Star Well being Insurance coverage CISO offered buyer information, hacker claims
[ad_1] A textual content message question to Khanuja elicited no response. The breach uncovered over 7.24 terabytes of delicate buyer data together with extremely private data reminiscent of full names, PAN and cellular numbers, e-mail addresses, dates of delivery, residential addresses, pre-existing medical circumstances, coverage numbers, nominee particulars, and even the peak and weight of insured people. The hacker’s revelations have gone viral on social media, with a put up by a consumer named Deedy Das who shared an alleged e-mail alternate between Khanuja and the hacker. In keeping with the put up, Khanuja, in his capability as CISO, brokered the sale of Star Well being’s buyer information, delivering the treasure trove of personal particulars to the hacker. The info reportedly fetched a value of $150,000. [ad_2]
CISA Warns of Hackers Focusing on Industrial Techniques with “Unsophisticated Strategies” Amid Lebanon Water Hack Claims
[ad_1] The US Cybersecurity and Infrastructure Safety Company (CISA) has warned that malicious hackers proceed to be able to compromising industrial management techniques (ICS) and different operational know-how (OT) utilizing “unsophisticated strategies” – suggesting that rather more nonetheless must be executed to safe them correctly. In an advisory posted on CISA’s web site yesterday, the company mentioned that internet-accessible industrial techniques may very well be susceptible to plenty of strategies of compromise, together with exploitation of default credentials and brute pressure assaults. Notably, CISA selected to notably spotlight that organisations working within the water and wastewater techniques (WWS) sector had been amongst these susceptible to such unsophisticated hacking strategies. Industrial management techniques handle and regulate processes within the WWS sector akin to water filtration, chemical therapy, and pumping stations – making certain that they function inside secure parameters, preserve the standard of consuming water, and stop contamination to the setting. It’s also used to robotically monitor water ranges and stream charges in real-time. Supervisory Management and Information Acquisition (SCADA) is a specific kind of business management system, which – within the case of the WWS sector – is used to observe and management the geographically dispersed water distribution community. Employees use human-machine interfaces (HMIs) for a graphical overview of ICS and OT techniques. enabling a speedy response if there may be an gear failure or emergency. Sadly HMIs have usually been discovered to be poorly secured, and if they’ve a password in any respect might solely be protected by an easy-to-guess default password. It’s generally understood that these sustaining such techniques could also be extra nervous about what might occur in the event that they “break” crucial infrastructure by altering a password than the prospect of being hacked as a result of a weak password is getting used. As we’ve got described earlier than, WWS techniques are sometimes thought-about by attackers to be “target-rich, cyber-poor.” Up to now there have been ransomware assaults launched towards the WWS sector, in addition to what are thought to have been state-sponsored assaults towards water utilities in the US. The reminder from CISA for the water sector to defend itself extra strongly towards cyber assault seems to be nicely timed. This week the Purple Evil hacktivist group claimed to have compromised water techniques utilized by Hezbollah in Lebanon, gaining management of the SCADA software program used at 14 water amenities in southern Lebanon and Beirut and altering chlorine ranges. Nevertheless, consultants notice that there was no unbiased verification of the group’s claims and despite the fact that Purple Evil shared screenshots of HMIs it claimed to have accessed, it’s potential that the impression of the assault (if it occurred in any respect) has been exaggerated as a part of a misinformation marketing campaign. Earlier this 12 months CISA and the US Environmental Safety Company (EPA) printed a information in an try to boost cybersecurity resilience and enhance incident response within the WWS sector. Editor’s Word: The opinions expressed on this and different visitor writer articles are solely these of the contributor and don’t essentially mirror these of Tripwire. [ad_2]
False claims of hacked voter knowledge – Week in safety with Tony Anscombe
[ad_1] Video With simply weeks to go earlier than the US presidential election, the FBI and the CISA are warning about makes an attempt to sow mistrust within the electoral course of 20 Sep 2024 With simply weeks to go earlier than the US presidential election, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Safety Company (CISA) are urging the general public to disregard claims of stolen voter data. The companies emphasize that “accessing voter registration knowledge is just not by itself an indicator of a voter registration database compromise”, as that data can really be bought legitimately.. What else is there to know concerning the newest campaigns that try and undermine belief in US elections and establishments? Discover out within the video. Join with us on Fb, Twitter, LinkedIn and Instagram. [ad_2]