Finnish Customs and Swedish Police, with Bitdefender’s support, shut down dark web marketplaces Sipulitie and Tsätti. These platforms…

Finnish Customs and Swedish Police, with Bitdefender’s support, shut down dark web marketplaces Sipulitie and Tsätti. These platforms facilitated the illegal drug trade, generating millions in illicit sales.

Finnish Customs, in collaboration with the Swedish Police and international law enforcement agencies, successfully shut down the **dark web marketplaces** Sipulitie and Tsätti. The operation also benefited from partnerships with private sector entities, including cybersecurity firm Bitdefender.

Sipulitie, which was launched in February 2023, operated on the **Tor network**, providing a hidden platform for users to trade narcotics anonymously. The marketplace, accessible in both Finnish and English, reportedly generated an estimated 1.3 million euros in sales, according to its administrator. This closure follows the **2020 shutdown of Sipulimarket**, a predecessor site that raked in over two million euros through illicit drug sales.

In a **press release**, Hannu Sinkkonen, Director of Enforcement at Finnish Customs, emphasized the importance of international cooperation in combating dark web crime. “Over the years, we at Finnish Customs have intervened effectively using many different methods in the criminal activities taking place on the dark web,” Sinkkonen stated. “Seamless cooperation between the authorities at both the national and international levels plays a crucial role in combating online crime.”

The investigation into Sipulitie revealed that the administrator behind the shuttered Sipulimarket had resurfaced with the new platform. Authorities suspect the same individual also managed Tsätti, a chat-based drug sales site launched in 2022. Law enforcement has identified not only the administrator but also individuals who supported the operations, including moderators and customer service agents.

Additionally, the seized digital evidence has allowed investigators to trace and identify numerous buyers and sellers who engaged in transactions on Sipulitie.

Screenshot from the seized marketplace

Alex Cosoi, Chief Security Strategist at Bitdefender, **highlighted** this synergy: “This operation exemplifies the power of collaboration between the public and private security sector in dismantling illegal online activities, in this case, markets that sold large amounts of narcotics.” Cosoi also noted the broader message sent to criminals who believe the dark web offers guaranteed anonymity: “If they become the target of an international effort, they can’t hide.”

As the preliminary investigation continues, the closure of Sipulitie and Tsätti is a major achievement in the fight against dark web-enabled criminal activities.

1.  **Finnish Dark Web Marketplace PIILOPUOTI Seized**
2.  **Germany Shuts Down Russian Dark Web Market Hydra**
3.  **WT1SHOP Cybercrime Market Seized by US and Portugal**
4.  **NetWire Malware Site and Server Seized, Admin Arrested**
5.  **SSNDOB Cybercrime Marketplace Seized in Coordinated Op**

Authorities Seize Dark Web Marketplaces Sipulitie and Tsätti

Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments.

The rising cost of ransomware attacks is helping push significant premium increases in cyber-insurance policies in the UK and US, new data shows.

With the average payouts across the past two years averaging more than $3.5 million in the US, a growing number of cybersecurity insurers want direct access to customer security metrics and measures. This would help prove the status of security controls, according to a Panaseer report on the state of the cyber-insurance industry.

However, insurance firms are struggling to accurately understand a customer's security posture, which is in turn affecting price increases.

Nik Whitfield, founder and chairman of Panaseer, notes that 82% of insurers surveyed said they expect the rise in premiums to continue. "The increasing cost of ransomware is putting premiums up, and the increase in the number of attacks, as well as the number of successful attacks, means insurance is getting harder to get and is getting more expensive," he explains.

Meanwhile, 87% of insurers surveyed say they want a more consistent approach to analyzing cyber-risk. "Fundamentally, insurers need better information in order to price the risk — questionnaires aren't going to cut it," Whitfield says. "Having real live data coming from a customer about their security posture is what's going to be required for them to accurately price risk, in the same way that telematics did for car insurance."

The survey found that the most important factor when assessing potential customers' security posture is their cloud security — cited by 40% of survey respondents — followed by security awareness (36%), application security (32%), vulnerability management (31%), privileged access management (31%), and patch management (30%).

