Tag Archive for: LAUNCHES

HHS launches probe into UnitedHealth over ransomware attack on subsidiary

/in


The Department of Health and Human services is probing Change Healthcare parent company UnitedHealth amid several weeks of prescription routing backlogs and clinical disruptions that resulted from a crippling ransomware attack late last month, the agency announced Wednesday.

The probe will specifically examine UnitedHealth’s compliance with the Health Insurance Portability and Accountability Act, or HIPPA, that is meant to enforce safeguards for patients’ healthcare data.

The HHS Office of Civil Rights said that it’s in “the best interest of patients and health care providers” to examine the healthcare giant, which provides health insurance services for millions of Americans and participating employers.

“Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted,” UnitedHealth said in a press statement, which adds the company is “working with law enforcement to investigate the extent of impacted data.”

White House officials on Tuesday met with healthcare policy participants and agency heads to discuss the incident, which included UnitedHealth CEO Andrew Witty. 

The cyberattack, claimed by the ALPHV/Blackcat ransomware gang, has roiled Change Healthcare, one of the largest healthcare payment systems in the U.S. The incident has delayed prescription fillings and has led to cash crunches at clinics and other facilities. The disruptions are causing some providers to lose upwards of $1 billion per day in revenues.

Change Healthcare reportedly made a $22 ransom payment to the hackers. Soon after, the cybercrime collective appeared to stage a fake takedown of their site. Analysts expect the group to reemerge under a new name.

Officials this past week rolled out emergency financing plans that would accelerate payments to certain providers and suppliers experiencing shortfalls in funding.

The cyberattack is arguably the most consequential cyberthreat facing a major U.S. healthcare service in recent memory, with some lawmakers including Senate Intelligence Committee Chair Mark Warner, D-Va., ready to introduce legislation to provide for accelerated and advanced payments to providers and vendors affected by future…

Source…

NCSC launches Cyber Incident Exercising scheme – NCSC.GOV.UK – National Cyber Security Centre

/in



NCSC launches Cyber Incident Exercising scheme – NCSC.GOV.UK  National Cyber Security Centre

Source…

Chinese APT group ToddyCat launches new cyber-espionage campaigns

/in


Researchers warn of renewed attacks against high-profile organizations launched by a Chinese APT actor known in the industry as ToddyCat. The group has been refining its tactics as well as malware toolset since 2020 when it was originally discovered.

In a new report this week, researchers from security firm Check Point Software Technologies documented a ToddyCat campaign they dubbed “Stayin’ Alive” that targeted organizations from Asian countries primarily from the telecom and government sectors.

“The Stayin’ Alive campaign consists of mostly downloaders and loaders, some of which are used as an initial infection vector against high-profile Asian organizations,” the Check Point researchers said. “The first downloader found called CurKeep, targeted Vietnam, Uzbekistan, and Kazakhstan. As we conducted our analysis, we realized that this campaign is part of a much wider campaign targeting the region.”

In a separate report this week, researchers from Kaspersky Lab also documented a new generation of malware loaders used by ToddyCat in recent attacks, including some that seem to be tailored for each victim. The Kaspersky researchers originally uncovered ToddyCat activities in late 2020 after the group targeted high-profile Asian and European organizations.

DLL side-loading a favored ToddyCat technique

One of ToddyCat’s favorite techniques of deploying malware on computers is through a technique called DLL side-loading. This involves finding a legitimate executable from an application that searches for a particular DLL file in the same directory and then replacing that DLL with a malicious one.

Because the originally executed file belongs to a legitimate application or service, it’s likely to be digitally signed and whitelisted in some security products. The attackers hope that the subsequent loading of a malicious DLL by a legitimate executable won’t be detected or blocked.

In the past ToddyCat exploited vulnerabilities in publicly exposed Microsoft Exchange servers, but it also delivers malware through spear-phishing emails that have malicious archives attached. These archives contain the legitimate executables together with the rogue…

Source…

CSA launches Cybersecurity Industry Call for Innovation 2023 with Challenge Statements by Three End-Users

/in


More than 50 Proposals Received for CyberCall 2022, Four Proposals Selected

The Cyber Security Agency of Singapore (CSA), together with National University of Singapore (NUS) Enterprise, launched the Cybersecurity Industry Call for Innovation 2023 (CyberCall 2023) today. The launch was announced by Mrs Josephine Teo, Minister for Communications and Information and Minister-in-charge of Smart Nation and Cybersecurity at the Cybersecurity Innovation Day 2023 held today, 29 September 2023, at the Sands Expo and Convention Centre.

2      The CyberCall initiative, first launched in 2018, seeks to catalyse the development of innovative cybersecurity solutions. Through this, CSA aims to strengthen organisations’ cyber resilience and at the same time provide opportunities for cybersecurity companies to contribute to the development of innovative solutions that shows potential to be applied in many organisations’ systems.  Each selected solution that fulfils the eligibility criteria may receive a funding of up to S$1,000,000 under CSA’s Cybersecurity Co-Innovation and Development Fund (CCDF).

CyberCall 2023

3      This year’s CyberCall is looking for proposals in the following areas: 

a. Cybersecurity for Artificial intelligence (AI) 

To safeguard AI systems and the data they process from various cyber attacks in order to maintain the integrity, confidentiality, trustworthiness and reliability of AI applications in an increasingly connected and digital world.

b. Using AI for cybersecurity

To harness the power of AI to strengthen organisations’ cyber defences to protect their systems, data and networks, improve threat detection, and respond more effectively to cyber attacks.

c. Operational Technology (OT) / Internet of Things (IoT) security

To safeguard critical infrastructure, Industrial Control Systems (ICS) and internet-connected devices from cyber threats and vulnerabilities. 

d. Cloud security

To safeguard infrastructure, data and applications hosted in cloud environments, while maintaining the confidentiality, integrity and availability of resources in the cloud.

e. Privacy-Enhancing Technologies (PET)

To safeguard the privacy of individuals…

Source…