This week has been dominated by the news of aluminum producer Norsk Hydro being crippled by the LockerGoga Ransomware. Since then, it has been constant news coverage regarding the ransomware and more in-depth analysis. It should be noted that while this ransomware has had high profile targets, it is not the most active one out there targeting companies and has not seen wide distribution. Furthermore, it’s very noisy as it consumes a lot of CPU, causes explorer to crash repeatedly, and borks the system enough while encrypting that you can’t run normal programs. Unless its launched on an idle machine, it would have a good chance of being spotted.
The Office for the Inspector General for the DHS issued a report today that detailed how FEMA did not appropriately safeguard the personal information of 2.3 million survivors of hurricanes Harvey, Irma, and Maria and the California wildfires in 2017. During national disasters, the Federal Emergency Management Agency’s (FEMA) offers a program called Transitional Sheltering Assistance (TSA) that provides shelter to disaster survivors. In an advisory titled “Management Alert – FEMA Did Not Safeguard Disaster Survivors’ Sensitive Personally Identifiable Information”, it is disclosed that FEMA did not appropriately safeguard personal information of survivors, including bank account information, and provided it to a contractor managing the program.
The federal government on Thursday warned of a serious flaw in Medtronic cardio defibrillators that allows attackers to use radio communications to surreptitiously take full control of the lifesaving devices after they are implanted in a patient. Defibrillators are small, surgically implanted devices that deliver electrical shocks to treat potentially fatal irregular heart rhythms. In recent decades, doctors have increasingly used radios to monitor and adjust the devices once they’re implanted rather than using older, costlier, and more invasive means. An array of implanted cardio defibrillators made by Medtronic rely on two types of radio-based consoles for initial setup, periodic maintenance, and regular monitoring. Doctors use the company’s CareLink Programmer in clinics, while patients use the MyCareLink Monitor in homes to regularly ensure the defibrillators are working properly.
The Finnish data protection watchdog has confirmed it’s investigating HMD Global’s Nokia-branded phones over reports they were found to be sending unencrypted data to a Chinese server. Details first emerged after a user, Henrik Austad, tipped off the Norwegian broadcaster NRK, who investigated the breach, Reuters reports. NRK’s investigation revealed that the server being contacted was associated with the domain “vnet.cn,” which is linked to the state-owned telco China Telecom. The data was being sent in an unencrypted format by a Nokia 7 Plus, a phone first released in March last year.
X-Force Red is an autonomous team of veteran hackers within IBM Security that is hired to break into organizations and uncover risky vulnerabilities that criminal attackers may use for personal gain. Our team recently unveiled new statistics collected from its penetration testing engagements. One statistic that stood out, although not surprisingly, was that out of 1,176 phishing emails sent to employees within five organizations from October 2017 to November 2018, 198 people clicked on the malicious link inside the email and 196 people submitted valid credentials. While those numbers do not appear significantly high, they still show that criminals had 196 unique opportunities to move around inside a target organization and access sensitive data. And considering one set of valid credentials is all it might take for a criminal to launch an attack, 196 of them is a gold mine.