A report published this evening by Symantec outlines the rocky year consumers and business owners had online in 2017, covering everything from coin mining attacks and problems in the supply chain to ransomware, BEC attacks, and more. There was a shift in attack types and patterns as criminals adjusted their tactics to deal with constant exposure via media coverage and responsive security teams. To read this article in full, please click here ..read more

Nuance Communications, a software company that offers speech and imaging technology to a number of markets, including healthcare and finance, said the 2017 NotPetya malware attacks caused the company to lose $92 million in revenue, and that number is expected to grow as they push forward into 2018. The NotPetya disclosure was referenced in the company's latest 10-Q filing with the Securities and Exchange Commission (SEC). According to the filing, the June 27, 2017 attack affected systems used by their healthcare customers, primarily for transcription services, and systems used by their imaging ..read more

A group of hackers from North Korea (DPRK), recently connected to the usage of an Adobe Flash zero-day vulnerability (CVE-2018-4878), has expanded its operations in both scope and sophistication, FireEye says. With a tool-set that includes zero-day vulnerabilities, destructive malware, and lack of concern when it comes to breaking norms and exasperating heightened tensions in Northeast Asia, the group should be taken seriously. "We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns ..read more

[Note: After a story about "Cybersecurity PTSD" was published on February 6 to CSO Online, Salted Hash received a number of comments related to it. Magen Wu has written a rebuttal to that article, which Salted Hash has agreed to host. The words that follow are her own, and reflect her views and opinions. -Steve Ragan, Salted Hash.] On February 6, an article was published on CSO Online [archive of the original post] that attempted to detail a previously unheard-of phenomenon called “Cybersecurity PTSD”. At no point in the article is this term defined, nor its symptoms discussed. To read this ar ..read more

Allscripts, the billion-dollar electronic health record (EHR) company headquartered in Chicago, IL said they were still working to recover from a ransomware attack that left several applications offline after data centers in Raleigh and Charlotte, NC were infected on Thursday. In a conference call for customers on Saturday, which Salted Hash listened-in on, Allscripts’ Jeremy Maxwell, director of information security, said their PRO EHR and Electronic Prescriptions for Controlled Substances (EPCS) services were the hardest hit by the ransomware attack. Other services had availability issues as ..read more

OnePlus, the company behind a popular line of Android devices, said on Friday that up to 40,000 customers might be at risk after a malicious script compromised payment card data during the checkout process. Word of the data breach followed numerous reports from customers related to fraudulent charges, which led the company to suspend credit card payments. In a letter to impacted customers OnePlus apologized for the incident, warning them that their credit card number, expiration date, and security code was likely compromised. To read this article in full, please click here ..read more

It's an IoT nightmare. One that is entirely preventable. Two researchers have disclosed problems with hundreds of vulnerable GPS services using open APIs and trivial passwords (123456), resulting in a multitude of privacy issues including direct tracking. Further, many of the vulnerable services have open directories exposing logged data. For some, the vulnerabilities discovered and disclosed by Vangelis Stykas (@evstykas) and Michael Gruhn (@0x6d696368) aren't new. They were disclosed during Kiwicon in 2015 by Lachlan Temple, who demonstrated flaws in a popular car tracking immobilization dev ..read more

After being contacted by Salted Hash about a possible data breach, Gwinnett Medical Center(GMC), a not-for-profit network of healthcare providers in Gwinnett County, Georgia, has confirmed they're investigating what they're calling an IT incident. Salted Hash first became aware of a possible data breach at GMC late last week, but the exact details surrounding the incident were not immediately available. What we learned was that on Saturday (Sept. 29), IT staff at GMC Lawrenceville became aware of an incident involving several hundred patient records at the least. Immediately following the disc ..read more

On Friday, Facebook’s VP of product management Guy Rosen, coordinating with a Facebook post by founder Mark Zuckerberg, said the company discovered someone had abused access tokens for 50 million users on Tuesday afternoon. [Note: This story was updated on October 12, with new information concerning the number of accounts impacted] While the impacted accounts only represent a small fraction of the billions of monthly active users worldwide, the incident is still significant, as the abused tokens enable full access to a person's account. To read this article in full, please click here ..read more

Here's an interesting, if not outright comical, story for those of you just coming back to work after a long Labor Day weekend. Scammers are pretending to be a well-known CNN anchor and offering serious cash to anyone looking to be a security commentator on air. Earlier this afternoon, Salted Hash was contacted by a trusted source who shared a screenshot of a recent text conversation a friend and fellow security professional had. The potential victim in this story did not want their name or organization referenced on the record. The person responsible for the text messages pretends to be CNN's ..read more