Tag Archives: Security

Posted on Author Atlantic Computer Services Categories Blog

Healthcare Data Breach Exposes 1.3 Million Patients

Do you make use of the “MyChart” portal to refill prescriptions, contact your healthcare providers or make appointments?

If so, you should know that recently, the healthcare giant Novant disclosed a data breach that impacted more than 1.3 million patients.  Impacted patients had their personal information collected by a Meta Pixel ad tracking script.

Meta Pixel, which was formerly known as Facebook Pixel, is a mostly innocuous tracking script used by Facebook advertisers to track the performance of their ads.

According to Novant’s disclosure, the unauthorized access of patient data began in May of 2020 when the company ran a promotional campaign that involved Facebook advertisements.  In a bid to track the effectiveness of those advertisements, Novant utilized the Meta Pixel code.

Unfortunately, the code was not configured correctly on the Novant site, and the company’s “MyChart” portal began transmitting personal information to Meta and its advertising partners.

The patient information that may have been exposed includes:

  • Patient Email address
  • Patient Phone number
  • Patient Emergency contact information
  • Appointment type and date
  • Patient physician
  • Portal menu selections
  • IP address
  • And any content typed into the “free text” boxes

Unfortunately, the MyChart portal is not a Novant specific technology.  It is utilized by a total of 64 different healthcare service providers around the country. So even if you don’t use Novant to meet your healthcare needs, your personal data may have been compromised due to the misconfiguration of the tracker.

If there’s a silver lining to be found in all of this, it lies in the fact that the company has now identified all  the patients whose data was compromised and has already reached out to them.  If you haven’t received a notification, then you can breathe a sigh of relief as your data was not compromised.

0
Posted on Author Atlantic Computer Services Categories Blog

LastPass Has Been Hacked

Using different passwords on every website and storing them in a secure password manager is a standard best practice in data security. It’s generally good advice, but what happens when the makers of password vaults get hacked?

That’s what the more than twenty-five million users of LastPass are now finding out. LastPass is one of the largest password vaults in the world, and unfortunately, that makes it a tempting target for hackers everywhere. On August 25, 2022, LastPass’ CEO Karim Toubba announced that “an unauthorized third party had stolen portions of the source code and some proprietary LastPass technical information.”

The breach appears to have been confined to the company’s development servers when a developer’s account was compromised. The good news for LastPass customers takes two forms. First is that the development servers did not contain any customer data. Second, LastPass employs “zero knowledge” architecture, meaning that even though it stores your passwords, no one can access your information without your master password.

LastPass stated that the breach had no effect on the master passwords of its users and said that there is no evidence of any more criminal activity. Therefore, there is currently no action that is necessary from those who use their service.

While an investigation into the incident continues, the company said that it has installed new preventative measures and that it has retained the assistance of an industry-leading cybersecurity and forensics firm.

 

0
Posted on Author Atlantic Computer Services Categories Blog

New Tools Available With Kali Linux 2022.3

Do you have the Kali Linux distribution running on one of the machines you own?  If you’re not sure what that is, then you almost certainly don’t.  Kali is a Linux distro used mostly by “ethical hackers” who use it mainly to perform security audits, cybersecurity research, penetration testing and the like.

Offensive Security has recently released an update to the distribution, 2022.3, which adds a raft of improvements including but not limited to:

  • Kali NetHunter Updates
  • Kali ARM updates
  • Improved virtual machine support
  • And several wholly new tools

The new tools include BruteShark for network analysis, DefectDojo, which is an open-source application vulnerability correlation and security orchestration tool, phpsploit which is a stealth post-exploitation framework, shellfire, a tool for exploiting LFI/RFI and command injection vulnerabilities and Spraying Toolkit, which replicates password spraying attacks against Lync/S4B, OWA and O365.

If you get your distribution from Kali-Linux-Labs, it will include two additional tools:  The Damn Vulnerable Web Application (DVWA) and OWASP Juice Shop.

In terms of ARM support, you’ll find new versions for Raspberry Pi, Pinebook, and USArmory MKII.

