UK government intelligence experts are investigating whether an ‘outage’ at the London Stock Exchange (LSE) last August may have been caused by a cyber-attack, it has emerged.
People familiar with the matter told the Wall Street Journal that GCHQ’s inquiries focus around the August 16 incident, which was described by the LSE at the time as “a technical software issue” which affected trading in FTSE 100 and 250 stocks, among others.
This led to one of the stock exchange’s worst outages in eight years, delaying the start of trading by over 90 minutes.
GCHQ reportedly wants to know whether hackers may have been able to take advantage of what was an IT system update at the time to disrupt markets.
Cyber-threats are listed in the group’s annual report as one of the LSE’s primary operational risks, with ransomware, data theft, DDoS and cloud computing all mentioned by name.
“The group’s technology and operational support providers, internal and third-party, could suffer a security breach resulting in the loss or compromise of sensitive information (both internal and external) or loss of services. Such a breach could materialize as a result of weaknesses in system controls or processes, or through the inadvertent or malicious actions of employees, contractors or vendors,” it added.
“A major information security breach that results in data and intellectual property loss, system unavailability or sensitive data leakage, could have a significant negative impact on our reputation, financial results and the confidence of our clients and could lead to fines and regulatory censure.”
For its part, the LSE has maintained that the incident was the result of a software configuration issue following an upgrade.
“London Stock Exchange takes its commitment to run orderly markets for its members seriously and has thoroughly investigated the root cause of the issue to mitigate against any future incidents,” a spokesperson told the paper.
The UK Treasury is also said to be involved in the investigation.
A US fundraising firm has been forced to close its doors after more than 60 years in business following a crippling ransomware attack in October.
The Heritage Company, based in Sherwood, Arkansas, let its 300 employees go just before Christmas, according to local reports.
“Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the key just to get our systems back up and running,” explained CEO Sandra Franecke in a December message to employees.
“Since then, IT has been doing everything they can to bring all our systems back up, but they still have quite a long way to go. Also, since then, I have been doing my utmost best to keep our doors open, even going as far as paying your wages from my own money to keep us going until we could recoup what we lost due to the cyber-attack.”
The ransomware took out the firm’s accounting systems and mail center so it had no way of processing and receiving funds and sending statements out, she added.
The firm, which describes itself as “the premiere and most experienced professional tele-fundraiser in the nation,” is still hopeful this is not the end of the road after six decades in business.
“The ONLY option we had at this time was to close the doors completely or suspend our services until we can regroup and reorganize and get our systems running again. Of course, we chose to suspend operations as Heritage is a company that doesn't like to give up,” said Franecke.
The incident is a timely reminder of the impact ransomware can have on small- and medium-sized businesses reliant on mission critical IT systems, but which have fewer resources or know-how to mitigate the risk of cyber-attacks.
“It would be easy to say that it wasn’t ransomware which brought about the apparent demise of The Heritage Company, but instead a lack of secure backups and a resilient disaster recovery plan,” observed security expert Graham Cluley.
Cybersecurity company Imperva today announced the appointment of Pam Murphy as CEO, effective immediately.
Murphy will take over from interim CEO Charles Goodman, who will continue to serve as chairman of the board.
“Imperva offers incredible solutions that help our customers navigate the complex and dynamic world of security, risk and compliance, while at the same time enabling progressive business transformation in an increasingly challenging marketplace,” Murphy said. “I’m looking forward to building on the foundation laid by our outstanding leadership team and capitalizing on Imperva’s market-leading products. Our relentless focus on our customers and their needs will always come first as we seize the many opportunities that lie ahead and significantly grow the business both domestically and internationally.”
Goodman added: “We’re excited to have Pam join us on our mission to protect critical assets from cyber-criminals’ ever-changing attacks. As an accomplished executive who has led operations for some of the world’s largest software companies, and demonstrated ability to deliver customer value on a massive scale, she is perfectly positioned to lead Imperva through our next phase of growth.”
A cyber-espionage group dubbed Bronze President has been targeting countries in South and East Asia.
