(844) 627-8267
(844) 627-8267

Hospitals sue cloud, Google settles Incognito suit | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Johna Till Johnson, CEO, Nemertes

Here are the stories we plan to cover TODAY, time permitting. Please join us live at 12:30pm PT/3:30pm ET by registering for the open discussion on YouTube Live.

New York hospitals sue cloud provider for return of data

Two New York hospitals – also not-for-profits – are seeking a court order to force the Boston-based cloud storage company Wasabi Technologies to “return stolen data stored on one of its servers by the LockBit ransomware gang.” According to Bleeping Computer, the Carthage Area Hospital and Claxton-Hepburn Medical Center were attacked in September, with the LockBit affiliate renting cloud storage at Wasabi to store stolen data. The hospitals are requesting the court to “force Wasabi to provide and delete the data from their servers.”

(Bleeping Computer)

Google settles $5 billion ‘incognito mode’ lawsuit 

Google has agreed to settle a class-action lawsuit filed in June 2020 that alleged the company misled users by tracking their internet usage even when their browsers were in “incognito” or “private” mode. The plaintiffs alleged that Google violated federal wiretap laws by using Google Analytics to track user activity. Google attempted to get the lawsuit dismissed by pointing to a message it displays informing users that their activity might still be visible to websites they visit, their organization, or their ISP. The class-action lawsuit originally sought roughly $5 billion in damages, however, the final settlement terms have yet to be disclosed.

(The Hacker News)

A call for formal ban on ransomware payments

The security company Emsisoft published a blog post calling on a legally mandated ban on ransomware payments. It cited that in 2023, the US saw over 300 ransomware attacks against hospitals, schools, and government bodies, costing an average of $1.5 million to mitigate. These figures don’t account for the MOVEit breaches or ones on private third-parties. Some critics say that in the long term a ban may be warranted, if enacted immediately it would prove impossible to enforce and potentially cause more harm for organizations that lack resiliency and IT maturity. 

(The Register)

FTC asks for ideas to fight voice cloning

The Federal Trade Commission opened a call for submissions on how to fight fraud with text-to-speech technology. It’s hoping the challenge will receive ideas from across disciplines to better monitor and stop abuse of this tech. It will accept submissions until January 12th with the winner receiving $25,000. Submissions must include ideas on how to prevent malicious parties from accessing voice cloning software, improve real-time voice cloning detection, and provide a way to detect cloned voices in clips. The FTC warned about the potential for this type of abuse back in March, but to date has taken any enforcement action on it. 

(The Record)

Thanks to today’s episode sponsor, NetSPI

Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI’s ASM platform to hone in on what’s actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM

Hackers threaten SWAT Fred Hutch patients

Following up on a story we brought you in mid-December, it has been confirmed that the hackers who took on Seattle-based Fred Hutchinson Cancer Center threatened to swat the homes of its cancer patients in order to get the hospital to comply with ransomware demands. The group did not follow through on these threats, but that became the basis for the extortion emails they sent to patients instead.

(Beckers Hospital Review)

FBI disrupts BlackCat ransomware network

On Tuesday, the US Justice Department announced that it has seized websites of the second most prolific ransomware-as-a-service operation, BlackCat, also called ALPHV or Noberus. The DoJ said the FBI has provided a decryptor to dozens of victims globally, saving approximately  $68 million in ransom demands. The search warrant reveals law enforcement used a confidential informant to infiltrate BlackCat, observe its operations and obtain credentials to the gang’s backend affiliate panel used to manage extortion campaigns. Earlier this month, BlackCat’s Tor-based leak site disappeared in what was believed to be a law enforcement operation.

(SecurityWeek and Bleeping Computer)

Hacking with Mr. Cooper

In a filing with Maine’s attorney general’s office, the mortgage and loan company Mr. Cooper, previously known as Nationstar Mortgage, confirmed it lost data on over 14 million customers in a recent cyberattack. Data included names, social security numbers, and bank account numbers. On it’s site, Mr. Cooper indicated the attack impacted 4 million current customers. A filing with federal regulators confirms the rest come from past customers. The company did not reveal further details about the method or party behind the attack. 


Rite Aid banned from using AI facial recognition 

The Federal Trade Commission (FTC) announced Tuesday that it has banned Rite Aid from using facial recognition technology for five years. The FTC alleged that between 2012 and 2020 Rite Aid used an often inaccurate AI-powered facial recognition database to identify customers it believed were shoplifters or “dishonest.” Rite Aid used grainy images drawn from security cameras, employee phone cameras and even news stories to populate its database. The company then forced employees to stalk and sometimes humiliate those who had been wrongly identified. The FTC said Rite Aid did not take “reasonable measures” to prevent harm to consumers.

(The Record)


Click Here For The Original Source.

National Cyber Security