Ransomware Attack Disrupts Services in 18 Romanian Hospitals

0
[ad_1]

The Romanian Ministry of Health has confirmed that its critical system is down due to the ransomware attack, and authorities are working to restore it.

Romanian authorities have reported a devastating ransomware attack on multiple medical facilities using the Hipocrate Information System (HIS) healthcare management system. The system became non-functional, making hospital staff unable to access files/databases and forcing patients to wait in emergency rooms. For your information, hospitals use this system to manage medical activities and patient data.

The Romanian Ministry of Health confirmed that the system is down at the impacted hospitals and that their file/databases are encrypted. The ministry advises hospitals to focus on restoring IT services and data and urges users to not reach out to IT staff to help them focus on restoration job. Hospitals are working with the National Cybersecurity Center to identify and address the issues, Health Minister Alexandru Rafila stated.

Rafila initially claimed that 15-20 hospitals in Romania and Bucharest could be facing operational difficulties due to the attack, which took place on production servers running HIS IT system. It started on the night of 11-12 February. As per the latest update, at least 18 medical facilities have been affected in this attack. Some hospitals’ websites, including Fundeni Clinical Institute or Military Emergency Hospital “Dr. Alexandru Gafencu” Constanta are unreachable.

Romania’s National Cyber Security Directorate (NCSD) has dispatched specialists to investigate the incident. The identity of the attacker and the theft of patients’ data remain unclear.

“We don’t have the information, but we are working together with the National Cybersecurity Center to elucidate the causes and remedy them,” the minister said.

The list of the eighteen impacted hospitals shared by Romanian-Insider includes the following:

  • Buzău County Emergency Hospital
  • Slobozia County Emergency Hospital
  • Timișoara Institute of Cardiovascular Diseases
  • St. Luca Chronic Diseases Hospital
  • Colțea Clinical Hospital
  • Medgidia Municipal Hospital
  • Targoviste County Emergency Hospital
  • Sighetu Marmației Municipal Hospital
  • Pitești County Emergency Hospital
  • Regional Oncology Institute Iași (IRO Iași)
  • Fundeni Clinical Institute
  • “Sf. Apostol Andrei” County Clinical Emergency Hospital, Constanța
  • Azuga Orthopedics and Traumatology Hospital “Dr. Constantin Opris”
  • “Dr. Alexandru Gafencu” Military Emergency Hospital, Constanța
  • C.F. Clinic Hospital No. 2, Bucharest
  • Prof. Dr. Al. Trestioreanu Oncology Institute, Bucharest (IOB)
  • Baia Mare Emergency Hospital
  • The Emergency Clinical Hospital for Plastic Surgery, Reconstructive Surgery and Burns, Bucharest

Hospitals and medical facilities’ IT infrastructure are vulnerable targets for hackers. Hackread has observed that threat actors generally exploit five pressure points: shutdown of medical appliances, loss of patient medical history, public backlash, and potential federal and criminal investigations.

In September 2020, German hospital named University Hospital Düsseldorf (UKD) suffer a reported ransomware attack which led to the death of a patient. In August 2023, cybersecurity researcher Jeremiah Fowler discovered a massive data leak at Cigna Health, a major health insurance company. The database, containing over 17 billion records, mainly contained healthcare provider information and negotiated medical procedure rates.

Then in November 2023, SafetyDetectives cybersecurity researchers reported a data breach involving over 2 million Turkish citizens’ vaccination data from 2015 to 2023. The data was likely extracted using an information disclosure vulnerability.

In January 2024, Hackread reported the ALPHV ransomware gang’s targeted attack on Transformative Healthcare, occurring in late April 2023. Attackers stole a terabyte of data, including medical and paramedic reports, exposing data of nearly 1 million people, including 20,486 Maine residents. The attacker accessed a server containing patient information, which Transformative claimed was stored to comply with legal obligations.

These incidents indicate how vulnerable hospitals’ data management systems could be. To protect patient data, hospitals should consider implementing better security controls. Hackers can make quick cash from selling Personal Health Information (PHI), which is worth more than PII.