Researchers at Secureworks' Counter Threat Unit (CTU) have observed the group spying on the activities of political and law enforcement organizations and NGOs.
The threat group seems to have developed its own remote access tools, which it uses alongside publicly available remote access and post-compromise toolsets to gain entry to a network.
Using publicly available open-source tools could be a deliberate ploy by the group to cover its tracks and reduce the risk of attribution.
Once inside, the threat actors elevate their privileges and install malware on a large proportion of systems. Bronze President then runs custom batch scripts to collect specific file types and takes proactive steps to minimize detection of its activities.
The threat actors appear to be monitoring their targets as they steal data from compromised systems over a long period of time. Countries that have been targeted include India and Mongolia.
Activity from the threat actors has been observed by Secureworks' researchers since mid-2018, but it's is thought that the group may have started causing trouble as early as 2014.
Among the group's phishing lures, researchers found emails suggesting an interest in national security, humanitarian, and law enforcement organizations in East, South, and Southeast Asia.
Researchers believe the Bronze President group is operating from a base within the People's Republic of China (PRC).
Connections were found between a subset of the group's operational infrastructure and PRC-based internet service providers. Furthermore, the group uses tools such as PlugX that have historically been leveraged by threat groups based in the PRC.
"It is likely that Bronze President is sponsored or at least tolerated by the PRC government. The threat group's systemic long-term targeting of NGO and political networks does not align with patriotic or criminal threat groups," wrote Secureworks' researchers.
The operational tactics of the group indicate that the crew behind it are highly organized.
Researchers noted: "Bronze President has demonstrated intent to steal data from organizations using tools such as Cobalt Strike, PlugX, ORat, and RCSession. The concurrent use of so many tools during a single intrusion suggests that the group could include threat actors with distinct tactics, roles, and tool preferences."
A class-action lawsuit has been filed against a Canadian laboratory testing company following a cyber-attack in which the data of 15 million of its customers was accessed by criminals.
Sensitive information exposed in the incident may have included customers' names, addresses, email addresses, logins, passwords, dates of birth, health card numbers, and lab test results.
The cyber-criminals who accessed the data were paid an undisclosed amount by LifeLabs in return for a promise to not make the information public.
On December 27, lawyers Peter Waldmann and Andrew Stein filed an unproven statement of claim in Ontario Superior Court in which LifeLabs is accused of breach of contract and negligence. The company is further accused of violating consumer protection laws and of violating their customers’ privacy and confidence.
It is further alleged that LifeLabs stored customers' personal information on unsecured networks or servers, failed to implement "any, or adequate, cyber-security measures," didn't encrypt data, and neglected to hire or train any personnel responsible for network security management.
According to Canadian Underwriter, Waldmann and Stein are seeking more than $1.13bn in compensation for LifeLabs' Canadian customers to make up for the mental anguish, wasted time, and damage to their credit reputation they have suffered. The plaintiffs are seeking additional punitive and moral damages.
In an open letter, LifeLabs CEO Charles Brown wrote that up to 15 million customers, almost all of them in Ontario and British Columbia, may have been affected by the data breach.
On December 18, a toll-free helpline, set up to field calls from concerned LifeLabs customers, received over 5,000 calls. According to CTV news, a second line had to be set up to deal with the volume of calls.
LifeLabs is owned by one of the biggest pension funds in Canada, the Ontario Municipal Employees Retirement System, which has $92 billion in assets.
The Austrian government has been hit by a cyber-attack that could be the work of a rival foreign power.
The attack, which was leveled against the country's Foreign Ministry, began late on Saturday night. A spokesperson for the ministry described the incident as "serious" and said that experts had warned it could continue for several days.
On the same day the attack was launched, at a congress held in the city of Salzburg, Austria's Green Party said that it was in favor of forming a coalition with the conservative People's Party.
The ministry said that the attack had been caught early and countermeasures had immediately been put in place. The signatures and the pattern of the attack suggest that it could be the work of a state-sponsored threat actor.
