Security News > 2020 > February

With the number of high profile breaches and hacks on medical facilities and the increasing "Cyberization" of healthcare in general, this question has been on many security professionals' minds for the last few years: Are medical devices safe from hackers? In fact, the FDA recently informed healthcare providers, facilities, and patients about potential cybersecurity vulnerabilities for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers. Then we will have a real medical device security crisis on our hands.

The Gone Phishing Tournament tested how susceptible people are to opening fraudulent emails and entering their login information. To prepare organizations for an attack, TerraNova Security held the Gone Phishing Tournament over five days in October, testing people at companies in 76 countries and 27 languages on how likely they were to open a malicious email and enter their information into a dangerous website.

The China-linked threat group tracked as Winnti was observed using a new variant of the ShadowPad backdoor in recent attacks targeting Hong Kong universities, ESET's security researchers report. One month later, the security researchers discovered a new campaign run by the Chinese hackers, targeting two Hong Kong universities with a new variant of the ShadowPad backdoor, the group's flagship tool.

A Federal Communications Commission investigation found that one or more U.S. wireless carriers violated federal law by selling consumer location data to third parties, according to a letter FCC Chairman Ajit Pai sent to congressional lawmakers. The findings described in the letter came from an investigation the FCC launched after the New York Times in 2018 reported about how the biggest wireless carriers, including AT&T, Verizon and T-Mobile, were giving real-time location data to third-party companies.

Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week. Victims are receiving emails threatening to expose their Ashley Madison accounts - along with other embarrassing data - to family and friends on social media and via email, unless they pay a Bitcoin ransom.

Australian courier company Toll has shut down several of its key systems after a "Security incident" last week, prompting a backlash from frustrated customers. A Reg reader who spoke to service reps over the phone told us Toll employees have been unable to provide information about their packages, or even to access their internal tracking database.

While a CTI team may be limited to SOC operations, an intelligence team can serve enterprise-wide concerns. Intelligence teams given broader mandates to support intelligence needs beyond the SOC, do not belong in it.

For individuals whose personal details were exposed, the impact of a data breach may last forever. Witness the 2015 data breach of extramarital dating site Ashley Madison, perpetrated by a group calling itself the Impact Team, which leaked 30 GB of data about subscribers.

A perv who reportedly hacked people's iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly three years. Tony Spencer of Victoria Hill, Eye, Suffolk, was found by Basildon Crown Court to have "Accessed iCloud accounts without the owners' consent" by using "Software", according to a police statement.

A perv who reportedly hacked people's iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly three years. Tony Spencer of Victoria Hill, Eye, Suffolk, was found by Basildon Crown Court to have "Accessed iCloud accounts without the owners' consent" by using "Software", according to a police statement.