  1. WannaCry responsible for infecting medical devices
  2. CISA warns of disruptive ransomware attacks on US hospitals
  3. POLICE bust hackers planning to hit hospitals with ransomware
  4. Ransomware hackers leak pharmaceutical giant’s data on dark web
  5. Ethical hacker among 3 arrested for blackmail, ransomware attacks
  6. GoodWill Ransomware demands food for poor to decrypt locked files

[ad_2]
Source link

WhatsApp could be bringing favorite contacts to desktop users

0
[ad_1]

If you’re using WhatsApp, you’re bound to have contacts that you communicate with more often than others. Right now, the company is working on bringing a favorite contacts list for the iPhone version of the app. Now, according to a new report, it appears that WhatsApp is working on a favorite contacts list for desktop users as well. This comes after the company rolled out the ability to block numbers from the lock screen.

From the looks of it, if you’re using your favorite contact list of iOS, you’ll be able to quickly access and communicate with contacts from different screens in the app. For example, you’ll be able to quickly call your favorite contacts right from your calls tab. This eliminates the need to actively search for the contact throughout the app. You’ll have quick access to the contacts you interact with the most.

WhatsApp could be working on bringing the favorite contacts list to desktop users

Right now, WhatsApp is testing this feature for iPhones, but it appears that it wants to expand the feature to other platforms. As discovered by WABeta info, the company also wants to bring this feature over to desktop users.

Below, we see a screenshot showing this feature in action. In the Chats tab, we see a new Favorites chip right under the search bar. Below, we see a description of what favorite contacts are, and it also gives you the ability to add contacts via the green button.

WhatsApp favorite contacts web

At this point, we’re not entirely certain how many contacts you can add to your favorites list. We don’t know if it’s going to be unlimited or if WhatsApp is going to cap uses at a specific number. Also, we’re not entirely sure when we’ll see any indication of this feature coming to Android.

However, Android beta testers have enough beta tests going on. For example, WhatsApp is working on the ability for users to reply to announcement channel poses in Communities. In announcement channels, the admins are able to post messages to the members, but members are never able to reply to these messages. However, WhatsApp will soon give users the ability to reply.


[ad_2]
Source link

Microsoft now has an AI sticker generator for your social media posts

0
[ad_1]

At this point, there are a thousand and one AI image generators on the internet. They’re great for making full-fledged images. However, there are people who aren’t interested in making large images. There are some people who just want more possibilities when making social media posts. Well, Microsoft just unveiled its Designer Sticker Creator. This is an AI image generator for social media stickers.

The company has its image creator called Designer Image Creator. This is Microsoft’s full-fledged image generation platform that makes high-quality images. Right now, it’s available through Microsoft Copilot. If you want to quickly access it, you’ll want to go to the Microsoft Edge browser and look for the icon on the side panel.

The side panel will slide out and show you a text field to put your prompt in. Then, you will get AI-generated results right in the panel that you can download and use.

Microsoft brings its new Designer Sticker Creator

We’re at a point where we’re getting tired of The limited selection of stickers that we have to post on social media. Sure, there are a lot, but people want to be able to make their own. Well, Microsoft just came up with a way to do so.

The Microsoft Designer Sticker Creator is a standalone tool that you can access by going to the official site. Once you enter the site, you will see a grid of examples of what you can make. Since it’s an AI image generator, you can be as specific or as vague as you want. You’ll type your prompt into the text field at the top and it will get to work making your new sticker.

These will be high-quality images that you can download in PNG format. Since these are PNG pictures, they will have transparent backgrounds. This gives you the ability to edit them further using image editing software. Say, you want to give your sticker your own unique background. Well, you can paste the sticker into a program like GIMP or Photoshop, and add the background.

How to access this tool

Right now, the Microsoft Designer Sticker Creator is an Early Access platform. So, it’s not available to the public. If you want to use it, you’ll have to sign into your co-pilot account. We’re not quite sure when this feature will make it to the public.