"Despite all intensive security measures, there is never 100 percent protection against cyber-attacks," the ministry said, before adding that other European countries had been affected by similar incidents in the past.
By Sunday, the ministry's official website was once again accessible.
Commenting on the news, Hugo van den Toorn, manager of offensive security at Outpost24, said: "It is true that despite the precautions taken and all the controls in place, a motivated attacker can always find a way through an organization’s defenses. Although we see an increase in politically motivated attacks over the past few years, we should remain vigilant in blaming certain threat actors or nation-states.
"As we also see that attribution remains difficult with cyber-attacks, past attacks have taught us that adversaries will attempt to make their attacks look like other actors in an attempt to avoid taking the blame or to provoke conflicting parties."
This latest incident in Austria follows the serious cyber-attack on the German government's IT network, which was launched in March 2018. A group of Russian-backed threat actors known as APT28 or Fancy Bear was suspected to be behind not only that attack, but also an earlier cyber-hit on the German parliament carried out in 2015.
APT28 are similarly suspected of waging cyber-warfare on entities in Eastern Europe and in the United States.
The US government has echoed concerns from the cybersecurity industry that Iranian state hackers could respond to the assassination of a top Tehran general with attacks on US critical infrastructure (CNI).
Widely considered the second most powerful man in Iran, Qassem Suleimani was killed by a US drone strike in Baghdad on Friday.
Military and political leaders in the country have warned of retribution, while signs posted along the vast funeral procession today are reported to have read: “Harsh revenge is awaiting.”
The Department for Homeland Security (DHS) has duly issued an alert warning of a terror threat on home soil, although it admitted “at this time we have no information indicating a specific, credible threat to the homeland.”
However, an attack could come with little or no warning, with cyber a likely vector, it said.
“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber-enabled attacks against a range of US- based targets,” the notice continued.
“Iran maintains a robust cyber program and can execute cyber-attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
On Saturday, the website of the government-run American Federal Depository Library Program (FDLP) was defaced with an image of a bloodied Donald Trump. Industry experts believe things could escalate even further.
John Hultquist, director of intelligence analysis at FireEye, warned of an uptick in cyber-espionage against government entities, designed to give Tehran a geopolitical advantage, and destructive attacks on CNI.
“Iran has leveraged wiper malware in destructive attacks on several occasions in recent years. Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations,” he added.
“We are concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously. In the past, subverting the supply chain has been the means to prolific deployment of destructive malware by Russian and North Korean actors.”
A booking site for customers of Japanese “love hotels” has been hacked, raising fears over follow-on identity fraud and blackmail attempts.
In a country known for its focus on convenience, love hotels are a popular feature in towns and cities, offering a place for amorous couples to bed down for a few hours or a whole night without needing to trek back to their tiny apartments.
In such establishments, privacy is of the utmost importance, with the check-in counter often designed so that guests can pay for a room without coming face-to-face with any hotel employees.
However, the compromise at Almex, which runs the popular HappyHotels[dot]jp site, threatens to unmask those guests.
In a notice, the firm said customer data including guest email addresses, handle name, birth date and gender, telephone number, log-ins, address and credit card information could all have been swiped by attackers.
“We sincerely apologize for the inconvenience and anxiety that may have caused our customers and other concerned parties. The service has been suspended because we are currently investigating the cause and taking measures,” it added.
“This password may have been leaked at this time, so if you use the same e-mail address and password as those of other companies 'services, please change the password of other companies' services as soon as possible.”
Given the sensitive nature of the website, and the fact that some users may have been visiting love hotels with someone other than their partner, there’s an obvious risk of online blackmail and extortion for guests who’ve been exposed.
According to recent stats, over a third (38%) of Japanese women claimed that their husband or boyfriend has cheated on them in the past, with the figure slightly lower (31%) for women that have cheated on their partners.
The websites of a major global currency exchange business are still down after a “software virus” struck the firm on New Year’s Eve last week.