One of the likely challenges in the market, Whitfield points out, is the high degree of hesitancy many organizations may have about handing over privileged information about the inner workings of their security posture. "No one wants to share their security information with anybody else because that creates a security risk, and it feels vulnerable to expose intimate information about your security posture to others," he says.

Worst case, there will be companies unable to get insurance because they can't provide sufficient information to get reasonably priced insurance, according to Whitfield.

"In those cases, they will have to do something more extreme, such as providing evidence, information, and hopefully work with their insurer to improve their security posture," Whitfield notes. "It's like any type of risk — the better the risk looks to the insurer, the better your premiums and the easier it will be to get insured. And it'll be no different in cyber."

**Cyber Insurance Market Waffles on Pricing**

The survey indicates that many insurers don't yet have the answer to how to price cybersecurity insurance: While 47% of total respondents said they are "very confident" in their underwriting process, 44% are only "somewhat confident."

"There's some conflicting results that show on the one hand, they're confident in their models, but on the other hand, they're not really confident that they understand how to price it," Whitfield explains. "This is going to evolve over time. But there needs to be an openness and awareness and a conversation with the market about how to do this."

Complicating matters is that the past is never a good predictor when it comes to cybersecurity. "For some kind of risks, the past can give you a good handle on what's going to happen in the future," he says. "In cyber, it's just not the case. We have active adversaries. We have new tools, techniques, and procedures to gain access to our environments, new malware, new applications. The past is no predictor of the future. And that's what makes it so difficult for them to price this."

Insurers and brokers are charging more for policies and setting higher requirements as they face an increasingly complex threat landscape that has taken on a global nature, while the frequency and severity of attacks are increasing.  

A Kaspersky study released in January 2022 and conducted in October 2021 indicated investing in cyber insurance is a growing proactive trend; 28% of respondents said their company annually invests anywhere from $25,000 to $50,000 per year.

From Whitfield's perspective, the outlook for cybersecurity threats is going to get worse before it gets better. "The risk to businesses has been increasing, and the number of breaches and the cost of a breach has been rising steadily in the last few years," he says.

So, how can the insurance industry both support business and make a return at the same time? It will take a partnership between the insured and the insurer, he explains. "I don't think it could be forced by one party or the other, and it needs to be settled with evidence rather than a questionnaire finding out what the opinion of an organization is about a security posture." 

That means insurers getting hard data about an organization's security posture, provided in an efficient, timely way, and with high-quality data that can be relied on. "That will be the real revolution in the cyber-insurance industry," Whitfield says.

Ransomware Scourge Drives Price Hikes in Cyber Insurance

Catchpoint’s Internet Performance Monitoring Platform helps IT teams identify and mitigate BGP incidents, including hijack attempts and routing issues, with the industry’s broadest network of vantage points in the world drawing on real-time BGP monitoring.

**January 11, 2023 --** Catchpoint, The Internet Resilience Company, releases major enhancements to its industry-leading Network Experience solution. These enhancements include network reachability, engineering & traffic routing improvements, as well as comprehensive monitoring for SASE, VPN, and the entire Internet stack. This makes it even easier for IT professionals to catch issues before they impact the business.

The latest release includes a wide range of enhancements to Catchpoint’s Network Experience solution including:

*   **The world’s largest observability network** with over two thousand vantage points around the world. This includes **the world’s most extensive global BGP coverage** with over a thousand vantage points around the globe from more than 400 ASNs and support for both IPv6 and IPv4 real-time global data:

*   143 Catchpoint peers
*   388 University of Oregon Route Views Project peers
*   744 RIPE NCC RIS peers

