Archive for June 17, 2022

Texas Tech University Health Sciences Center Pwned As Part Of A Larger Event…. Up To Two Million Patients Affected

Posted in Commentary with tags , on June 17, 2022 by itnerd

Texas Tech University Health Sciences Center has confirmed that the protected health information of 1,290,104 patients was compromised in a data breach at its electronic medical record vendor, Eye Care Leaders.

Eye Care Leaders said it detected a breach on Dec. 4, 2021, and disabled the affected systems within 24 hours. Texas Tech University Health Sciences Center said it received the final results of the forensic investigation on April 19, 2022. The compromised information included the following data elements: name, address, phone numbers, driver’s license number, email, gender, date of birth, medical record number, health insurance information, appointment information, social security number, as well as medical information related to ophthalmology services. No evidence of data exfiltration was found. But I’ll point out that it doesn’t mean that it didn’t happen. It just means that there’s no proof that it did.

Over the past few weeks, the number of eye care providers known to have been affected by the Eye Care Leaders data breach has been growing. At least 20 eye care providers have confirmed they have been affected and the protected health information of at least 1.9 million patients is known to have been exposed.

As the value of stolen credit cards has gone down in value, the value of health records has gone up.  With a complex web of interconnected providers in the healthcare space, many being small businesses, its impossible for the security safeguards in HIPAA to be fully maintained across the board.  That said, a breach at an Electronic Healthcare Records provider is especially concerning, as these are the types of vendors those small mom and pops rely on to provide more secure solutions than they could build on their own.

It’s commendable that they had their own incident response team that did detect a breach rather than it being reported by a 3rd party…a good sign that they are doing the right things.  For those who haven’t been through an investigation like this before, it is worth noting that there are many reasons that “no evidence of data being exfiltrated” could be found.  Very often logs that would have showed evidence aren’t kept for long enough…or at all.  If forensics teams don’t have the right data to work form, it becomes impossible to prove an exfiltration.  And there will be legal and executive pressure to state that no evidence was found in the absence of clear data that it was.  In short, anyone who was part of this breach still might be well off to scrutinize their bills closely, and be prepared to find healthcare services procured in their name at some later date, unfortunately.

We’ll have to see how bad this breach is. Starting with info showing up on the dark web which would be a sign that data was stolen. You might want to stay tuned to this one as I suspect I may be providing an update.

 730K WordPress Sites Force-Updated To Patch Critical Plugin Bug

Posted in Commentary with tags , on June 17, 2022 by itnerd

WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up.

Wordfence threat analyst Ramuel Gall discovered when reverse-engineering the patch that unauthenticated attackers can exploit this bug remotely to call various Ninja forms classes using a flaw in the Merge Tags feature:

There is evidence to suggest that this vulnerability is being actively exploited in the wild, and as such we are alerting our users immediately to the presence of this vulnerability.

This flaw has been fully patched in versions 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4, and 3.6.11.WordPress appears to have performed a forced automatic update for this plugin, so your site may already be using one of the patched version. Nonetheless, we strongly recommend ensuring that your site has been updated to one of the patched versions as soon as possible since automatic updates are not always successful.

Christopher Prewitt, CTO MRK Technologies had this to say:

WordPress and WordPress plugins are always under attack. WordPress is the most popular CMS, powering over 43% of websites. Attackers are always looking to leverage their efforts, getting the most results as possible. 

While WordPress appears to have performed a forced automatic update for this plugin, it is always important to validate and ensure your site and plugins are configured to automatically update.

This is good advice for anyone who runs a WordPress site. Which would include yours truly. I run very few plugins for security reasons. But if you run a WordPress site that might not be your use case. Thus Mr. Prewitt’s advice is something that you should keep in mind.

