Tag Archive for: Web’

ISM updated to mandate web API protection – Security

/in


Recent data breaches have put a spotlight on web API vulnerabilities, and in what may not be a coincidence, the Australian Cyber Security Centre has added them to its influential Information Security Manual.

The latest edition of the ISM, published by the ACSC, adds a new control “to ensure clients are authenticated when calling web application programming interfaces that facilitate access to data not authorised for release into the public domain.”

In addition, “A new control was added to ensure clients are authenticated when calling web application programming interfaces that facilitate modification of data.”

These controls were not present in the September edition of the ISM.

The ACSC also takes aim at what could be termed “compliance culture”, in particular a set-and-forget attitude to security controls.

Three controls have been revised to make it clear that they should be actively maintained.

  • Overseeing cyber security awareness raising: “The existing control relating to overseeing the development and operation of a cyber security awareness raising program was amended to ensure it is also maintained.”
  • Trusted insider program: “The existing control relating to the development and implementation of a trusted insider program was amended to ensure it is also maintained.”
  • 33 different controls relating to documentation were updated: “Existing controls relating to the development and implementation of cyber security documentation were amended to ensure documentation is maintained throughout its lifetime”.

Another aspect of compliance culture, strategies that exist only as documents, is also highlighted: “The existing control relating to the development and maintenance of a cyber security communications strategy was amended to ensure it is implemented (emphasis added)”.

For the first time, the ISM explicitly draws the burgeoning – and often insecure – world of the Internet of Things into its remit.

“The definition of ICT equipment was amended to explicitly state that ‘smart devices’ are considered ICT equipment and therefore all controls relating to ICT equipment equally apply to smart devices, such as smart televisions and…

Source…

AIIMS ransomware attack: Key patient data at risk of leak, sale on Dark Web, says experts : The Tribune India

/in


New Delhi, November 26

With the All India Institute of Medical Sciences (AIIMS), New Delhi, still struggling to get its servers up and running after a massive ransomware attack earlier this week, cyber-security researchers on Saturday said the most reported attacks in the healthcare industry, which rose during the pandemic, involve the leak or sale of databases on the Dark Web.

The exploited databases contain Personally Identifiable Information (PII) of patients and healthcare workers, as well as administrative information such as blood donor records, ambulance records, vaccination records, caregiver records, login credentials, etc.

“Government agencies involved in the healthcare industry should abide by HIPAA’s (Health Insurance Portability and Accountability Act) compliance requirements, create awareness among users regarding cyber-attacks, online scams, and phishing campaigns, set up policies for secure passwords and enable multi-factor authentication (MFA),” a spokesperson of AI-driven cyber-security firm CloudSEK told IANS.

The cyber attack on AIIMS shut down its main and back-up servers.

The attackers hacked the e-hospital service which manages the patient data system, affecting the outpatient department (OPD) and sample collection services.

Those behind the cyber attack have warned AIIMS to “prepare for a negotiation”.

Delhi Police are investigating the cyber attack.

Meanwhile, AIIMS officials said that all affected online patient services are now being run on manual mode.

According to CloudSEK, a massive spike in cyberattacks on healthcare organisations has been witnessed during the pandemic.

“Our research shows that in the first four months of 2022, the number of cyberattacks on the industry rose by 95.34 per cent compared to the same period in 2021. The Indian healthcare sector was the second most targeted when it comes to cyberattacks worldwide,” the company spokesperson said.

Protecting patients’ medical and financial information has emerged as a new challenge for healthcare organisations.

According to Indusface, an application security SaaS company, there were more than 1 million cyber attacks of…

Source…

Best podcasts and episodes about the dark web

/in


Change your passwords, lock your doors, save everything on your hard drive, and tune into stories about the internet’s darkest corners. We’ve rounded up some podcasts and episodes all about the Dark Web and some true crime investigations tracking down cyber criminals.

There are episodes about The Silk Road’s creator Ross Ulbricht, hacking, data breaches, and more cyber crimes. Tune in to hear interviews with hackers, investigative journalists tracking down criminals, and law enforcement.

Hunting Warhead

Hunting Warhead

Listen to ‘Hunting Warhead’

On CBC True Crime’s “Hunting Warhead,” host Daemon Fairless joins journalists and law enforcement scouring the internet’s darkest corners and finds the investigators, survivors and criminals involved in some of the most disturbing cases.

Darknet Diaries

Darknet Diaries

Listen to ‘Darknet Diaries’

Host Jack Rhysider brings listeners through cyber crimes in “Darknet Diaries.” Learn more about crimes like hacking, data breaches, election rigging, cyber attacks, and many more. Episodes interview folks like a Google Project Zero researcher, Brett Johnson AKA Gollumfun who partook in sites like Counterfeit Library and Shadow Crew, and penetration testers from the field.

Hacked

Sticks & Stones presents “Hacked,” a technology podcast hosted by Jordan Bloemen (communicator/ storyteller) and Scott Francis Winder (technologist/computer security hobbyist). Check out recent episodes on “Dr. Ransomware,” campus security, the “Trojan Phone,” the world of private investigators, and much more.

Malicious Life

Listen to ‘Malicious Life’

Cybereason’s “Malicious Life” explores some of the biggest computer hacks ranging from millions of dollars stolen to spies’ roles in elections, teenagers stopping a rocket launch, and more. Author and cybersecurity expert Ran Levi brings listeners through cybersecurity’s history and interviews people who experienced these kinds of events firsthand.

Casefile image

Casefile True Crime

Listen ‘Case 76: Silk Road (Part 1)’ on ‘Casefile’

This 3-part episode of…

Source…

Hackers took down U.S. airport web sites, Department of Homeland Security confirms

/in


Unknown hackers attacked and temporarily shut down the public-facing websites of at least several major U.S. airports on Monday, a Department of Homeland Security official confirmed to USA TODAY.

The official from DHS’ Cybersecurity and Infrastructure Security Agency or CISA, declined to comment on who might have been behind what appeared to be a coordinated series of Distributed Denial of Service (DDoS) incidents, which did not affect the actual operations of the airports or planes flying into and out of them.

“CISA is aware of reports of DDoS attacks targeting multiple U.S. airport websites. We are coordinating with potentially impacted entities and offering assistance as needed,” said the official, who declined to speak on the record or provide any more information about the cyber attacks and who might have been responsible.

Russian-speaking “hacktivists” from a group calling itself KillNet claimed responsibility for the attacks, which temporarily took down websites at 14 airports, including the Hartsfield-Jackson Atlanta International Airport (ATL) and Los Angeles International Airport (LAX), according to the official Twitter account of the Russian service of the Voice of America.

A recently discovered cyber attack, most likely tied to Russia, has the potential to affect many companies and organizations.

A recently discovered cyber attack, most likely tied to Russia, has the potential to affect many companies and organizations.

DDoS attacks are used to overwhelm computer servers by sending them many thousands of requests at the same time, according to CISA. In this case, the servers hosting the airport sites were swamped with thousands of requests, making it all but impossible for travelers to connect and to get updates about their scheduled flights or book airport services, according to Frank Cilluffo, a former White House cybersecurity official. 

Smart analysis delivered to your inbox: Sign up for the OnPolitics newsletter

Cilluffo said such DDoS attacks usually are intended to generate attention rather than to cause significant destruction or even disruption, such as taking down the operations of airports.

“But they are not trivial and in this case they could be the beginnings of a larger trend,” said Cilluffo, the director of the McCrary Institute for Cyber and Critical Infrastructure Security…

Source…