ReportWire

Tag: Cyberwarfare

  • Parenting 101: 5 Lessons to keep kids safe online for the new school year

    [ad_1]

    The back-to-school season is exciting – new knowledge, new digital tools, and new discoveries. But it also brings higher cybersecurity risks for both schools and children. Cybersecurity experts are urging children, parents, and school communities to stay extra alert during this period.

    “The back-to-school period requires additional efforts to keep children and school communities safe online. A new beginning means new digital tools, online searches, and registrations for learning platforms. All of that increases cyber risks that must be taken seriously,” said Karolis Arbačiauskas, head of product at NordPass, in a media release

    A new study by NordPass, in collaboration with NordStellar, reveals a worrying truth: many educational institutions are still using shockingly weak passwords to protect sensitive data. Entries like “123456”, “Edifygroup@1”, and “principal@2021” appeared frequently, showing a widespread reliance on predictable or outdated credentials that are easy for hackers to guess.

    This is why the back-to-school season is the perfect moment to talk to children about cyber hygiene – the dos and don’ts in digital environments – and to help them build strong habits for digital security and privacy. “Learning about cybersecurity can be fun. Many families of cybersecurity professionals make it a game – they host a small party with snacks and guide their children through five simple but essential exercises,” said Arbačiauskas.

    Cybersecurity experts advise to take these steps to preserve your own cybersecurity and that of your family members (it can also be used as inspiration for your family’s Cyber Party):

    • Create strong and unique passwords. Make sure every account in your family – whether it’s yours, your parents’, your significant other’s, or your children’s – uses a strong and unique password. The easiest way to do it? Use a trusted password manager to generate, store, and share them securely.
    • Turn on multi-factor authentication (MFA). Add an extra layer of security wherever you can, especially to access school portals, email accounts, and social apps. MFA helps keep hackers out even if a password gets breached – and they get breached more often than you think. A recent study by NordPass revealed that many educational institutions still use shockingly weak passwords.
    • Update devices and apps. Keep phones, tablets, and laptops up to date with the latest software. Outdated apps can contain vulnerabilities that hackers take advantage of to get backdoor access into your device. Updates patch these security holes so that cybercriminals can no longer exploit them.
    • Talk about phishing. Discuss cybersecurity with your family and why it matters. Teach them to never click suspicious links or open unknown attachments – especially in emails or messages claiming to be from the school. When in doubt, verify with the sender by using a website checker.
    • Adjust privacy settings. Review and tighten privacy settings on social media, online games, and school platforms. Limit what personal info is publicly visible and who can contact your kids online.

    – JC

    [ad_2]

    Source link

  • Local hospital network data breach may affect over 500

    Local hospital network data breach may affect over 500

    [ad_1]

    SALEM, N.H. — A data breach at a local hospital network caused more than 500 patients’ personal information to be leaked.

    Northeast Rehabilitation Hospital Network, 70 Butler St., announced on its website that between May 13 and May 22, there was unauthorized access to the company’s network and files containing sensitive information may have been accessed.

    Information was accessed from Neuro Rehab Associates Inc., a subsidiary founded in 1983, according to the data breach portal for the U.S. Department of Health and Human Services’ Office for Civil Rights.

    The breach was reported to the Department of Health and Human Services on July 17.

    Despite claiming it was an instance of unauthorized access, the department categorized the breach as a hacking and IT incident and noted the information was found on network servers.

    NRHN said it is investigating the breach’s severity and will only notify people who have been affected and that it reported the incident to a federal law enforcement agency.

    NRHN has four inpatient hospitals in New Hampshire and more than 25 outpatient rehabilitation clinics across Massachusetts and New Hampshire.

    The company said while it is still investigating the breach’s extent, the information that could have been stolen includes patients’ names, contact information, dates of birth, Social Security numbers, driver’s license and ID numbers, financial account information, diagnoses, treatments and health insurance information.

    NRHN has asked for patients to remain vigilant and, if they believe they are a victim of this breach, to contact it by email at NRHNCyberInfo@northeastrehab.com.

    [ad_2]

    By Katelyn Sahagian | ksahagian@northofboston.com

    Source link

  • Salem State gets $624K grant for cybersecurity training center

    Salem State gets $624K grant for cybersecurity training center

    [ad_1]

    SALEM — Salem State University announced this week that it received a $624,437 grant to establish and operate a cybersecurity training facility on campus.

