Archive for January 31, 2025

New York Blood Center Pwned In Ransomware Attack

Posted in Commentary with tags on January 31, 2025 by itnerd

The New York Blood Center, one of the world’s largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments.

Here’s what happened:

On Sunday, January 26, New York Blood Center Enterprises and its operating divisions identified suspicious activity affecting our IT systems. We immediately engaged third-party cybersecurity experts to investigate and confirmed that the suspicious activity is a result of a ransomware incident. We took immediate steps to help contain the threat and are working diligently with these experts to restore our systems as quickly and as safely as possible. Law enforcement has been notified.

We understand the critical nature of our services, and the health of our communities remains our top priority. We remain in direct communication with our hospital partners and are implementing workarounds to help restore services and fulfill orders.

Paul Bischoff, Consumer Privacy Advocate at Comparitech, commented: 

“Ransomware gangs don’t discriminate between charitable organizations and for-profit companies. Medical organizations are frequently targeted because they can’t operate for long without their computer systems, and those systems store a lot of sensitive patient and employee data. That makes hospitals and clinics more likely to pay ransoms. Furthermore, hospitals employ a lot of non-IT staff that attackers can phish.”

For the second time today, I am writing about a health care organization who has been pwned. Seriously, the fact that this sector is pretty much easy prey for threat actors needs to change. And it needs to change right now.

1 Comment »

DOJ Takes Down Cracked And Nulled Marketplaces

Posted in Commentary with tags on January 31, 2025 by itnerd

The DOJ made an announcement detailing an international effort that seized the Cracked and Nulled Marketplaces. Prosecutors said this affected at least 17 million Americans.

The two forums were called Cracked and Nulled. According to the DOJ, since 2018, Cracked promised access to “billions of leaked websites” by letting users search for stolen login credentials and had over 4 million users who traded in cybercriminal tools and stolen information producing around $4 million in revenue.

The DOJ press release said that the accused “active administrator” of Nulled faces criminal charges with a maximum penalty of five years in prison for conspiracy to traffic in passwords, 10 years in prison for access device fraud, and 15 years in prison for identity fraud, the DOJ said.

Evan Dornbush, former NSA cybersecurity expert had this to say:

  “Historically attackers can more easily obtain information and tools than defenders, giving them a perpetual advantage. Actions like this make it more expensive for cyber criminals to operate and ultimately this is a good thing.

  “Lesser players who rely on purchasing tools and network access from these two marketplaces won’t be able to get started, raising the barrier to entry for their criminal enterprise aspirations.”

It’s great to see sites like these taken down by the forces of good. This is something that we need to see more of. A lot more of.

Leave a comment »

Another Report About A DeepSeek Jailbreak Surfaces

Posted in Commentary with tags on January 31, 2025 by itnerd

Hot off the heels of this report about a jailbreak related to DeepSeek, Wallarm published a new analysis revealing that its security researchers have discovered a novel jailbreak technique for DeepSeek V3. This technique allows researchers to ask questions and receive responses about DeepSeek’s root instructions, training, and structure. 

Other jailbreaks have focused on getting the LLM to discuss restricted topics or build something prohibited, like malicious software. Wallarm’s jailbreak focused on getting DeepSeek to share restricted data about itself, how it was trained, policies applied to its behavior, and other facts about the model. 

Wallarm contacted DeepSeek about this vulnerability, and they addressed it as quickly as an hour ago. DeepSeek V3 is no longer susceptible to this specific jailbreak technique. Wallarm also found evidence that DeepSeek is based on OpenAI, stating this has been demonstrated sufficiently elsewhere.

You can find the blog post now live at: https://lab.wallarm.com/jailbreaking-generative-ai/

Leave a comment »

Equinix partners with designer Maximilian Raynor to turn internet into a dress

Posted in Commentary with tags on January 31, 2025 by itnerd

Earlier today, Equinix – world’s leading digital infrastructure company unveiled the end-result of its partnership with LVMH scholar and emerging designer, Maximilian Raynor to personify the internet itself!