[ad_2]
Source link

WhatsApp continues to test feature to use a username instead of phone numbers

0
[ad_1]
WhatsApp, the Meta-owned global messaging app, has been working on a feature for some time now where you will be able to give out a username instead of your phone number to those you want to message with. This has been a highly requested feature that has seemingly taken very long to implement since it was spotted last year in a beta build. However, it now appears that more work is being done to test this feature, indicating that it is still on the table.
Unlike in the United States, where Apple’s iMessage and old school SMS have a stronghold on messaging, the rest of the world uses other solutions. WhatsApp is one of them in places like India, Latin America, and some parts of Europe, which subsequently translates to users in those living in the United States who have friends and family in those locations.
For users everywhere, the WhatsApp team has been working on introducing the option to generate usernames. News on the progress of this feature was quiet for a while, but based on the newest WhatsApp beta for iOS 24.3.10.72 version (as spotted by WABetaInfo), it appears like this feature is about to take off.

Image Source: WABetaInfo

In this version, the section within the app where users can choose a username is once again present. This time, though, the app will initiate a validation process to make sure that the username chosen is valid. The validation includes making sure the the username is unique and only allows for alphanumeric characters (a-z and 0-9). This provides the option to keep your phone number hidden, which provides numerous benefits when it comes to privacy.

Currently, exchanging contact information for WhatsApp involves revealing your phone number, which can be concerning for those that prefer certain anonymity, be it for security or personal reasons. While users will probably still need a number to set up an account, having the option of a username allows them to be more selective about who sees it.

Additionally, this feature could be useful to those that want a username that is much easier for friends and family to remember, rather than a series of numbers. Unfortunately, WhatsApp has yet to provide an official timeline for when usernames will be available to all users, but we hope this becomes a focus for the app’s developers this year.


[ad_2]
Source link

Huge Surge in Hackers Exploiting QR code for Phishing Attacks

0
[ad_1]

Phishing has been one of the primary methods threat actors use for impersonating individuals or brands with a sense of urgency that could result in private information being entered on a malicious URL.

Phishing has been set with several preventive measures that block any phishing email inside an organization.

However, with evolving technologies, threat actors have equipped themselves with the right tools that can help them evade any preventive mechanisms and prevent any individuals from giving up their confidential information. One of the latest techniques used by threat actors is Quishing or QR-based phishing

Document
Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.

QR-based Phishing Surges

There has been a big surge in Quishing attacks due to the evasion technique it offers and the success ratio. QRs have boomed in the last three years and are now used in several places, such as MFA, for viewing menus at restaurants, Wi-Fi password scanning, contactless payments, and several other purposes.

This makes QRs more dangerous than usual, as victims have low suspicions of malicious QR codes that can steal confidential information from the victim. Quishing is another important factor that makes it one of the biggest weapons in a threat actor’s arsenal.

When a user receives an email with a malicious QR, he/she scans the QR using their mobile phone, which brings them out of the organization’s security circle since no organization monitors personal mobile phones.

Scanning a malicious QR takes them to a malicious website that impersonates a Microsoft or Google login page, prompting them to enter their credential.

Since QRs have low suspicions among executives, users enter their credentials that provide the threat actor with a valid credential to an organization.

Malicious Quishing email (Source: Abnormal Security)
Malicious Quishing email (Source: Abnormal Security)

C-Suite Targeted High

Though any employee could be a target of a Quishing attack, researchers revealed that C-suite members such as chief executive officer (CEO), Chief financial officer (CFO), Chief operating officer (COO), and Chief information officer (CIO) were highly targeted due to the level of privilege and access they possess.

Quishing Attack ratio (Source: Abnormal Security)
Quishing Attack ratio (Source: Abnormal Security)

Non-C-Suite VIPs, such as executive vice presidents, senior vice presidents, and department heads, were also heavily targeted with Quishing attacks.

Suppose threat actors gain access to one of these high-level credentials. In that case, they can initiate an internal as well as an external fraudulent request that could target many employees inside an organization.