The particulars are as follows:

  • All Raspberry Pi devices have had their kernel upgraded to 5.15.
  • Created arm.kali.org to include an overview and statistics for kali-arm.
  • Every Kali ARM device has had their default size for the boot partition set to 256 MB.
  • Pinebook has had the broken sleep modes removed, so it should no longer go to sleep and be unable to wake up.
  • And USBArmory MKII moved to the 2022.04 u-boot release.

Of interest, Offensive Security made the strategic decision to release this version in tandem with the Black Hat, BSides LV and DefCon security conference. As they put it, it provided a “nice surprise for everyone to enjoy.”

If you use Kali, grab the latest today.  If you’ve been looking for a top of line security testing distro, this is the one you want.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Releases PoC Code For MacOS App Sandbox Vulnerability

MacOS features a powerful sandbox restriction that helps keep modern Apple computers safe by limiting how code can run on the system.

Unfortunately, no system is bullet proof. There’s a way that a determined attacker could bypass sandbox restrictions and execute malicious code arbitrarily.  Engineers at Microsoft discovered the vulnerability, and independent security researcher Arsenii Kostromin discovered it independently.

Both groups responsibly disclosed their findings to Apple and the Microsoft team released the technical details along with a proof of concept that demonstrates how it works.

The vulnerability is being tracked as CVE-2022-26706, and the issue specifically relates to macros in Word documents opened on a machine running MacOS.  If that’s something you do on a regular basis, then it pays to be well versed in exactly how this vulnerability could be used against you.

Johnathan Bar Or is one of the researchers on the Microsoft 365 Defender Research Team.

Johnathan had this to say about the issue:

“Despite the security restrictions imposed by the App Sandbox’s rules on applications, it’s possible for attackers to bypass the said rules and let malicious codes ‘escape’ the sandbox and execute arbitrary commands on an affected device.”

The good news is that the issue was discovered in October 2021, and Apple released a fix for it in May of 2022 in the Big Sur 11.6.6 update.

Even if you’ve disabled auto updates and are leery about applying OS patches to your system, this one deserves a place on your list.  It’s not an incredibly technical exploit, which means that most any hacker could pull it off. The longer you leave your system unpatched, the more danger you’re in.

Kudos to the Microsoft team and to Arsenii Kostromin for discovering and then promptly responsibly reporting the issue, and to Apple for moving with some haste to release a patch.

0
Posted on Author Atlantic Computer Services Categories Blog

Lenovo Models Affected By Medium Severity Vulnerabilities

If you own a Lenovo laptop, be aware that researchers at ESET have recently discovered a trio of bugs reported to Lenovo that could allow an attacker to disable security features and hijack your operating system.

The issues are tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and are all classed as medium severity level.

The first of these is an issue in the ReadcyBootDxe driver used in some of Lenovo’s products, while the other two are overflow bugs in the SystemLoadDefaultDxe driver.

Unfortunately, the issue is quite widespread, as the SystemLoadDefaultDxe driver is used in more than 70 different Lenovo models. That includes everything in the IdeaPad, Flex, ThinkBook, V14, V15, V130, Slim, S145, S540, S940, and Yoga product lines.

The company has issued a formal advisory regarding the issue and has a complete listing of all their products impacted by these flaws on their website.

ESET had this to say about their recent discovery:

“These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable.  An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call.”

If there’s a silver lining to be found here, it lies in the fact that exploiting these flaws is not a trivial task and requires a skillset that is likely beyond a great many of the world’s hackers.

That does not mean that you are safe. You are very much at risk. The good news though is that at least a casual or relatively inexperienced hacker will not be able to easily exploit these weaknesses.  They’re still well worth keeping on your company’s radar, however.

One final note to be aware of is that if you’re having trouble determining whether your Lenovo is on the vulnerable list, the company has published a website that auto-detects for the vulnerability.  It is hands down the fastest way to find out for sure. Good luck out there!

0
1 5 6 7 8 9 155