    The grant is part of the state’s Security Operations Center (SOC) Cyber Range Initiative, a program managed by Mass Tech’s MassCyberCenter that aims to help build a diverse generation of cybersecurity professionals through education, training and workforce development, according to a news release.

    “Massachusetts is committed to leading in cybersecurity and ensuring that all communities have the skills, resources and capacity to protect their businesses and residents,” Gov. Maura Healey said. “Congratulations to Salem State on this award and their efforts to grow the cyber workforce.”

    Lt. Gov. Kim Driscoll said how proud she is, “as Salem’s former mayor and a Salem State graduate … of the work the university is doing to teach students critical cybersecurity skills.

    “Cybersecurity affects every part of our community whether you are a small business, elementary school or local government office. The more cybersecurity professionals we have, the more we can ensure our communities are protected online,” Driscoll said.

    “Salem State is grateful to the Healey-Driscoll Administration and the MassCyberCenter for selecting us for this important partnership,” Salem State President John Keenan said. “This type of investment and professional relationships are a win-win for everyone involved.

    “Like our nursing and occupational therapy simulation labs, the CyberRange will imitate real-world problems for students to solve in real time,” he said.

    The funding is expected “to promote cybersecurity while also ensuring Massachusetts stays competitive in modern economic development,” said Yvonne Hao, state secretary of economic development and board chair of the Massachusetts Technology Collaborative.

    Salem State will join Bridgewater State University, Springfield Technical Community College and MassBay Community College as a critical part of a statewide network of cybersecurity educators, MassCyberCenter Director John Petrozzelli said.

    The award will support capital expenditures to construct the CyberRange and expenditures for the first year of operations.

    The center is expected to promote the Massachusetts cybersecurity ecosystem by working to build a strong cyber talent pipeline and to strengthen the defense of local communities.

    More information is available online at https://masscybercenter.org.

    [ad_2]

    By Buck Anderson | Staff Writer

    Source link

  • Did a Hacker Gang Create a Botnet Out of 3 Million Electric Toothbrushes?

    Did a Hacker Gang Create a Botnet Out of 3 Million Electric Toothbrushes?

    [ad_1]

    The answer is: No, but you’d be forgiven for having believed that was the case since a viral news story made the rounds earlier this week claiming it was so.

    The Animal Kingdom Imagines a World of Humans Turning Into Animals

    The story in question was published by a Swiss newspaper, Aargauer Zeitung, and claimed that three million electric toothbrushes had been tied into a botnet, which was then used by cybercriminals to carry out a financially damaging DDoS attack on a Swiss company’s website. The source of the story were researchers from Fortinet, a well-known security company based in California.

    This story, which sounded just crazy enough to be true, was subsequently recycled by numerous English-speaking outlets, including Tom’s Hardware, ZDNet, and others. There was a certain logic to it. Cybercriminals can be very creative when it comes to using smart hardware to build malicious networks; the Mirai cybercriminals notably used over 100,000 smart devices to build one of the most notorious botnets ever. Why not use a smart toothbrush or two?

    The problem, however, is that not all smart devices are built alike. The toothbrush story unraveled after security experts on X began chiming in about the ridiculousness of this scenario. Some said that it was basically impossible, given that smart toothbrushes connect to Bluetooth, not the internet. A story from 404 Media cited skeptical security experts, who called into question the validity of the narrative.

    Now, the story has been officially deemed false. According to Fortinet, the Swiss journalists who initially spread the story misinterpreted their researchers during an interview, which then caused U.S. outlets to uncritically pick up the false narrative and further circulate it. In a statement shared with ZDNet, Fortinet clarified that the toothbrush incident had not actually happened, and was more of a thought experiment than anything:

    “To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.

    Covering cybersecurity as a journalist can be tricky. Many stories are pitched as research by security companies, and those companies are incentivized to elaborate a bit in their research findings to get more attention for their business. Indeed, the Swiss newspaper at the center of the toothbrush drama has now come out and blamed Fortinet for falsely claiming that the story was real. The paper claims, in a statement posted to its website, that the excuse of a “translation error” is, itself, made up:

    [Translated from German by Google Translate] What the Fortinet headquarters in California is now calling a “translation problem” sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats…

    Fortinet provided specific details: information about how long the attack took down a Swiss company’s website; an order of magnitude of how great the damage was. Fortinet did not want to reveal which company it was out of consideration for its customers.