QR-based phishing attacks have been published by Abnormal Security, which provides detailed information about the attack vector, credential compromise, percentage ratio of targets, and other information.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Galaxy S21, Galaxy S20 & more get February update in the US

0
[ad_1]

Last week, Samsung released the February 2024 Android security patch for a bunch of Galaxy smartphones in the US, including the Galaxy S23 series and the latest foldables. The company has now begun a second wave of February security updates stateside. It is pushing the update to the Galaxy S21 series, Galaxy S20 series, and more devices.

More Galaxy devices receive the February update in the US

The Galaxy S23 series was the first Samsung phone to receive the February SMR (Security Maintenance Release) in the US. The Galaxy Z Fold 5, Galaxy Z Flip 5, Galaxy Z Fold 3, Galaxy Z Flip 3, and Galaxy A53 followed shortly. The Korean firm has just released the latest security patch for the Galaxy S21 lineup too, including the FE model.

As of this writing, the factory-unlocked units of the Galaxy S21, Galaxy S21+, and Galaxy S21 Ultra are picking up the new SMR in the US. The updated firmware build number for the phones is G99*U1UESAFXAB. Samsung should soon cover the carrier-locked units too. It has already released the update in some international markets, including Europe.

The February update for the Galaxy S21 FE, meanwhile, begins stateside. Both carrier-locked and unlocked variants are receiving the new security patch in the US. The update bumps the build number for the phone to G990USQSAFXAI for locked units and G990U1UESAFXAA for unlocked units. A global rollout should be just around the corner. The new SMR brings 69 vulnerability patches to the Galaxy family.

The Galaxy S20, Galaxy S20+, and Galaxy S20 Ultra are also picking up this month’s security update in the US ahead of other regions. Samsung has released the update for carrier-locked units with the build number G98*USQS8HXA1 (G98*VSQS8HXA1 for Verizon users). A wider rollout should follow soon. Like the Galaxy S21 lineup, the 2020 flagships are also only getting the latest security fixes.

The Galaxy A15 5G is also getting the new security patch in the US

The Galaxy A15 5G is another new addition to Samsung’s February 2024 update party in the US. The newly released budget phone is picking up the latest security fixes on Verizon’s network with firmware version A156USQS1AXA7. If you are using any of these Galaxy smartphones in the US, watch out for the latest security update with dozens of vulnerability fixes. Three Android OS security issues patched this month were labeled critical by Google, so you might not want to delay the update.


[ad_2]
Source link

Sam Altman shares his first thoughts about Apple Vision Pro

0
[ad_1]

Apple recently took the wraps off one of the biggest releases in a long time, the Apple Vision Pro. There’s no denying that it hasn’t made enough buzz in the industry, and reports also suggest that it’s being sold for a higher price in other markets, due to its US-only availability. Subsequently, industry leaders such as Sam Altman were among the first ones to drop a quick review of Apple Vision Pro.

Sam Altman believes Apple Vision Pro is the “second most impressive tech since the iPhone”

OpenAI chief Sam Altman took to X to share his quick review of the Apple Vision Pro. He believes it’s the “second most impressive tech since the iPhone.” On the same post, another user commented that it probably has the worst name. However, Sam Altman quickly responded, “ChatGPT is a lot worse. [sic]”

Of course, we don’t know whether he tried the Apple Vision Pro or not but a compliment from someone, who has changed his tune of the generative AI space, does matter.

He doesn’t delve into more details as to why he believes so. But a comparison with the first-generation iPhone means that he believes that Apple’s Vision Pro has the potential to become the next big thing in tech.

Sam Altman isn’t the only one, after all

Elon Musk, too, was among the early adopters of the Apple Vision Pro. However, his appraisal of Apple’s latest release is mixed. Musk concedes that the Vision Pro failed to surprise him. He draws a parallel with the first-generation iPhone, suggesting there’s ample room for improvement in the Vision Pro.

Bloomberg’s Mark Gurman notes that there’s more to this and essentially, this is just the prototype of the final product. He further adds that the Apple Vision Pro will not affect the sales of or replace the iPhone or Mac; rather, it will impact the iPads.

