Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
On Wednesday night, staff at several major public hospitals were sent an
urgent memo informing them of an issue with the Sunrise EMR computer system.
The system was duplicating the last digit of dosage quantities, with
patients potentially receiving more than 10 times the necessary amount of
medication.
"It's added another digit and replicated the last digit, so if you were to
have 17 milligrams, it would have prescribed 177 milligrams," SA Health CEO
Chris McGowan told ABC Radio Adelaide's David Bevan.
"It was a generic issue in the prescribing software. It's a patch relating
to upgrading to Microsoft 10. That's the operating hypothesis at least, but
that's being checked and that'll all be part of the review.
Source: Health boss unsure how many hospital patients were overdosed due to
Windows upgrade
https://www.abc.net.au/news/2021-05-07/sa-health-unsure-of-patient-impact-of-medication-dosage-bungle/100122958
[Simon Scott noted this story at
https://www.abc.net.au/news/2021-05-06/sa-sunrise-dosing-error-hospitals-dosing-glitch/100122642
and he commented:
[I] always used to think it's only IT, not life or death...
PGN]
Colonial Pipeline, which carries 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack, once again demonstrating <https://thehackernews.com/2021/02/hacker-tried-poisoning-water-supply.html> how infrastructure is vulnerable to cyberattacks. "On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack," the company said <https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption> in a statement posted on its website. "We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems." Colonial Pipeline is the largest refined products pipeline in the U.S., a 5,500 mile (8,851 km) system involved in transporting over 100 million gallons from the Texas city of Houston to New York Harbor. Cybersecurity firm FireEye's Mandiant incident response division is said to be assisting with the investigation, according to reports from Bloomberg <https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown> and The Wall Street Journal <https://www.wsj.com/articles/cyberattack-forces-closure-of-largest-u-s-refined-fuel-pipeline-11620479737>, with the attack linked to a ransomware strain called DarkSide. [...] <https://chuongdong.com/reverse engineering/2021/05/06/DarksideRansomware/> https://thehackernews.com/2021/05/ransomware-cyber-attack-forced-largest.html [See also Cyberattack Forces a Shutdown of Colonial Pipeline, noted by Jan Wolitzky: <https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html> PGN]
More than 200 organisations across Belgium including the government and parliament were affected by a DDoS attack that overwhelmed them with bad traffic. [...] https://www.zdnet.com/article/this-massive-ddos-attack-took-large-sections-of-a-countrys-internet-offline/
https://seekingalpha.com/news/3693620-dogecoin-tumbles-nearly-50-after-musk-calls-it-a-hustle-on-snl Also this [PGN-combined]: The Internet Was Furious After Robinhood's Servers Crashed While Watching Dogecoin Prices Plummet During Elon Musk's SNL Appearance (BroBible) https://brobible.com/culture/article/dogecoin-prices-elon-musk-robinhood/
Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures <https://thehackernews.com/2021/04/fbi-cisa-uncover-tactics-employed-by.html> of their attack methods, according to a new advisory <https://us-cert.cisa.gov/ncas/current-activity/2021/05/07/joint-ncsc-cisa-fbi-nsa-cybersecurity-advisory-russian-svr> jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operators appear to have reacted [...] by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders," the National Cyber Security Centre (NCSC) said. <https://www.ncsc.gov.uk/news/joint-advisory-further-ttps-associated-with-svr-cyber-actors> These include the deployment of an open-source tool called Sliver <https://github.com/BishopFox/sliver> to maintain their access to compromised victims as well as leveraging the ProxyLogon flaws in Microsoft Exchange servers to conduct post-exploitation activities. The development followed the public attribution <https://thehackernews.com/2021/04/us-sanctions-russia-and-expels-10.html> of SVR-linked actors to the SolarWinds <https://thehackernews.com/2021/04/researchers-find-additional.html> supply-chain attack last month. The adversary is also tracked under different monikers, such as Advanced Persistent Threat 29 (APT29), the Dukes, CozyBear, and Yttrium. The attribution was also accompanied by a technical report detailing five vulnerabilities that the SVR's APT29 group was using as initial access points to infiltrate U.S. and foreign entities. [...] https://thehackernews.com/2021/05/top-11-security-flaws-russian-spy.html
A mental health startup built its business on easy-to-use technology.