London-headquartered Travelex, which describes itself as “the world's leading foreign exchange specialist,” operates online around the world and in airports, as well as supporting travel money services for several high street lenders in the UK.
A statement on its main UK website written in English, French, Japanese, German, Dutch, Italian and Czech claims that “planned maintenance” is the cause of the “temporary” outage and that it will be back online soon.
However, a notice posted to Twitter and the firm’s dot-com site reveals a different story — that a “software virus” discovered last Tuesday has “compromised some of its services.”
“As a precautionary measure in order to protect data and prevent the spread of the virus, we immediately took all our systems offline. Our investigation to date shows no indication that any personal or customer data has been compromised,” it explained.
“We have deployed teams of IT specialists and external cybersecurity experts who have been working continuously since New Year’s Eve to isolate the virus and restore affected systems.”
The firm’s bricks-and-mortar branches are still working as normal, Travelex added, but reports suggest that both the app and its services to UK banks are impacted.
Some experts suggested ransomware as a likely cause of the incident, with the firm praised for its speedy response.
“Having a well-tested resilience plan in place that covers the technical aspects, communication with the public and clear responsibilities for handling incidents can ultimately make a difference between a costly response and maintaining customer trust,” argued Iain Kothari-Johnson, financial services Lead for cybersecurity at Fujitsu UK.
“Break-glass incident response services, where experts are on-hand to rapidly investigate and mitigate threats, can also help reduce the financial and reputational impact of this type of incident and should be considered as part of any good resilience plan.”
Two days after singing megastar Mariah Carey had her Twitter account hacked, the same fate has befallen American actor and comedian Adam Sandler.
According to The Hollywood Reporter, a hacker or hackers compromised the account of the Happy Gilmore star yesterday to post a string of racist, sexist, and anti-Semitic tweets. Several of the barely literate messages contained the N-word.
In this latest celebrity Twitter hack, various tweets were retweeted from several other accounts, including one tweet from @MJerkme. Showing an extremely poor grasp of the English language, this missive, directed at former US president Barack Obama, described Donald Trump's predecessor as an "arangatang monkey."
The message went on to garble "u ruined my life when u messed with the food stamp rates i hate u forever retart."
Given the content of the tweets, this cyber-attack is, perhaps more than anything, a damning indictment of the American education system.
One thing the hacker(s) couldn't be accused of was political bias, since they took swipes at both the Democrats and the Republicans. In one tweet to @realDonaldTrump they accused the current US president of being "a racist cracker."
Other messages retweeted by the hacker(s) came from the Twitter account @iNuBLoM. This particular Twitter handle was referenced during Carey’s hack, which is believed to have been perpetrated by the Chuckling Squad hacking group.
The Chuckling Squad claimed responsibility for hacking Twitter CEO Jack Dorsey's Twitter account in August last year. Apparently, they haven't reached the level of comedic sophistication at which one can divine when a joke has gone on long enough.
According to reports, other tweets posted by the hacker(s) that appear to have been deleted referenced Carey’s hacking. In one, the poster claimed to have "just had phone sex with @MariaCarey."
While SIM-swapping was used to carry out the Dorsey hack, it is as yet unknown how Carey and Sandler's Twitter accounts came to be compromised.
The Sandler hack occurred at around 5:30 p.m. yesterday. According to Sandler's representative, the compromised account was locked as soon as the issue occurred.
Sandler's account, which is currently promoting the actor's latest film Uncut Gems, has 2.4 million followers.
A user who accessed their Xiaomi home security camera via their Google account was shown still images of strangers in unknown locations.
The Netherlands-based user, known as "Dio-V," was confronted with random snapshots from other people's lives after trying to stream content from a Xiaomi Mijia to a Google Nest Hub.
Dio-V reported the incident on Reddit yesterday. Along with footage to demonstrate the serious security flaw, Dio-V posted the comment: "When I load the Xiaomi camera in my Google home hub I get stills from other people's homes!!"
The still black and white images include shots of a baby lying down in a crib beneath a mobile and several different scenes in which strangers' living rooms, a staircase, and an enclosed porch area are depicted. In one restful scene, a mature gentleman is taking a nap in a kitchen.