For those unaware, Apple Vision Pro is up and selling for $3500 for the base variant in the US. Apple is also giving 30-minute one-on-one demos to experience visionOS, made specifically for the Apple Vision Pro.


[ad_2]
Source link

Google teases new design for “Sign in with Google” pages on web and mobile

0
[ad_1]
Remember the very simple “Sign in with Google” option that you see all over the internet? It saves you a lot of time by allowing you to use your Google Account to log into a variety of apps, websites, and services, eliminating the need to create individual accounts for every site you log in to. This useful sign-in page appears to be getting a minor change.
As reported by Android Central, Google is currently informing users that a revamp is in the works. This is being done by placing a simple banner at the top of Google sign-in pages which reads, “A new look is coming soon. Google is updating the sign-in page with a more modern look and feel.”
 

Image by Phone Arena   

We have yet to see what this new “modern look and feel” is supposed to look like, considering Google hasn’t released any screenshots yet, but we can make some educated guesses on the matter. For example, just as others have already done so, we can speculate that this re-design would likely fall within Google’s own “Material You” design language, which is already being used across the ecosystem. This would make perfect sense and it would add a splash of color and consistency across the web.

While it is almost certain that Google’s Material Design philosophy would be incorporated into the re-design, the more interesting questions is not the “how” but the “why” this is being done. Sure, clean lines, bold colors, and easy-to-navigate interfaces can be a good enough reason to apply a visual refresh across sign-in pages. However, there is another consideration as to why this might be in the works.

Google’s push for password alternatives

It’s no surprise that Google has been working for some time now to drive the use of passkeys as an alternative to using passwords. Making significant changes such as making passkeys the default sign-in method for personal and workspace accounts, as well as becoming a driving force for the expansion of passkeys support across the web by enlisting more partners, is not to be taken lightly.

It is entirely possible that this redesign could be another way in which Google plans to highlight the use of passkeys even more. Google’s sign-in pages already prompt users to use them, but currently it is presented as more of an afterthought that the default sign-in method is it meant to be.


It is important to note that at this point this is all speculation. We have no clear indication on what Google’s plans are on this matter, but considering how prominent the redesign notice is right now on sign-in pages, we probably won’t have to wait long to find out.

[ad_2]
Source link

3 Well-known Microsoft Word & Excel Flaws Exploited

0
[ad_1]

Despite not being 0-day or even 1-day vulnerabilities, three well-known and outdated CVEs in Microsoft Word and Excel continue to pose a threat to the cybersecurity industry.

In these three CVEs, researchers found several connections, including technical tricks to conceal the harmful nature of the malicious documents and lure topics designed to mislead users into opening the document.

“More than 13000 samples that use old CVEs are lurking in-the-wild in 2023. Different formats – DOC(X), XLS(X), RTF – and tricks are used, all with the same purpose: to lure the victim into clicking and cause the subsequent malware to spread”, CheckPoint said.

Attack domains that the operators of mallocs select include lucrative industries, including banking and finance, government, and healthcare.

Affected Countries

3 Old And Well-Known CVEs Used In Microsoft Word & Excel

  • CVE-2017-11882 (technical analysis by Palo Alto)
  • CVE-2017-0199 (technical analysis by Perception Point)
  • CVE-2018-0802 (technical analysis by Check Point Software Technologies)

Maldocs with specified CVEs were used to spread several infamous malware families, such as Dridex in 2017 (CVE-2017-0199), Guloader in 2021 (CVE-2017-11882), LokiBot in 2018(CVE-2018-0802) and others.

The scenario remained unchanged in 2023 despite the detection of certain noteworthy additions to the disseminated payloads, such as samples utilized by Agent Tesla, Gamaredon APT, and Formbook/Xloader.

The samples utilized in Gamaredon APT activities are among the most noteworthy. A notorious hacker gang supported by the Russian state is called Gamaredon APT.

Connection of the maldoc exploiting CVE-2017-0199 with Gamaredon APT

Agent Tesla is a well-known malware family that topped the list of most common malware in October 2022. It is an advanced RAT functioning as a keylogger and information stealer.