Patients joined in droves. Then came a catastrophic data breach.
https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/
[Very long item by William Ralston, 04 May 2021. The final paragraph
is PGN-appended.]
If the scale of the attack was shocking, so was its cruelty. Not just
because the records were so sensitive; not just because the attacker, or
attackers, singled out patients like wounded animals; but also because,
out of all the countries on earth, Finland should have been among the
best able to prevent such a breach. Along with neighboring Estonia, it
is widely considered a pioneer in digital health. Since the late 1990s,
Finnish leaders have pursued the principle of *citizen-centered,
seamless* care, backed up by investments in technology
infrastructure. Today, every Finnish citizen has access to a highly
secure service called Kanta, where they can browse their own treatment
records and order prescriptions. Their health providers can use the
system to coordinate care.
https://www.youtube.com/watch?v=YkzYMi-PY5U The risk? The train always wins.
At hearing, USPS admits it hasn't studied most impacts of their plans to drastically slow down the mail, and claims that slowing down the mail won't actually slow down the mail. Pure Trump, even with Trump gone. https://www.govexec.com/management/2021/05/usps-defends-slower-mail-proposal-its-regulator/173780/
A race is on to produce lithium in the United States, but competing projects are taking very different approaches to extracting the vital raw material. Some might not be very green. The Lithium Gold Rush: Inside the Race to Power Electric Vehicles https://www.nytimes.com/2021/05/06/business/lithium-mining-race.html Different shades of green.
[via Dave Farber] Jon Porter@JonPorty 7 May 2021 There is scant evidence to support manufacturers' justifications for repair restrictions https://www.theverge.com/2021/5/7/22424363/ftc-repair-restrictions-report-nixing-the-fix-smartphones-automakers FTC report: https://www.ftc.gov/system/files/documents/reports/nixing-fix-ftc-report-congress-repair-restrictions/nixing_the_fix_report_final_5521_630pm-508_002.pdf
An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. Called 'Moriya <https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/>,' the malware is a "passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for the malware and respond to them," said Kaspersky researchers Mark Lechtik and Giampaolo Dedola in a Thursday deep-dive. The Russian cybersecurity firm termed the ongoing espionage campaign 'TunnelSnake <https://usa.kaspersky.com/about/press-releases/2021_operation-tunnel-snake-formerly-unknown-rootkit-used-to-secretly-control-networks-in-asia-and-africa>.' Based on telemetry analysis, less than 10 victims around the world have been targeted to date, with the most prominent targets being two large diplomatic entities in Southeast Asia and Africa. All the other victims were located in South Asia. The first reports of Moriya emerged last November when Kaspersky said it discovered the stealthy implant in the networks of regional inter-governmental organizations in Asia and Africa. Malicious activity associated with the operation is said to have dated back to November 2019, with the rootkit persisting in the victim networks for several months following the initial infection. [...] https://thehackernews.com/2021/05/new-stealthy-rootkit-infiltrated.html
The wireless industry is divided on Open RAN’s goal to make network components interoperable We’ve all been told that 5G wireless is going to deliver amazing capabilities and services. But it won’t come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible? Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents”and sometimes begrudging partners”are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years. These vendors initially opposed the scheme, called Open RAN, because they believed that if implemented, it would damage”if not destroy”their existing business model. But faced with the collective power of the operators clamoring for a new way to build wireless networks, these vendors have been left with few options, none of them very appealing. Some have responded by trying to set the terms for how Open RAN will be develo https://spectrum.ieee.org/telecom/wireless/the-cellular-industrys-clash-over-the-movement-to-remake-networks