*   **An improved BGP Smartboard** to identify incidents and root cause faster and with fewer clicks for improved MTTR. The new Smartboard lets IT teams investigate BGP peer event data across selected timeframes, view announcements and withdrawals, then drill down to the details of each event. The result is faster and more effective troubleshooting.
*   **An enhanced BGP Dashboard & Score Metrics** to see the health of the networks you rely upon at a glance. Information presented includes visibility for reachability, hijacks, peer visibility, mass withdrawals, RPKI status, and BGP data by region.
*   **Route Hijack Detection** via the updated control center library, which stores a list of customer ASNs. The BGP Overview Dashboard flags any prefix announced from unexpected ASNs, so IT is immediately alerted to potential hijacks.
*   **Network Mesh/Node-to-Node General Availability testing** to continuously monitor the availability & performance of the network, including jitter, latency and packet loss. This ensures an always-on, high-quality network experience. 
*   **Traceroute enhancements**, including Path MTU and TCP MSS features for more effective network path visualization and troubleshooting.
*   **A DNSSEC Custom Monitor** that authenticates the resolution of IP addresses with a cryptographic signature and ensures that answers provided by the DNS server are valid and authentic. 

To learn more about these updated features, please join us on January 18, 2023 for our upcoming webinar “Catchpoint Launches New Capabilities to Power Internet Performance Monitoring.”

**View and Pinpoint All BGP Issues from One Dashboard  **

All these capabilities are available via the Catchpoint Platform. The market leader in Internet Performance Monitoring (IPM), Catchpoint provides deep visibility into every aspect of the Internet stack that impacts your business. Only Catchpoint offers the breadth and depth of IPM solutions to help make IT, Network Operations, and SREs jobs easier and ensure Internet Resilience with fewer resources. 

“With this release, Catchpoint helps our customers uncover BGP issues with more confidence and in less time. We now deliver more detailed real-time information from three distinct BGP peer sources that we are able to collect from over 1000 BGP peers worldwide. By comparison, our nearest competitor monitors less than 100 peers and provides data that is at least 15 minutes old. That 15-minute delay is a lifetime when you’re dealing with an issue like a BGP hijack, and you don’t know where your data is going!” said Catchpoint’s EVP of Product, Matt Izzo. 

Catchpoint’s customers agree. “We were never able to monitor reachability in this detail before using the Catchpoint solution. Now we can figure out whether an issue is related to a BGP announcement, routing, or something else instead of blindly trusting our partners that everything is working as it should,” said Andreas Lunz, Chief Technology Officer, Team Internet.

“The top websites in the world rely on Catchpoint as their main platform to monitor, detect, and mitigate BGP incidents, as well as any other incidents in their Internet stack,” said Dritan Suljoti, CTO and co-founder of Catchpoint. “Today, all businesses rely on the Internet to survive, and there is really no other platform that comes close to what we have developed over fourteen years of dedication to Internet Performance Monitoring.” 

**Learn More**

*   Read more about Catchpoint’s Network Experience Solution at catchpoint.com/network-experience.
*   Dive into our Comprehensive Guide to BGP.
*   Join us at our upcoming webinar, “Catchpoint Launches New Capabilities to Power Internet Performance Monitoring” on January 18, 2023. 
*   Watch a brief but helpful demo on BGP. 
*   Request an evaluation of the Catchpoint platform.

**About Catchpoint**

Catchpoint is the Internet Resilience Company™. The top online retailers, Global2000, CDNs, cloud service providers, and xSPs in the world rely on Catchpoint to increase their resilience by catching any issues in the Internet stack before they impact their business. The Catchpoint platform offers synthetics, RUM, performance optimization, high fidelity data and flexible visualizations with advanced analytics. It leverages thousands of global vantage points (including inside wireless networks, BGP, backbone, last mile, endpoint, enterprise, ISPs and more) to provide unparalleled observability into anything that impacts your customers, workforce, networks, website performance, applications, and APIs. Learn more at www.catchpoint.com.

Catchpoint Announces Solution to Monitor and Protect Companies From BGP Incidents

Powered by WatchGuard’s Unified Security Platform® architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud.