Connection of the maldoc exploiting CVE-2017-11882 with Agent Tesla

GuLoader is another malware family that has been observed being distributed using maldocs. A well-known shellcode-based downloader called GuLoader has been used in numerous attacks to distribute several types of the “most wanted” malware.

Connection of the maldoc exploiting CVE-2017-0199 with GuLoader

Initially identified in 2016, Formbook is an infostealer malware (CVE-2017-11882). Screenshots, keystrokes, and credentials stored in online browsers are just a few of the data kinds that it takes from compromised systems.

Maldocs can take a variety of forms, but one of their lures is a poorly formatted text that still requires the user to “enable editing” for this document. 

Excel malicious documents may be encrypted, which would complicate analysis. The MS Enhanced RSA and AES crypto-providers are used to carry out the encryption and decryption.

Shellcodes within malicious documents, enormous oleObjects, obfuscated VBA macros, and strange URLs are some of the techniques employed in maldocs.

“The methodology of the 5-year-old spreading method must be well known, and this malware must be detected and stopped as early as possible”, researchers said.

Recommendation

  • Update the operating system and any installed apps.
  • Never click on links in unsolicited emails from senders you don’t recognize.
  • Increase staff awareness of cybersecurity
  • If you are unsure, speak with a security expert; preventing an issue is preferable than treating it.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

AI-generated voices in robocalls are illegal, rules FCC

0
[ad_1]

The Federal Communications Commission (FCC) has announced that calls made with voices generated with the help of Artificial Intelligence (AI) will be considered “artificial” under the Telephone Consumer Protection Act (TCPA). Effective immediately, that makes robocalls that implement voice cloning technology and target consumers illegal.

Robocalls are automated phone calls, often associated with scams, which can be a nuisance to individuals and businesses alike. Some of these calls use AI generated voices of trusted celebrities to gain the trust of the target, in a technique known as voice cloning.

Robocallers not only sell products or services in an annoying way, they’ve also been known to be part of political misinformation campaigns as well.

The unanimous ruling by the FCC provides state attorneys general across the country with new tools to go after the people behind these nefarious robocalls. Many of these calls would be considered illegal anyway because they are scams or fraudulent, but now the fact that they use AI generated voices alone is enough for them to be considered illegal.

The FCC says it received a letter signed by attorneys general from 26 states asking the agency to act on restricting the use of AI in marketing phone calls.

FCC Chairwoman Jessica Rosenworcel stated:

“Bad actors are using AI-generated voices in unsolicited robocalls to extort vulnerable family members, imitate celebrities, and misinform voters. We’re putting the fraudsters behind these robocalls on notice.”

From now on, those who wish to send robocalls must obtain prior express consent from the called party before making a call that utilizes artificial or prerecorded voice simulated or generated through AI technology.

Violations of the TCPA are subject to stiff civil penalties. Abusers can anticipate fines of up to $1,500 per incident without a cap on damages.

On January 30, 2024, the FCC said its previous actions against international robocalls appear to have reduced apparently illegal robocall traffic across multiple networks. If this new announcement leads to an even bigger reduction, you won’t hear us complaining.

What to do if you answer a robocall

When you receive a call from someone outside your contact list only to hear a recorded message playing back at you, that’s a robocall.

  1. Hang up as soon as you realize that it is an automated robocall.
  2. Do not engage with the call at all.
  3. Don’t follow any instructions.
  4. Avoid giving away any personal information.
  5. Report the robocall.
    • If you’ve lost money to a phone scam or have information about the company or scammer who called you, tell the FTC at ReportFraud.ftc.gov.
    • If you didn’t lose money and just want to report a call, use the streamlined reporting form at DoNotCall.gov
    • If you believe you received an illegal call or text, report it to the Federal Communications Commission (FCC).

It is important to not engage in any conversation or respond to any prompts to minimize the risk of fraud. Even the smallest snippets of your recorded voice could allow for voice-cloning and used in scams against you or your loved ones.


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your iOS devices by downloading Malwarebytes for iOS today.


[ad_2]
Source link