Exactly when Dio-V's feed first began showing still images of other people's homes or how long the camera was connected to his Google account before this alarming situation started happening is not clear.
Dio-V said that the camera and the Nest Hub were both purchased new, ruling out any possibility that the incident involves a lingering connection with a previous owner.
Since learning of the flaw, Google has disabled Xiaomi integration for Google Home and the Assistant until a fix is found.
Google said: "We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices."
The Xiaomi Mijia 1080p Smart IP Security Camera that Dio-V used can be linked to a Google account for use with Google/Nest devices through Xiaomi's Mi Home app/service.
Commenting on the flaw, Xiaomi stated: "Upon investigation, we have found out the issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality. This has only happened in extremely rare conditions.
"In this case, it happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions. We have also found 1044 users were with such integrations and only a few with extremely poor network conditions might be affected.
"This issue will not happen if the camera is linked to the Xiaomi’s Mi Home app. Xiaomi has communicated and fixed this issue with Google, and has also suspended this service until the root cause has been completely solved, to ensure that such issues will not happen again."
After six and half years in the job, Ciaran Martin is to relinquish his role as head of UK cybersecurity.
The 45-year-old has announced plans to surrender his title of chief executive of the National Cyber Security Centre (NCSC) in the summer of 2020.
Oxford University graduate Martin, who has dedicated his entire working life to the UK civil service, described his years with the NCSC as "the privilege of a lifetime."
British government ministers established the NCSC four years ago on the recommendation of Martin, who was then appointed to lead it.
Martin in a statement: "When we created the NCSC we set out to achieve something truly special, and I hope and believe we are leaving UK cyber security in much better shape."
Martin, who was recently appointed a Companion of the Order of the Bath by Queen Elizabeth in the New Year's Honor's List, said that the time was ripe to bring a fresh perspective to the demanding role. However, he believes his successor will not be in for an easy ride.
"Challenges around securing technology are only going to get ever more complex," said Martin, "so it’s right that after six and a half years that someone else takes this world-class organization to the next level."
Britain's Government Communications Headquarters, commonly known as GCHQ, has said that a new NCSC chief executive will be appointed and in place by the end of the summer.
Martin joined the board of GCHQ in December 2013 as head of cybersecurity. His recommendation to set up the NCSC as a division of GCHQ was made after the 2015 election.
The NCSC now employs approximately 1,000 staff and operates from a head office in London's Victoria area on an annual budget of £250m. The center offers practical cybersecurity advice for individuals and organizations via a website.
Since its inception, the NCSC has dealt with over 2,000 cybersecurity incidents targeting the UK. In the 12 months ending August 2019, the NCSC supported nearly 900 British organizations to recover from cyberattacks.
A cryptocurrency exchange has been forced to reset customer passwords after a suspected data leak via social media, although its incident response efforts caused more confusion among some users.
US-based exchange Poloniex informed around 1% of its customer base that they had to reset their log-ins, following a tweet claiming to contain a list of leaked email/password combos.
However, customers took to Twitter warning that the email itself was a phishing scam, forcing the exchange to re-emphasize its legitimacy.
It followed-up with a blog post to clarify the situation.
“Our immediate priority was to ensure that our customers’ accounts were safe. As a result, we reset the passwords of potentially impacted customers, as users often reuse passwords or minor variants of the same password,” it explained.
“Our second priority was to determine the source of the leak and we can now confirm that neither this list, nor the information contained, originated from Poloniex. For those interested in our security protocols, we do not store passwords in plain text or a recoverable form, but rather we store them as salted bcrypt hashes.”
In fact, 90% of the compromised passwords on that list have already appeared on breach notification site HaveIBeenPwned?, it said.
“If you have a Poloniex account and did not receive an email from us related to this, you can be confident that your email address was not on the list,” the firm continued. “Less than 5% of the email addresses on the posted list were associated with Poloniex accounts.”
