You are here
Home > Author: Peter Glock

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

R1 RCM Inc. [NASDAQ:RCM], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc., Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. The

Surge in cyber attacks targeting open source software projects

TTL;DR don't place any trust in anyone else securing the open source components of your software stack. This is your opportunity to contribute back to the OSS community by actively looking for and fixing vulnerabilities...: [...] According to the report, 929 next generation software supply chain attacks were recorded from July 2019 through May 2020. By comparison 216 such attacks were recorded in the four years between February 2015 and June 2019. The difference between “

Incident Response Exercises Not Taken Seriously by Business Leaders

We carry out fire drills on a regular basis, and make everyone leave the building, why don't businesses take cyber incident practise seriously?...: Only 2% of organizations have run incident response scenarios related to the pandemic response. According to research by Immersive Labs of 402 organizations, nearly 40% are not fully confident in their teams training to handle a data breach if one occurred, and 65% of exercises consist of reviewing PowerPoint slides. In an

Internet of Things: How the UK’s Regulatory Plans Could Raise Compliance Standards

Good. I want to see (and be able to trust) the 'Kite Mark' on IoT devices...: [...] The U.K.-based members of the supply chain will bear the regulatory burden. However, overseas manufacturers will be required to amend their product design and security policies in line with the regulations to meet contractual requirements with U.K. importers and distributors. The U.K. government proposes designating a regulator that will monitor industry compliance. The proposals include t...

Why & Where You Should You Plant Your Flag

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurity observed back in 2018, many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — incl

Zoom Vulnerabilities Demonstrated in DEF CON Talk

I'm more interested in Zoom's ability to patch and roll out updates than in the vulnerabilities existing...: [...] In a write-up, Ahmed explained the flaws he found and how Zoom responded. One of the flaws was in the Zoom Launcher implementation. Attackers could exploit Zoom Launcher for Linux to run their own software, which he says "breaks all of the protection of application whitelisting" and could let malware run as a subprocess of Zoom. Attackers would need to compro

Microsoft Patch Tuesday, August 2020 Edition

Here we go again...: Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! At least 17 of the bugs squashed in August’s patch batch address vulnerabilities Microsoft rates as “critical,” meaning they can be exploited by miscreants or malw

Hackers exploit legitimate admin tools in 30% of successful cyber attacks

Who has access to PowerShell in your organisation? Do you allow local admin accounts? Maybe it's time to run a validation tool to check what policies are actually running on your endpoints and servers...: [...] In total, the analysis of anonymized data from incident response (IR) cases showed that 18 various legitimate tools were abused by attackers for malicious purposes. The most widely used one was PowerShell (25% of cases). This powerful administration tool can be used f

Travelex driven into financial straits by ransomware attack

There are two immediate lessons to draw from this: 1. Review your backup and archive process, especially how you would restore systems in the case of data loss; 2. Review your cyber risk cover, will it keep your business viable?...: The double-whammy of getting hit with a ransomware attack last New Year’s Eve that sidelined its global operations for two-and-a-half weeks coupled with COVID-19’s toll on air travel, put currency exchange provider Travelex into administration, t

Securing human resources from cyber attack

I see 'use a VPN' advice being handed out every time remote working is being discussed. To save overwhelming your data centre internet connections, let me modify that advice: 'For cloud services (e.g. 365, Google Apps...), point your end users directly at the service provider. Use a VPN for services that can only be serviced from your own data centre'...: [...] In today’s world, HR users working from somewhere other than the office is not unusual. With this freedom comes the