Dell Hell Redux — More Personal Info Stolen by ‘Menelik’
Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense.
The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.
Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense.
The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.
“Right now it is crazy. Nurses are running around. Doctors are running around. There’s no computers whatsoever they can use," Lopez said. "So, they’re actually using charts.”Lisa Watson, a nurse at Ascension Via Christi St. Joseph in Wichita, Kansas, told another local news outlet that the hospital shut down its operating rooms on Wednesday following the cybersecurity issue. She also said that system’s, which the hospital uses to scan medications of patients was down, along with their electronic charts.
“We are paper-charting all medications, and all lab orders are being hand-written and sent by pneumatic tube systems to the unit they’re supposed to go to,” said Watson.
“No one knew where the forms were. Thank god we have a separate sign out with our pts (patients) meds. Nurses were writing them down from memory. This is a new reality we need to be better prepared,” Sirianni wrote on platform X.
“We have endless incessant modules about stupid policies to save hospitals money but never about downtime protocol,” she added.Lopez is also concerned that his personal information was possibly at risk but said he has not received a convincing answer from the authorities yet. "They really didn’t tell me if it was protected or not," he said. "They really kind of just brushed it off when I asked them. They say they’re trying to get everything back on, back on track." **Update on May 10, 1 AM ET** The company in a Thursday update said that it did not have a definite timeline to restore systems that were pulled offline as a result of the cybersecurity incident.
“Systems that are currently unavailable include our electronic health records system, MyChart (which enables patients to view their medical records and communicate with their providers), some phone systems, and various systems utilized to order certain tests, procedures and medications.”It added that patient care was being provided with established downtime protocols and procedures, in which Ascension's workforce is well trained. “It is expected that we will be utilizing downtime procedures for some time. Patients should bring to their appointment notes on their symptoms and a list of current medications and prescription numbers or the prescription bottles so their care team can call in medication needs to pharmacies,” the update said. As a precautionary measure, some non-emergent elective procedures, tests and appointments have been temporarily paused and patients appointments or procedures will need to be rescheduled.
“Due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately.”
Last week, Microsoft announced the public preview of external authentication methods (EAM) for Entra ID. As a close partner, HYPR has worked extensively with Microsoft on the new offering and we are excited to be one of the first external authentication method integrations. This means organizations can now choose HYPR phishing-resistant authentication for their Entra ID MFA method, use it in Entra ID Conditional Access policies, Privileged Identity Management, and more.
The post HYPR and Microsoft Partner on Entra ID External Authentication Methods appeared first on Security Boulevard.
Google is encouraging the adoption of multi-factor authentication to protect against phishing and other cyberattacks. It hopes 2-Step Verification (2SV) can help.
The post Google Makes Implementing 2FA Simpler appeared first on Security Boulevard.
CEO Andrew Witty testified before Congress on Wednesday, disclosing a significant cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group. UnitedHealth Group CEO revealed that hackers breached the company's computer system, releasing ransomware after stealing someone's password.
The cybercriminals exploited a portal lacking multifactor authentication (MFA), a basic cybersecurity safeguard.
During an hour-long congressional hearing, Witty informed lawmakers that the company has not yet determined how many patients and healthcare professionals were impacted by the cyberattack on Change Healthcare in February. The hearing, which focused on how hackers gained access to Change Healthcare, a separate division of UnitedHealth, raised questions about the lack of basic cybersecurity measures before the cyberattack. "Change Healthcare was a relatively older company with older technologies, which we had been working to upgrade since the acquisition," Witty explained. But for some reason, which we continue to investigate, this particular server did not have MFA on it.The breach at Change Healthcare echoes a similar incident in March 2024, where Refuah Health Center faced a cyberattack due to the lack of MFA. The New York Attorney General's office intervened, resulting in a $1.2 million investment by Refuah in enhancing cybersecurity measures. The health center also agreed to pay $450,000 in penalties and costs, resolving allegations of inadequate cybersecurity controls.
Prioritizing Cybersecurity in Healthcare Both incidents highlight the critical importance of implementing strong cybersecurity measures, especially in the healthcare sector. With patient data at stake, organizations must invest in multifactor authentication and other advanced security protocols to safeguard sensitive information. As cyber threats continue to evolve, proactive measures are essential to protect the privacy and security of patient data. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.It takes a little to receive a lot of online hate today, from simply working as a school administrator to playing a role in a popular movie or video game.
But these moments of personal crisis have few, immediate solutions, as the current proposals to curb and stem online harassment zero in on the systemic—such as changes in data privacy laws to limit the personal information that can be weaponized online or calls for major social media platforms to better moderate hateful content and its spread.
Such structural shifts can take years (if they take place at all), which can leave today’s victims feeling helpless.
There are, however, a few steps that everyday people can take, starting now, to better protect themselves against online hate and harassment campaigns. And thankfully, none of them involve “just getting off the internet,” a suggestion that, according to Leigh Honeywell, is both ineffective and unwanted.