The incident highlights the increasing difficulty online firms are having to convince customers of the legitimacy of urgent communications, in light of a continued epidemic of phishing scams.
Following the collapse of UK travel agency Thomas Cook last year, UK banks were criticized for sending unsolicited text messages to affected customers containing clickable links.
A major US hospitality chain has revealed that POS malware affecting scores of its restaurant brands may have led to customer card data theft over several months in 2019.
Landry’s claimed in an incident notice this week that 63 of its food and beverage and restaurant concepts — including Morton’s, Bubba Gump and Rainforest Café — had been affected.
Although the firm switched its POS card machines to an end-to-end encrypted system following a 2016 breach, order entry systems were left unprotected — and it is these that are thought to have been affected by the malware.
“Besides the encryption devices used to process payment cards, our restaurants and food and beverage outlets also have order entry systems with a card reader attached for waitstaff to enter kitchen and bar orders and to swipe Landry’s Select Club reward cards,” the note continued.
“In rare circumstances, it appears waitstaff may have mistakenly swiped payment cards on the order entry systems. The payment cards potentially involved in this incident are the cards mistakenly swiped on the order-entry systems. Landry’s Select Club rewards cards were not involved.”
Customers that visited between March 13 2019 and October 17 2019 may have been affected, although at “a small number of locations” hackers may have accessed cards as early as January 18 2019, it said.
“The malware searched for track data (which sometimes has the cardholder name in addition to card number, expiration date, and internal verification code) read from a payment card after it was swiped on the order-entry systems,” said Landry’s.
“In some instances, the malware only identified the part of the magnetic stripe that contained payment card information without the cardholder name.”
This data is usually sold on the dark web by hackers, where it is used to create counterfeit cards. Although the advent of EMV cards has largely eradicated this type of fraud across Europe, slow adoption in the US means POS malware attacks like this still happen from time to time.
Last year, restaurant chain Huddle House suffered just such an attack after a third party POS vendor was compromised.
A US company targeted by ransomware has taken its fight to the Irish courts to have confidential data stolen by the same attackers removed from the web.
Southwire was struck by the Maze variant in December last year, with attackers demanding over $6m in ransom — not only for the decryption key, but also to regain company data that they exfiltrated.
However, the attackers reportedly grew frustrated with the firm’s refusal to pay up, and started publishing the data on a site called mazenews[dot]top.
That’s when the firm, which is one of America’s largest manufacturers of wire and cabling, enlisted its lawyers.
According to local reports, the company has secured an injunction in the Irish High Court against the registrants of the IP address linked to the “mazenews” site.
They’re said to work for a now-dissolved company called World Hosting Farm Limited (WHFL), with addresses in Cork and Dublin. The owner and director of the firm is Artur Grabowski of Stupsk, in Poland, according to the court documents.
Grabowski and the others named in connection with the IP address were all contacted by Southwire but failed to respond, hence the temporary injunction. It apparently requires the removal of all confidential information from the site and that no more material is published online.
Southwire is also said to have asked the judge to prevent media outlets from publishing its name in reporting of the court case, arguing that it would help the ransomware authors. However, Ms Justice Mary Rose Gearty refused.
Data theft is becoming increasingly common in ransomware attacks, raising the stakes for victim organizations.
Aside from Maze, strains such as Zeppelin, Snatch, Sodinokibi and Merry Christmas have all been observed exfiltrating sensitive data from targeted networks. The tactic is designed to force victim organizations to pay up to avoid their data being published, rather than simply ignore the ransom demands and restore from backup.
A data breach at a Chicago healthcare provider may have exposed the personal health information of 12,578 people.
Sinai Health System was breached in a cybersecurity incident that occurred in the fall of 2019. Hackers are thought to have gained unauthorized access to the organization’s email via a phishing attack.
Patient data that was stored in the email accounts and may have been exposed included names, addresses, dates of birth, Social Security numbers, health information, or health insurance information.
The healthcare provider became aware that two of its employees had been taken in by a phishing scam that struck in October.