**SEATTLE – February 16, 2023 –** WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the release of its new Firebox T25/T25-W,T45/T45-POE/T45-W-POE, and T85-POE tabletop firewall appliances. Powered by WatchGuard’s Unified Security Platform® architecture to deliver comprehensive security and simplified management through WatchGuard Cloud, these new firewalls are engineered to provide the performance that remote and distributed business environments need for better protection against the latest network security threats.

With more memory and faster processing speeds for enhanced throughput,this new line of Firebox products enables WatchGuard partners, MSPs, and IT administrators to securebranch offices, office equipment, remote devices, retail point-of-sale (POS) software, and remote users from complex and emerging threats, while minimizing network configuration and management requirements.

“IT environments of all types and sizes face advanced and sophisticated threats from attackers, but SMBs and branch offices typically don’t have dedicated technical staff to configure, install and manage network security appliances,” said Ryan Poutre, product manager at WatchGuard Technologies. “This new generation of Fireboxes takes full advantage of our Unified Security Platform architecture, enabling MSPs to provide the robust solutions and simplified management they require to meet the needs of a wide range of customers and deployment scenarios.”

With enterprise-class security services likeAPT Blocker (sandbox malware detection) and ThreatSync for shared knowledge between endpoint and network, the new Fireboxesare idealfor small businesses that lack a designated security team. Beyond providing advanced malware protection for distributed environments, the new appliances include SD-WAN to optimize network performance by dynamically distributing network traffic across multiple connections based on defined policies.These new Fireboxes take advantage of the latest updates in WatchGuard Cloud to display a graphical real-time update of SD-WAN link status and any failovers, and they also support the latest Fireware capabilities for load sharing across multiple links. These capabilities are included in all of WatchGuard's service packages.

“WatchGuard’s tabletop Firebox appliances give us all the features and security protection of their bigger rackmount brothers, and make us more efficient with zero-touch provisioning to deploy and configure devices, upgrade firmware and apply policies after a remote user activates a device. We can quickly deploy and configure SD-WAN via WatchGuard Cloud from remote locations,” said Troy Midwood, chief technology officer at Aabyss. “These appliances are another example of WatchGuard’s focus on building great products that enable our MSP business.”

Key features for each of the new Firebox products include:

*   **WatchGuard Firebox T25/T25-W:** Provides stand-alone or centrally managed protection forsmall offices, home offices, and retail environments with complete enterprise-level network security. Zero-touch deployment via WatchGuard Cloud enables quick setup at remote locations to ensure secure connections. Provides up to 403 Mbps UTM throughput (running Gateway AntiVirus, IPS, and Application Control) and five 1 Gigabit Ethernet ports.
*   **WatchGuard Firebox T45/T45-POE/T45-W-POE:** Deliversstand-alone or centrally managedenterprise-level securityforsmall and midsize businesses. Boosts visibility into network activity/security events. Provides flexible management tools that enable quick setup at remote locations for secure business connections. Provides up to 557 Mbps UTM throughput and includes five 1 Gigabit Ethernet ports. The -POE models include one POE+ port to provide power to other devices like Wi-Fi access points.
*   **WatchGuard Firebox T85-POE:** Delivers high-performance, enterprise-level security that evolves with network requirements. Features SD-WAN, full UTM protection at over 940 Mbps, and expansion modules for integrated fiber or 4G connectivity. Also provides users with two Power-over-Ethernet (PoE+) ports enabling power to peripheral devices.

Additional Resources:

*   WatchGuard Firebox T25/T25-W Datasheet
*   WatchGuard Firebox T45/T45-POE/T45-W-POE Datasheet
*   WatchGuard Firebox T85-POE Datasheet
*   WatchGuard Network Security Product Matrix

**About WatchGuard Technologies, Inc.**

WatchGuard® Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platform™ approach is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company’s award-winning products and services span network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. Together, they offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org.Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.

WatchGuard Launches New Line of Firewall Products to Enhance Unified Security for Remote and Distributed Businesses

Categories: Cybercrime
Categories: News
Tags: KillNet

Tags:  CISA

Tags:  DDoS

Tags:  HC3

According to CISA, the pro-Russian KillNet group is actively targeting the US and European healthcare sectors with DDoS attacks.



