MedStar has been hacked and it looks really ugly. You can find healthcare informatics’s story below as well as HERE. The Baltimore post examiner also posted about it HERE. News reports confirmed a cyber-attack on the 10-hospital MedStar Health system that had disabled the organization’s EHR. Continue reading
Cisco Talos posted a great article on a new variant of ransomware targeting healthcare. The original post can be found HERE.
Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to compromise additional machines which are then held for ransom. A particular focus appears to have been placed on the healthcare industry. Continue reading
Anonymous posted a warning video to Denver regarding its recent homeless camp cleanup law. Anonymous pointed out many reasons why this new law is a violation of human rights and states they would prefer a peaceful resolution. However, they claim “Expect Us”, so most likely actions will be taken against Denver officials if nothing is done about this threat. This post contains the Anonymous video and cbs article on this topic found HERE. Continue reading
A Exploit kit is collection of redirection pages, landing pages, exploits and payloads designed to automatically infect users for a revenue stream. Exploit kits are typically not using targeted attacks meaning they try to get any system on the internet that is vulnerable to access their website and usually deliver ransomware. Examples of exploit kits are Kaixin / Gongda, Neutrino, Nuclear, RIG and Angler. Looking at Angler, it can exploit 9,000 systems on any given day and successfully compromise 5,400 of those systems. In terms of dollars, this can mean around $30 million dollars per year from the delivered ransomware. This post will cover whats involved with exploit kits including what can be done to protect your system from being exploited. Continue reading
Talos, Cisco’s security research division posted their thoughts on the latest Microsoft Patch Tuesday release along with associated SNORT rules to protect systems from exploiting associated vulnerabilities. The original post can be found HERE.
Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, Windows Media Player, and Window PDF. The remaining eight bulletins are rated important and address vulnerabilities in .NET, Office, and several other Windows components.
Bulletins Rated Critical
Microsoft bulletins MS16-023, MS16-024, and MS16-026 through MS16-028 are rated as critical in this month’s release. Continue reading
I received a request to be part of a banking scam and decided to play it out with false information. Below is a series of emails I received as I communicated with this obvious scam. Make sure you question anything like this because most likely somebody is trying to trick you. Indicators of a scam include broken English, asking to wire money, lack of details about the parties involved and unwillingness to give information linked to the actual conversation such as in this case, the bank’s 1800 number that I could call and ask for the so called “employee” involved.
This scam started off with a email blast, which hit one of my real email spam folders. If you google the number, names, etc. from these emails, you will find many other people have flagged this guy. Continue reading
KeRanger is the first Mac based Ransomware. This goes to show that attackers are targeting Apple, which should be expected as Mac gains market share. The interesting aspect is how the Ransomware leveraged a valid Mac app development certificate, which has been revoked by Apple. Here is a post by Techcrunch on this story. The original posting can be found HERE. Continue reading