“The [idea that the] answer to being bullied is that you shouldn’t be able to participate in public life—I don’t think that’s okay,” said Honeywell, CEO and co-founder of the digital safety consultancy Tall Poppy.
Speaking to me on the Lock and Code podcast last month, Honeywell explained that Tall Poppy’s defense strategies to online harassment incorporate best practices from Honeywell’s prior industry—cybersecurity.
Here are a few steps that people can proactively take to limit online harassment before it happens.
One of the first steps in protecting yourself from online harassment is finding out what information about you is already available online. This is because, as Honeywell said, much of that information can be weaponized for abuse.
Picture an angry diner posting a chef’s address on Yelp alongside a poor review, or a complete stranger sending in a fake bomb threat to a school address, or a real-life bully scraping the internet for embarrassing photos of someone they want to harass.
All this information could be available online, and the best way to know if it exists is to do the searching yourself.
As for where to start?
“First name, last name, city name, or other characteristics about yourself,” Honeywell said, listing what, specifically, to search online.
It’s important to understand that the online search itself may not bring immediate results, but it will likely reveal active online profiles on platforms like LinkedIn, X (formerly Twitter), Facebook, and Instagram. If those profiles are public, an angry individual could scrape relevant information and use it to their advantage. Even a LinkedIn profile could be weaponized by someone who calls in fake complaints to a person’s employer, trying to have them fired from their position.
In combing through the data that you can find about yourself online, Honeywell said people should focus on what someone else could do with that data.
“If an adversary was trying to find out information about me, what would they find?” Honeywell said. “If they had that information, what would they do with it?”
You’ve found what an adversary might use against you online. Now it’s time to take it down.
Admittedly, this can be difficult in the United States, as Americans are not protected by a national data privacy law that gives them the right to request their data be deleted from certain websites, platforms, and data brokers.
Where Americans could find some help, however, is from online resources and services that streamline the data removal process that is enshrined in some state laws. These tools, like the iOS app Permission Slip, released by Consumer Reports in 2022, show users what types of information companies are collecting about them, and give user the opportunity to request that such data be deleted.
Separately, Google released on online tool in 2023 where users can request that certain search results that contain their personal information be removed. You can learn more about the tool, called “Results about you,” here.
When all else fails, Honeywell said that people shouldn’t be afraid to escalate the situation to their state’s regulators. That could include filing an official complaint with a State Attorney General, or with the Consumer Financial Protection Bureau, or the Federal Trade Commission.
“It sounds like the big guns,” Honeywell said, “but I think it’s important that, as individuals, we do what we can to hold the companies that are creating this mess accountable.”
If an adversary can’t find your information through an online search, they may try to steal that information by hacking into your accounts, Honeywell said.
“If I’m mad at David, I’m going to hack into David’s email and share personal information,” Honeywell said. “That’s a fairly standard way that we see some of the worst online harassment attacks escalate.”
While hackers may have plenty of novel tools at their disposal, the best defenses you can implement today are the use of unique passwords and multifactor authentication.
Let’s first talk about unique passwords.
Each and every single one of your online accounts—from your email, to your social media profiles, to your online banking—should have a strong, unique password. And because you likely have dozens upon dozens of online accounts to manage, you should keep track of all those passwords with a devoted password manager.
Using unique passwords is one of the best defenses to company data breaches that expose user login credentials. Once those credentials are available on the dark web, hackers will buy those credentials so they can attempt to use them to gain access to other online accounts. You can prevent those efforts going forward by refusing to repeat passwords across any of your online accounts.
Now, start using multifactor authentication, if you’re not already.
Multifactor authentication is offered by most major companies and services today, from your bank, to your email, to your medical provider. By using multifactor authentication, also called MFA or 2FA, you will be required to “authenticate” yourself with more than just your password. This means that when you enter your username and password onto a site or app, you will also be prompted with entering a separate code that is, in many cases, sent to your phone via text or an app.
MFA is one of the strongest protections to password abuse, ensuring that, even if a hacker has your username and password, they still can’t access your account because they will not have the additional authentication that is required to complete a login.
In the world of cybersecurity, these two defense practices are among the gold standard in stopping cyberattacks. In the world of online harassment, they’re much the same—they work to prevent the abuse of your online accounts.
Online harassment is an isolating experience, but protecting yourself against it can be quite the opposite. Honeywell suggested that, for those who feel overwhelmed or who do not know where to start, they can find a friend to help.
“Buddy up,” Honeywell said. “If you’ve got a friend who’s good at Googling, work on each other’s profile, identify what information is out there about you.”
Honeywell also recommended going through data takedown requests together, as the processes can be “extremely tedious” and some of the services that promise to remove your information from the internet are really only trying to sell you a service.
If you’re still wondering what information about you is online and you aren’t comfortable with your way around Google, Malwarebytes has a new, free tool that reveals what information of yours is available on the dark web and across the internet at large. The Digital Footprint Portal, released in April, provides free, unlimited scans for everyone, and it can serve as a strong first step in understanding what information of yours needs to be locked down.
To learn what information about you has been exposed online, use our free scanner below.