Tag Archive for: Web’

Pinnacle Health hack: Sensitive files posted to the dark web include ‘confidential’ report

/in


Sensitive files posted to the dark web, Auckland’s new mayor gets to work and police on the scene in Wattle Downs in the latest NZ Herald headlines. Video / NZ Herald

Sensitive patient files and high-level data stolen in a cyber attack on a major primary health provider have been posted to the dark web by a ransomware group with Russian links, the Herald can reveal.

In a statement last night, Pinnacle Midlands Health Network — which operates dozens of North Island GP practices — confirmed the upload of stolen material to the net, following a “cyber incident” last week.

While the number of affected patients has not been made public, initial reports suggested hackers may have had access to as many as 450,000 people’s information.

Justin Butcher, CEO of Pinnacle Incorporated, told the Herald information illegally obtained was uploaded to the internet by “malicious actors”.

The information and data related to past and present patients and customers of the Pinnacle group in the Waikato, Lakes, Taranaki and Tairawhiti districts. It also includes Primary Health Care Ltd (PHCL) practices from across Taranaki, Rotorua, Taupō-Tūrangi, Thames-Coromandel and Waikato.

The information in the breach includes high-level data related to the use of hospital services, claiming information related to services that Pinnacle provides, and information sent to practices around immunisation and screening status of individual patients.

“Over the past 24 hours, we were notified by our security experts that the data taken from our IT platform had been released by malicious actors,” Butcher confirmed.

“We acknowledge that this will be concerning to our patients and their whānau, and we are taking this seriously, our immediate focus is on supporting people who may have been impacted, and working with the authorities to ensure we are doing everything we need to be.”

Pinnacle chief executive Justin Butcher said investigations were still under way but he believed attackers accessed information that could include commercial and personal details. Photo / Supplied
Pinnacle chief executive Justin Butcher said investigations were still under way but he believed attackers accessed information that could include commercial and personal details. Photo / Supplied

While Pinnacle does not hold GP notes and consultation records, Butcher said the company “now have a much clearer understanding of the breadth of…

Source…

Imperva DSF Secures Your Data in Amazon Web Services Enterprise Data Lakes

/in


Data lakes serve as a central repository for storing several data types – structured, semi-structured, and unstructured – at scale. One of the ways data lakes are useful is they do not require any upfront work on the data. You can simply integrate and store data as it streams in from multiple sources.

Amazon’s AWS data lakes are some of the most popular cloud data solutions available on the market today. AWS data lakes are purpose-built to deliver secure cloud architectures to customers. AWS helps relieve its customers’ operational burden by operating, managing, and controlling the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. It is the customer’s responsibility, however, to secure their sensitive data. You can see how this works in the shared responsibility model AWS follows.

Risks to sensitive data start to pick up momentum when organizations move workloads to the cloud quickly and lose track of where their sensitive data resides. To maintain security in these environments, you need a good data catalog, know where data copies are, where snapshots may be, etc. You must also have enforceable access control policies in place around sensitive data. You must have audit trails, the ability to run data through forensics if needed, the ability to validate what entitlements are and reduce them, and the capacity to check for vulnerabilities from a surface area perspective. These aren’t new practices; they have been integral to how organizations have applied data-centric security strategies to data repositories for years. What’s new is the need to apply these practices to cloud-managed environments like AWS data lakes.

Imperva Data Security Fabric (DSF) enables enterprises to protect their sensitive data in AWS enterprise data lakes and help demonstrate data compliance. The Imperva DSF solution enables AWS customers to see and secure their sensitive data through a single comprehensive platform and leverage a unified security model across Amazon Aurora, Amazon Redshift, Amazon Relational Database Service (RDS), Amazon DynamoDB, Amazon Athena, and AWS CloudFormation without…

Source…

Hackers Use Telegram, Signal, Dark Web to Help Iranian Protesters

/in


Protesters against the Iran regime are getting a boost to aid their efforts from hacking groups who are using Telegram, Signal and the dark web to get around government restrictions.

“Key activities are data leaking and selling, including officials’ phone numbers and emails, and maps of sensitive locations. CPR sees the sharing of open VPN servers to bypass censorship and reports on the internet status in Iran, as well as the hacking of conversations and guides,” according to a blog post by Check Point Research (CPR), which shared five examples of the counterprotesters’ activities.

Telegram groups, the researchers said, include between 900 to 1,200 members, some of which offer a list of proxies and a VPN to maneuver around Iranian government censorship while another group helps protesters gain access to social media.

CPR noted the activities the day after protests began following the death of Mahsa Amini. “Specifically, hacker groups are allowing people in Iran to communicate with each other, share news and what is going on in different places, which is what the government is trying to avoid, to lower the flames,” CPR said. “As per usual with these uprisings, there are some hacking groups that are trying to make a profit from the situation and to sell information from Iran and the regime.”

Researchers specifically called out the Official Atlas Intelligence Group channel, a group with 900 members that uses Telegram to leak and sell data. They are “focusing on leaking data that can help against the regime in Iran, including officials’ phone numbers and emails and maps of sensitive locations,” PCR said, as well as “upsell” private information on the Iranian Revolutionary Guard Corp (RGC). They are also offering a list of proxies to help protesters bypass censorship in Iran.

The 5,000-strong Arvin group is also using the messaging platform to leak and sell data. Its focus is “on news from the protests in Iran, reports and videos from the streets where the protests are in Iran,” CPR said. They also provide Open VPN services and report on internet status in the country.

Red Blue is another group with 4,000 members and is also using Telegram to hack…

Source…

5 Reasons Why Web Security Is As Important as Endpoint Security

/in


by Invicti • Sep 16, 2022

Would you say that a company is secure if their employees are using laptops with no anti-malware installed at all? Most businesses would say that is an irresponsible approach. Then why would many businesses have websites and web applications with no protection at all and why would many MSSPs not offer their customers any kind of web application security services?

An “antivirus” (an anti-malware solution) is perceived as a standard element of a Windows installation – it’s rare to see a computer without one. However, strangely enough, many businesses feel completely secure just setting up a website or web application without paying any attention to whether it is secure and many MSSPs provide them with no security for their web assets at all. This is even more surprising because web-accessible databases usually contain more sensitive data than an average office machine, for example, customer personal information.

Here are five reasons why both you, the MSSP, and your customers should treat web security with as much attention as personal computer security and endpoint security in general.

Reason 1. The move to the cloud

Twenty years ago, websites were just simple, mostly static presentations – digital billboards in a way. Today, many of us are, for example, creating our documents online instead of using a desktop word processor – quite often the only software installed on our Windows machine is the browser. And even if there is some other software like Slack, it uses web interfaces to communicate with the servers. Companies are using their own servers less often. For many employees, desktop computers and laptops are basically thin clients that are there only to make it possible to access the web.

This means that anti-malware software basically protects an empty computer that has no special software on it, just a browser. The only major risk of such a computer being attacked is if the attack makes it possible to steal login credentials to web applications.

On the other hand, all the data, all the business support software, and everything else is on the web or will soon be there. And, unfortunately, quite often it is left completely…

Source…