Maximilian has created a one-off, striking dress from ‘the internet’ which aims to physically embody the vast connectivity framework that influences our daily lives (social media, messaging, mobile banking, etc). The garment represents every click, text, or video stream, from Stockholm, to Sydney.

You should check out the Equinix blog post and interview with Maximilian, which detail the creation of the garment and the stories the materials tell! 

Leave a comment »

Over 1 million patients impacted by non-profit healthcare provider breach 

Posted in Commentary with tags on January 31, 2025 by itnerd

In a Thursday filing, non-profit, Connecticut healthcare provider Community Health Center (CHC) disclosed that it started notifying over 1 million patients of a data breach that impacted their personal and health data.

CHC said in the notice that a breach was discovered on January 2, 2025, two months after the unknown attackers gained access to its network in mid-October.

While the breach didn’t impact its operations, the threat actors stole files containing patients’ personal and health information belonging to 1,060,936 individuals.

“Fortunately, the criminal hacker did not delete or lock any of our data, and the criminal’s activity did not affect our daily operations. We believe we stopped the criminal hacker’s access within hours, and that there is no current threat to our systems,” CHC said.

Stolen data includes a combination of:

  • Names
  • DOBs
  • Contact Information
  • SSNs
  • Medical diagnoses
  • Treatment details
  • Test results 
  • Health insurance details

In response to the incident, CHC said it has strengthened its security and added special software to “watch for suspicious activity” and working to make sure patient information “stays safe in the future.”

Emily Phelps, Director, Cyware:

  “Incidents in this sector underscore the ongoing risks healthcare providers face, with attackers gaining access to sensitive data like names, medical diagnoses, and insurance details. This incident highlights the urgency of securing healthcare infrastructures—protecting not just patient data, but the broader ecosystem of communication, collaboration, and care delivery. Strengthening threat intelligence management and automating security processes are essential steps in reducing vulnerabilities and enhancing defenses. Effective information sharing and a collective defense approach are critical in safeguarding healthcare organizations from these growing threats.”

Sometimes I feel like I am a broken record. But the healthcare sector needs to do better. Getting pwned on a constant basis is something that simply must not continue. It needs to be addressed as an urgent problem. And I have to be honest, I don’t know if that sector really takes this problem seriously.

UPDATE: Erich Kron, Security Awareness Advocate at KnowBe4 adds this: 

“The repeated successful attacks against healthcare organizations have become a very frustrating problem both for organizations and for the individuals caught up in the breaches. The medical industry collects and stores some of the most sensitive information individuals have, including specific medical diagnoses, treatments, medications, and other information that most people don’t want in the public eye. Unfortunately, these medical facilities are targeted consistently and seem to be struggling to defend themselves.”

“For a long time, the healthcare industry has struggled with balancing costs and expenses, while hiring enough employees to ensure high levels of service to their patients. The most common way for bad actors to spread ransomware, or make initial network intrusions successful, is by targeting the employees within these organizations. Unfortunately, many healthcare organizations remain understaffed, and their staff can be overworked, leading to errors and mistakes simply through fatigue and ongoing stress, adding to the risk of an incident.”

“For organizations in these industries, it is critical that the human risk is addressed in their cybersecurity plans, and that employees are given the education, tools, and resources they need to defend themselves against bad actors. Employees need to be able to quickly and efficiently spot and report suspected social engineering attacks to teams within their organization, allowing them to continue their work with the least amount of disruption. This industry has proven to be a significant challenge when it comes to securing information, but clearly, we must focus on improving the protection of this sensitive patient information.”

Leave a comment »

New Research from Unit 42 Reveals DeepSeek is Vulnerable to Jailbreaking

Posted in Commentary with tags on January 31, 2025 by itnerd

Palo Alto Networks’ threat intelligence team, Unit 42, released research revealing that DeepSeek is concerningly vulnerable to jailbreaking and can produce nefarious content with little to no specialized knowledge or expertise.

