Israeli hospital cancels non-urgent procedures following ransomware attack

Abstract

Israel’s National Cyber Directorate (INCD) is urging organizations across the country to bolster their cyber defenses following a disruptive ransomware attack against a hospital in Israel’s northwest.

The Hillel Yaffe Medical Center, situated in the city of Hadera, cancelled non-urgent procedures as staff reportedly resorted to using pen and paper after IT systems were disabled by a cyber-attack yesterday (October 13).

Indicators of compromise

The INCD, which is assisting with the hospital’s post-incident investigation and recovery, has shared indicators of compromise (IOCs) in order to help hospitals and other organizations spot evidence of similar network intrusions.

Evidence of unusual activity should be reported to the INCD, it added.

Read more

https://portswigger.net/daily-swig/israeli-hospital-cancels-non-urgent-procedures-following-ransomware-attack

Man charged with hack which shared COVID-19 test details in protest against vaccine pass

Abstract

Police in France have arrested and charged a 22-year-old man with hacking into a “secure” file-sharing systems used by a Parisian hospital trust, and stealing the COVID-19 test details for some 1.4 million people.

According to local media reports, the alleged hacker not only stole highly sensitive information from Assistance Publique – Hôpitaux de Paris (AP-HP), but also distributed the data as part of an anti-vaccine protest.

The French government requires individuals to carry a “vaccine pass” (known as a passe sanitaire)if they wish to enter cafés, bars, restaurants, museums, cinemas, and access events.

Read more in

https://grahamcluley.com/man-charged-with-hack-which-shared-covid-19-test-details-in-protest-against-vaccine-pass/

What Happened to Facebook, Instagram, & WhatsApp?

Abstract

Doug Madory is director of internet analysis at Kentik, a San Francisco-based network monitoring company. Madory said at approximately 11:39 a.m. ET today (15:39 UTC), someone at Facebook caused an update to be made to the company’s Border Gateway Protocol (BGP) records. BGP is a mechanism by which Internet service providers of the world share information about which providers are responsible for routing Internet traffic to which specific groups of Internet addresses.

———-

Update, 4:37 p.m. ET: Sheera Frenkel with The New York Times tweeted that Facebook employees told her they were having trouble accessing Facebook buildings because their employee badges no longer worked. That could be one reason this outage has persisted so long: Facebook engineers may be having trouble physically accessing the computer servers needed to upload new BGP records to the global Internet.

Read more in

https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/

Good move by Apple: Scanning for Child Sexual Abuse Material (CSAM) on iPhones

Abstract

Expanded Protections for Children

At Apple, our goal is to create technology that empowers people and enriches their lives — while helping them stay safe. We want to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material (CSAM).

Apple is introducing new child safety features in three areas, developed in collaboration with child safety experts. First, new communication tools will enable parents to play a more informed role in helping their children navigate communication online. The Messages app will use on-device machine learning to warn about sensitive content, while keeping private communications unreadable by Apple.

Next, iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy. CSAM detection will help Apple provide valuable information to law enforcement on collections of CSAM in iCloud Photos.

Read more in

https://www.apple.com/child-safety/

FBI 2020 Elder Fraud Report : 1 Billion loss

In 2020, IC3 received a total of 791,790 complaints with reported losses exceeding $4.1 billion. Based on the information provided in the complaints, approximately 28% of the total fraud losses were sustained by victims over the age of 60, resulting in approximately $1 billion in losses to seniors. This represents an increase of approximately $300 million in losses reported in 2020 versus what was reported by victims over 60 in 2019.

The initial contact in a lottery/sweepstakes scam is often a call, an email, a social media notification, or a piece of mail offering congratulations for winning a big contest, lottery, or sweepstakes the victim did not enter. To claim their prize, the victim is required to pay upfront fees and taxes. Subjects often request the payments be made via wire transfers or prepaid cards. Often, the scammers will ask for a victim’s banking information to transfer their winnings.

Read more in

Click to access 2020_IC3ElderFraudReport.pdf