Infosec Institute Recognized For Comprehensive Cybersecurity Training At The 2022 Global InfoSec Awards 

Posted in Commentary with tags on June 17, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company and part of Cengage Group, announced it won two coveted Global Infosec Awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The awards were announced last week during RSA 2022 in San Francisco, CA. Infosec was recognized for: 

  • Most Comprehensive Cybersecurity Training — Infosec Skills
  • Publisher’s Choice Security Awareness Training — Infosec IQ

Since its founding in 2004, Infosec has trained over 100,000 cybersecurity professionals through Infosec Skills courses and helped more than 5 million learners improve cybersecurity knowledge and safety at work and home with Infosec IQ training. With Infosec Skills, cybersecurity and IT professionals have access to 1,400+ hands-on cybersecurity resources, with the option to upgrade to boot camp style, instructor-led training to prepare for certifications. With Infosec IQ, organizations will continue to benefit from thousands of security awareness resources for training employees about cyber threats, phishing scams and cyber safety.

See the full list of this year’s winners at cyberdefenseawards.com.

Passbolt: First-Of-Its-Kind Password Management Allows For Secure Collaboration Among Teams

Posted in Commentary with tags on June 17, 2022 by itnerd

A first-of-its-kind open-source password manager is revolutionizing the way companies can collaborate securely. Unlike competitor programs, which are typically aimed individuals, Passbolt is purposely made for teams and, because of its unparalleled security, is trusted by more than 10,000 organizations worldwide, including Fortune 500 companies, governments and defence forces.

Gone are the days of storing passwords on insecure spreadsheets or sharing via email. Instead, Passbolt prioritizes data privacy and collaboration so teams can access passwords from wherever they are, and data owners can see, in real time, who is accessing their information.

The platform can be used in a secure cloud, deployed as a cloud-native application, or added easily to a company’s existing infrastructure. The program is tailored to be agile and puts developer teams first. It can be used as-is, or developers can personalize it by supplement their own code. It helps centralize, organize, and share credentials quickly and securely. Passbolt is security-first, privacy-centric, made in Europe and highly versatile: it can be installed on-prem, used in a secure cloud, or deployed as a cloud-native application.

The founders, based in Luxembourg, developed the program while running a web agency in Europe. As they developed more complex websites, they found it was difficult to keep track of the dozens or sometimes hundreds of passwords they needed. 

Passbolt will be highlighting its new product in Toronto at Collision Conference 2022 between June 20-23rd. The Luxembourg-based company is particularly looking for Canadian investors at the event. 

It is one of six Luxembourgish companies taking part in the conference and part of a larger Luxembourg delegation visiting Toronto and Canada in the coming weeks to strengthen relationships with the country. The delegation is headed by Minister of the Economy Franz Fayot and His Royal Highness, Crown Prince Guillaume.

Martello & Mitel Renew & Extend Partnership 

Posted in Commentary with tags on June 17, 2022 by itnerd

Martello Technologies Group Inc., a leading developer of enterprise digital experience monitoring (“DEM”) solutions, announced today that it has entered into an amendment to its commercial agreement (the “Amended Agreement”) with key partner Mitel Networks Corporation (“Mitel”). Martello has worked with Mitel for more than ten years, providing its performance analytics software for Mitel’s enterprise customers and partners.

Martello’s original agreement with Mitel dates back to March 2012, with subsequent amendments over the last ten years. Updating a previous amendment with Mitel signed in January 2019, the Amended Agreement sets out the commercial terms under which Martello provides the Mitel Performance Analytics (“MPA”) software for sale to Mitel customers and partners. The Amended Agreement applies to enterprise-wide Mitel sales of MPA, simplifying the commercial licensing model to provide increased operational efficiency and ease for partners and customers, while increasing the contract term to three years with automatic two-year renewals, subject to certain conditions set out in the Amended Agreement. MPA is available as part of the Mitel Premium Software Assurance offering as well as the MiVoice Business Subscription and MiCloud Flex.

Martello Technologies Group Inc. is a technology company that provides digital experience monitoring (DEM) solutions to optimize the modern workplace. The company’s products provide actionable insight on the performance and user experience of cloud business applications, while giving IT teams and service providers control and visibility of their entire IT infrastructure. Martello’s software products include Vantage DX, which provides Microsoft 365 and Microsoft Teams end user experience monitoring and optimization. Martello is a public company headquartered in Ottawa, Canada with employees in Europe, North America and the Asia Pacific region. Learn more at http://www.martellotech.com