In a statement released by Sinai Health System on December 19, the company wrote: "Sinai Health System (Sinai) has become aware of a potential data security incident that may have resulted in the inadvertent exposure of some patients’ personal and health information.
"On October 16, 2019, forensic information technology experts determined that patient information could be at risk after an unknown third party gained unauthorized access to two employee email accounts."
Following the discovery of the malicious attack, hospital officials took steps to secure the email accounts and reset passwords. Sinai Health System has also reviewed and revised its information security policies and procedures, including email retention procedures.
Employees of the healthcare provider were given additional cybersecurity training following the attack to reduce the risk of further breaches' occurring. The organization has also enhanced the filtering protocols for its email accounts.
An investigation into the incident launched by Sinai Health System uncovered no evidence that any patient information had been exfiltrated or misused.
Sinai Health System wrote: "Experts performed an investigation and found no evidence that any patient information was removed from Sinai Health System’s email accounts or systems.
"Further, Sinai is not aware of any misuse of any patient’s information and has seen no indication that any patient’s information is in the hands of someone it should not be as a result of this incident."
Information regarding the breach was submitted on December 13 to the Office for Civil Rights, which has launched its own investigation into the incident.
Sinai Health System is composed of Mount Sinai Hospital, Holy Cross Hospital, Schwab Rehabilitation Hospital, Sinai Children’s Hospital, Sinai Community Institute, Sinai Medical Group, and Sinai Urban Health Institute.
Hackers have taken over the Twitter account of five-time Grammy Award winner Mariah Carey and used it to send sexually suggestive messages referencing rapper Eminem.
Singing superstar Carey is used to being in the public eye, especially over the festive period when her massive hit "All I Want for Christmas Is You" is played the world over. However, on New Year's Eve the phenomenally successful singer and actress hit the headlines for an entirely different reason.
According to CNN, as the curtain fell on 2019, hackers broke into Carey's account and posted several offensive, racist, and downright lewd tweets. One tweet, reported by The Source, is said to have read: "Eminem can still hold this p***y."
Another tweet posted by the hackers, which bizarrely received 5,463 "likes" and was retweeted 4,014 times, read "Merry Christmas You Dumb Ass N****s!"
In further tweets making references to Eminem, the hackers wrote about the rapper's daughter and posted the comment "Eminem has a little p***s."
It is unclear whether the remarks were an embarrassingly weak attempt at humor or a tribute to Eminem's track "The Kids," in which the rapper describes the most private part of his anatomy as being the size of a peanut.
The hack occurred over several hours on Tuesday afternoon, with the last tweet posted by the infantile miscreants hitting social media at 3:35 p.m.
Carey has 21.4 million followers on Twitter. The singer took the hack in good humor, responding to the incident with a tweet of her own. At 9:51 p.m. on December 31, the vocalist quipped: "I take a freaking nap and this happens?"
It's believed that Carey was targeted by the notorious Chuckling Squad hacking group, which famously compromised the Twitter account of Twitter CEO Jack Dorsey in August after obtaining his cell phone number.
The group has also claimed responsibility for hacking other celebrity accounts, including that of actress Chloë Grace Moretz.
A Twitter spokesperson told The Hollywood Reporter: "As soon as we were made aware of the issue, we locked the compromised account and are currently investigating the situation."
American software company NortonLifeLock is planning to axe over 140 jobs in two states to cut costs.
According to a report published on December 30 in newspaper Community Impact, the security business plans to lay off 42 employees at their Granite Parkway site in Plano, Texas, in the coming months.
A total of 34 Plano positions are expected to be terminated by mid-January, with an additional eight roles expected to be scrapped by mid-February.
Texas isn't the only state in which NortonLifeLock plans to cut jobs in 2020. The San Francisco Business Times reported on December 31 that roughly 100 NortonLifeLock employees based in California will lose their jobs over the next few months.
Vincent Pilette, CEO of NortonLifeLock, told the newspaper that the company is not only axing jobs but also selling off real estate in a major effort to reduce costs and help drive earnings growth.