    The text was submitted to Fortinet for verification before publication. The statement that this was a real case that really happened was not objected to.

    Gizmodo reached out to Fortinet for more information on how this tall tale got so much circulation and will update our story if it responds.



    [ad_2]

    Lucas Ropek

    Source link

  • The No-Fly List Has Been Leaked, TSA Investigating ‘Cybersecurity Incident’

    The No-Fly List Has Been Leaked, TSA Investigating ‘Cybersecurity Incident’

    [ad_1]

    The Transportation Security Administration’s No-Fly List is one of the most important ledgers in the United States, containing as it does the names of people who are perceived to be of such a threat to national security that they’re not allowed on airplanes. You’d have been forgiven then for thinking that list was a tightly-guarded state secret, but lol, nope.

    A Swiss hacker known as “maia arson crimew” has got hold of a copy of the list—albeit a version from a few years ago—not by getting past fortress-like layers of cybersecurity, but by…finding a regional airline that had its data lying around in unprotected servers. They announced the discovery with the photo and screenshot above, in which the Pokémon Sprigatito is looking awfully pleased with themselves.

    As they explain in a blog post detailing the process, crimew was poking around online when they found that CommuteAir’s servers were just sitting there:

    like so many other of my hacks this story starts with me being bored and browsing shodan (or well, technically zoomeye, chinese shodan), looking for exposed jenkins servers that may contain some interesting goods. at this point i’ve probably clicked through about 20 boring exposed servers with very little of any interest, when i suddenly start seeing some familar words. “ACARS”, lots of mentions of “crew” and so on. lots of words i’ve heard before, most likely while binge watching Mentour Pilot YouTube videos. jackpot. an exposed jenkins server belonging to CommuteAir.

    Among other “sensitive” information on the servers was “NOFLY.CSV”, which hilariously was exactly what it says on the box: “The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth,” CommuteAir Corporate Communications Manager Erik Kane told the Daily Dot, who worked with crimew to sift through the data. “In addition, certain CommuteAir employee and flight information was accessible. We have submitted notification to the Cybersecurity and Infrastructure Security Agency and we are continuing with a full investigation.”

    That “employee and flight information” includes, as crimew writes:

    grabbing sample documents from various s3 buckets, going through flight plans and dumping some dynamodb tables. at this point i had found pretty much all PII imaginable for each of their crew members. full names, addresses, phone numbers, passport numbers, pilot’s license numbers, when their next linecheck is due and much more. i had trip sheets for every flight, the potential to access every flight plan ever, a whole bunch of image attachments to bookings for reimbursement flights containing yet again more PII, airplane maintenance data, you name it.

    G/O Media may get a commission

    Samsung Reserve

    Up to $100 credit

    Samsung Reserve

    Reserve the next gen Samsung device
    All you need to do is sign up with your email and boom: credit for your preorder on a new Samsung device.

    The government is now investigating the leak, with the TSA telling the Daily Dot they are aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners”.

    If you’re wondering just how many names are on the list, it’s hard to tell. Crimew tells Kotaku that in this version of the records “there are about 1.5 million entries, but given a lot are different aliases for different people it’s very hard to know the actual number of unique people on it” (a 2016 estimate had the numbers at “2,484,442 records, consisting of 1,877,133 individual identities”).

    Interestingly, given the list was uploaded to CommuteAir’s servers in 2022, it was assumed that was the year the records were from. Instead, crimew tells me “the only reason we [now] know [it] is from 2019 is because the airline keeps confirming so in all their press statements, before that we assumed it was from 2022.”

    You can check out crimew’s blog here, while the Daily Dot post—which says names on the list include members of the IRA and an eight year-old—is here.

    [ad_2]

    Luke Plunkett

    Source link

  • New Bedford fire lieutenant uses himself as human shield against flames

    New Bedford fire lieutenant uses himself as human shield against flames

    [ad_1]

    Fire Lt. uses himself as shield against flames

    [ad_2]

    Source link