The Department of Justice announced recently that the FBI had unilaterally removed malicious web shells from hundreds of private systems. These shells were the remnants of a major security problem that emerged earlier in March in Microsoft Exchange Server software. Hackers linked to the Chinese government exploited at least four zero-day vulnerabilities in Microsoft’s code that allowed remote access to sensitive data. The web shells were left behind to facilitate later exploitation of the infected systems. The White House and Microsoft urged the machine owners to patch the various underlying vulnerabilities and to remove the web shells, but not everyone did. On Friday, April 9, the FBI secretly asked a federal magistrate judge in Texas to issue a warrant allowing the Bureau, without prior notice, to access, copy, and remove the web shells from “hundreds of vulnerable computers in the United States running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level e-mail service.” The next Tuesday, April 13, DOJ issued a press release announcing that the operation had been completed. The FBI’s attempt to fix these systems appears to have been successful, although an accurate and detailed result summary for this hack-to-patch campaign is not available. Much of the punditry has been favorable: The action was “bold and innovative” and a “practical response to a serious problem.” And the positive aspects of this sort of government intervention are obvious: “Hacks to patch” can close vulnerabilities, reduce cyber risk, and provide assistance from experts to organizations that might lack the capability to protect their own systems. https://www.justsecurity.org/75955/hack-to-patch-by-law-enforcement-is-a-dangerous-practice/
https://fcw.com/articles/2021/05/06/dhs-cyber-hiring-sprint.aspx Department of Homeland Security Secretary Alejandro Mayorkas said on Wednesday his agency will begin its 60-day workforce sprint with an aggressive hiring campaign to expand the agency's cadre of cybersecurity professionals. During remarks at a U.S. Chamber of Commerce event, Mayorkas called the effort "the most significant hiring initiative that DHS has undertaken in its history." He also said Wednesday was the first day of the department's workforce sprint. The secretary in March announced a series of concentrated 60-day efforts focusing on a variety of topics. The first was on ransomware, which was prioritized because of "the gravity of the threat" and because "the threat is not tomorrow's threat, but it is upon us," he said. The new campaign, according to a DHS statement, aims to hire 200 cyber-personnel by July 1. Half of those "conditional job offers" will be made by the Cybersecurity and Infrastructure Security Agency while the other half will be made by various DHS component agencies. The cybersecurity workforce gap is well documented by projects such as CyberSeek, which tracks the workforce and is backed by the National Institute of Standards and Technology and the Department of Commerce. The event on Wednesday was largely focused on the threat of ransomware to small businesses. Mayorkas in April said DHS had formed its own ransomware task force and the White House is actively developing a plan to confront the issue. The Department of Justice has also established its own ransomware taskforce in recent weeks. Meanwhile, the administration for several weeks now has been expected to publish a wide-ranging executive order focused on a myriad of cybersecurity issues.
"xdotool lets you programmatically (or manually) simulate keyboard input and mouse activity, move and resize windows, etc." Just the thing I need to automate logging into chrome LINE extension. It only took a year of use until sure enough one day when I forgot I was already logged in, and it ended up pasting my password right into the chat for everybody to see. OK, so I should start using passwords that don't look like pass7word!S . Maybe I should use HaHahahah etc. so next time it happens people will just think I am laughing. Except if they are discussing funerals. OK, back to our story. Noticing I had just spilled the beans, naturally I went reaching for the Unsend button. But alas, I was using the Desktop simplified version with no Unsend button... OK, at this point I could post a lot of "Modem noise" or "cat walked on my keyboard" junk to distract readers...
Forensic genealogy helped nab the Golden State Killer in 2018. Now investigators across the country are using it to revisit hundreds of unsolved crimes. https://www.nytimes.com/2021/05/03/science/cold-cases-genetic-genealogy.html
A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles. Good Samaritans are paying. GoFundMe donors raised more than enough to cover Noah Ruiz's Popsicle spree. https://www.washingtonpost.com/lifestyle/2021/05/07/spongebob-popsicles-noah/
> But what if it breaks? Every other form of contact just plays a recording:
But the Committee of the Mending Apparatus now came forward, and...
confessed that the Mending Apparatus was itself in need of repair.
--E.M. Forster, "The Machine Stops", 1909.
Bonus irony: > The case shows yet another example of how Bitcoin, once widely believed to > be a powerful tool for making anonymous, untraceable transactions, has > turned out to be in many cases the very opposite. The blockchain's ledger of > all Bitcoin transactions since the cryptocurrency's creation has often > instead served as a means for law enforcement to trace even years-old > transactions. I'm guessing the entertaining part for law enforcement is that the integrity of the evidence is assured .. by blockchain.
Please report problems with the web pages to the maintainer