Arizona-based NortonLifeLock was previously known as Symantec. The company underwent a rebranding after its enterprise cybersecurity business was acquired by San Jose chipmaker Broadcom for around $11bn in the summer of 2019.
In recent weeks, the Wall Street Journal has reported that NortonLifeLock's cybersecurity rival McAfee may put in a bid to buy the company's consumer business, challenging existing private equity bidders Permira and Advent International.
On August 8, the same day that Broadcom's acquisition of Symantec was publicized, Symantec announced plans to lay off roughly 7 percent of its employees during fiscal year 2020.
At its Mountain View headquarters, 152 jobs were expected to be terminated, along with a further 18 positions in San Francisco and 36 roles in Culver City, Los Angeles County.
The layoffs were expected to have been completed by the end of March 2020, according to the San Francisco Chronicle.
NortonLifeLock has more than 11,000 employees worldwide and serves more than 50 million people with Norton antivirus software and LifeLock identity theft protection.
The Chronicle reported in September that the newly acquired Symantec would be closing or downsizing various facilities and data centers at an estimated cost of approximately $100m.
Chinese-owned video sharing app TikTok has been banned for use by US soldiers due to growing security concerns, according to reports.
Although military recruiters are using the app to encourage more young people to sign-up for service, owner ByteDance has come under increasing scrutiny in the US over its links to Beijing.
The new Defence Department guidance, seen by Military.com, points to “TikTok as having potential security risks associated with its use.
“Be wary of applications you download, monitor your phones for unusual and unsolicited texts etc., and delete them immediately and uninstall TikTok to circumvent any exposure of personal information,” it continued.
TikTok first came under fire for appearing to censor content related to pro-democracy protests in Hong Kong, and has since been the subject of an investigation by a powerful US committee.
The Committee on Foreign Investment in the United States (CFIUS) has launched an inquiry into whether the sensitive personal user data TikTok collects represents a national security risk. If it decides to turn this into a full investigation, it could spell bad news for the future of the app inside the US.
CFIUS reviews whether foreign acquisitions of US companies could harm the country’s interests. ByteDance didn’t seek the committee’s clearance when it bought US app Musical.ly (now TikTok), in 2017, so the new inquiry is apparently seen as fair game.
The US Army ban follows similar guidance from the US Navy. However, although these new rules apply to government-issued devices, soldiers could still technically use the app on their personal smartphones.
TikTok also released its first ever transparency report at the end of December. But far from alleviating concerns around its links to Beijing, the document raised more suspicions.
According to the document, it didn’t receive a single take down request from the Chinese government in the first half of 2019.
Microsoft has seized scores of domains thought to have been used by a North Korean threat group to support a spear-phishing and information-stealing campaign.
The tech giant secured a court order after filing against the “Thallium” group (aka APT37), enabling it to take control of 50 domains it said were being used to execute attacks against mainly US, but also Japanese and South Korean entities.
“This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information,” explained Microsoft VP of customer security and trust, Tom Burt.
“Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues.”
Victims are typically hit by spear-phishing attacks using info gathered from public sources to add legitimacy.
Clicking through on these will take the victim to a spoofed website requesting account log-ins. This strategy is designed to give Thallium attackers access to their emails, contact lists, calendar appointments and anything else of interest.
The group has also been observed setting up a mail forwarding facility so that it can continue to monitor a victim’s communications even after they have updated their account password, Burt explained.
“In addition to targeting user credentials, Thallium also utilizes malware to compromise systems and steal data,” he added.
“Once installed on a victim’s computer, this malware exfiltrates information from it, maintains a persistent presence and waits for further instructions. The Thallium threat actors have utilized known malware named ‘BabyShark’ and ‘KimJongRAT’.”
The takedown follows similar operations carried out by Microsoft against groups operating from China, Russia and Iran.
Back in July last year, the firm claimed it had warned 10,000 customers that they’d been targeted by nation state attacks over the previous 12 months, including hundreds of US political organizations.