twitter bot army” that could be used to spread false information or used in a phishing scam.

The researchers highlight a recent case where Twitter was exploited to promote a “fake suspension notices” phishing scam. In this case, verified Twitter accounts were used to lend credence to the scam.

The researchers concluded that it is imperative that API keys are not directly embedded in code and that developers should follow secure coding and deployment processes. Processes include implementing a standardized review procedure to ensure accurate versioning, hiding keys to increase security and rotating API keys to reduce the threat of leaked keys.

“There are only two ways to solve this problem,” David Stewart, chief executive officer of mobile app protection company Approov, told SiliconANGLE. “Either adopt a mobile security solution that enables you to store your API keys off the device and deliver them only when needed or require a second independent factor to be present alongside the API key to access backend data and resources –…

Source…

Tag Archive for: Exposing