The new research exposes the security risks of employees using unauthorized third-party LLMs and stresses the need to address these vulnerabilities when integrating open source LLMs into business processes. 

The research reveals: 

  • High bypass/jailbreak rates, highlighting the potential risks of emerging attack vectors that can be used by malicious actors
  • Jailbreak methods can elicit explicit guidance for malicious activities and could greatly accelerate their operations
  • Malicious activities include creating keyloggers—software or hardware designed to record keystrokes on a computer or device—as well as stealing and exfiltrating data, demonstrating the security risks to businesses. 

In addition to the research, the team shared commentary from Sam Rubin, SVP of Consulting and Threat Intelligence of Unit 42, discussing the findings.

Unit 42’s DeepSeek jailbreaking research shows that we can’t always trust that LLMs will work as they intend — they are able to be manipulated. It’s important that companies consider these vulnerabilities when building open source LLMs into business processes. We have to assume that LLM guardrails can be broken and safeguards need to be built in at the organizational level.

And, as organizations look to leverage these models, we have to assume threat actors are doing the same—with the goal of accelerating the speed, scale, and sophistication of cyberattacks. We’ve seen evidence that nation state threat actors are leveraging OpenAI and Gemini to launch attacks, improve phishing lures, and write malware. We expect attacker capabilities will get more advanced as they refine their use of AI and LLMs and even begin to build AI attack agents. 

You can read the research here.

1 Comment »

macOS Sequoia 15.3 Fixes An Annoyance That I Tripped Over… Are Other Issues Fixed As Well?

Posted in Commentary on January 31, 2025 by itnerd

macOS Sequoia has been a bit of a mess in terms of the quality of the software since it was released. I say that because there were a number of issues and oddities that quite honestly, shouldn’t had made it to the streets. In fact, I have been actively telling my clients not to upgrade their Macs until a lot of these issues get sorted. With the release of 15.3 earlier this week, things might be improving.

Back in mid December when macOS 15.2 hit the streets, there was something odd that I tripped over. When a Mac such as my Mac mini was plugged into a TV via HDMI, it would show the icon in the menu bar that the screen was being mirrored. This would not happen if you had the same computer plugged into a monitor. I later discovered that it was apparently a change that Apple made. At the time I said this:

I honestly wish Apple found some more elegant method of doing this. I say that because I am sure that the AppleCare helpline is being hit with calls regarding this, which is something that could have been avoided by a better UI design. But what do I know? After all Apple knows best right?

I guess Apple must have figured out that this wasn’t a good change to make because in macOS Sequoia 15.3, it no longer shows that a Mac plugged into a TV over HDMI is being mirrored. I can only think of two reasons why this was fixed:

  1. The AppleCare helpline got bombarded with calls and they needed to make that stop.
  2. Someone internally got a clue and said that this was a stupid idea that they needed to change direction on this.

Either way, I am glad that Apple addressed this as this is one thing that is off my list of annoyances with Sequoia. Now in case you were wondering, here’s some other issues and oddities that I have been tracking since Sequoia came out:

That I can confirm is accurate via the WayBack Machine as the text on that page was completely different in late 2024. On the surface, it seems that Apple has made another design decision that was poorly communicated. Why Apple insists on doing these design changes and not telling anyone, I do not know. But it looks like we’re done with this issue as Apple clearly is done with this issue.

Now if Apple has fixed the Time Machine issues, I would start to feel comfortable enough with recommending it to my clients. That’s because many of my clients who aren’t businesses or enterprises use Time Machine to back up. Thus the fact that it doesn’t work reliably is a hard no for many of my clients. Stay tuned to see if that has been fixed, or if we’re going to be waiting until Apple decides that is something worthy of getting a fix from them instead of focusing totally on that dumpster fire known as Apple Intelligence.

UPDATE: It doesn’t fix the ongoing issues with Time Machine. Sigh.

Leave a comment »