Attacks/Breaches

6/29/2018
09:35 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail

The 6 Worst Insider Attacks of 2018 So Far

Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
1 of 7

Image Source: Adobe Stock (Andrea Danti)

Image Source: Adobe Stock (Andrea Danti)

1 of 7
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
100%
0%
No SOPA,
User Rank: Ninja
7/13/2018 | 9:58:34 AM
Yet Another Healthcare Breach - A Solution Soon?
Nuance is yet another healthcare breach that begs the question: When are Electronic Health Record (EHR) and medical application vendors going to wise up? In the EHR world (and even in the paper record world) de-identified patient data is an important step in the records workflow. Patient health information (PHI) from a medical record is stripped of all direct identifiers that can be used to identify the patient the record belongs to. Here's an idea inspired by that process that might actually work:

1. Any healthcare software vendor that houses patient data would be regulated to do the following:

a. Write into their PHI-housing software a feature that 1) encrypts PHI upon entry to the application, 2) ONLY decrypts the information for viewing and editing within the application based upon Multi-Factor Authentication (MFA) that could include user credentials, network IP signatures and local system certificates, etc. and 3) any attempt to extract the encrypted data outside the application database would results in a useless blob of encrypted information.

2. Any healthcare software vendor who did not execute #1 would be fined and withheld from Federal money until they achieved that task; perhaps incentives could be offered to encourage them, too.

This model is possible and while it took a long time just to move to EHRs, having the EHR and all the other medical software applications saves no money at all if they keep getting breached. The model above would protect PHI even from insider attacks because in order for anyone to read the PHI they would have to have all the required elements, including the application server, app client, local certificates, user logins, IP signatures and so on for the data to decrypt for viewing. Potentially massive PHI data breaches could be a thing of the past with something like this in place.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
7/13/2018 | 8:26:25 AM
Re: Whistleblowing
SUNTRUST had a horrible reputation in the IT field for firing a ton of workers to train Indian replacements and sign non-disclosures.  Theyhave zero respect for IT as it relates to corp and fully deserve what they bought. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/3/2018 | 6:03:06 AM
Whistleblowing
Frankly, given the CEO's penchant for bombast, overstatement, and self-aggrandizement, I'm not entirely sure I personally find the Tesla employee's claims as untrustworthy here.

Moreover, employers tend to find whistleblowing to be just as much sabotage as actual wrench-throwing.

Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6157
PUBLISHED: 2019-04-22
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
CVE-2015-1343
PUBLISHED: 2019-04-22
All versions of unity-scope-gdrive logs search terms to syslog.
CVE-2016-1573
PUBLISHED: 2019-04-22
Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.
CVE-2016-1579
PUBLISHED: 2019-04-22
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C...
CVE-2016-1584
PUBLISHED: 2019-04-22
In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input.