(Read more...)




The post KillNet hits healthcare sector with DDoS attacks appeared first on Malwarebytes Labs.

At the end of January, the Health Sector Cybersecurity Coordination Center warned that the KillNet group is actively targeting the US healthcare sector with distributed denial-of-service (DDoS) attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) says it helped dozens of hospitals respond to these DDoS incidents.

**DDoS**

A distributed denial-of-service attack uses numerous systems to send network communication requests to one specific target. Often the attackers use enslaved computers, "bots", to send the requests. The result is that the receiving server is overloaded by nonsense requests that either crash the server or keep it so busy that normal users are unable to connect to it.

This type of attack has been popularized by numerous hacker groups, and has been used in state-sponsored attacks conducted by governments. Why? Because they are easy to pull off and hard to defend against.

**KillNet**

KillNet is a pro-Russian group that has been notably active since January 2022. Until the Russian invasion of Ukraine, KillNet was known as a DDoS-for-hire group. Now they are better known for the DDoS campaigns launched against countries supporting Ukraine. In previous campaigns the gang has targeted sites belonging to US airlines, the British royal family, Lithuanian government websites, and many others, but now their main focus has shifted to the healthcare sector. Not for the first time by the way—the group has targeted the US healthcare industry in the past too.

These attacks are not limited to the US. Recently, the University Medical Center Groningen (UMCG) in the Netherlands saw its website flooded with traffic. That attack was attributed to KillNet by the country’s healthcare computer emergency response team, Z-CERT.

The KillNet group runs a Telegram channel which allows pro-Russian sympathizers to volunteer their participation in cyberattacks against Western interests. This sometimes makes it hard to attribute the attacks to this particular group since the attacks will originate from different sources.

**The attacks**

KillNet’s DDoS attacks don't usually cause major damage, but they can cause service outages lasting several hours or even days. For healthcare providers, long outages can result in appointment delays, electronic health records (EHRs) being unavailable, and ambulance diversions.

According to CISA, only half of the KillNet attacks have been able to knock websites offline. CISA says it worked with several tech companies to provide free resources to under-funded organizations that can help them reduce the impact of DDoS attacks. It also plans to continue working with the US Department of Health and Human Services (HHS) to communicate with hospitals about government assistance and third-party services.

**Mitigation**

Although it can be difficult to mitigate DDoS risks, the Health Sector Cybersecurity Coordination Center (HC3) is encouraging healthcare organizations to enable firewalls to mitigate application-level DDoS attacks and use content delivery networks (CDN).

Scrambling for a solution at the moment you find out that you are the target of a DDoS attack is not the best strategy, especially if your organization depends on Internet-facing servers. So, if you don’t have an “always-on” type of protection, make sure you at least have a plan or protocols in place that you can follow if an attack occurs.

Depending on the possible consequences that would do the most harm to your organization, the chosen solution should offer you one or more of these options:

*   Allow users to use the site as normally as possible.
*   Protect your network from breaches during an attack.
*   Offer an alternative system to work from.

The least you should do is make sure you're aware of the fact that an attack is ongoing. The sooner you know what's going on, the faster you can react in an appropriate manner. Ideally, you want to detect, identify, and mitigate DDoS attacks before they reach their target. You can do that through two types of defenses:

*   On-premise protection (e.g. identifying, filtering, detection, and network protection).
*   Cloud-based counteraction (e.g. deflection, absorption, rerouting, and scrubbing).

The best of both worlds is a hybrid solution that detects an attack on-premise early on and escalates to the cloud-based solution when it reaches a volume that the on-premise solution cannot handle. Some DDoS protection solutions use DNS redirection to persistently reroute all traffic through the protectors’ network, which is cloud-based and can be scaled up to match the attack. From there, the normal traffic can be rerouted to the target of the attack or their alternative architecture.

CISA encourages all network defenders and leaders to review these three documents:

*   Joint guide: nderstanding and Responding to Distributed Denial-of-Service Attacks
*   CEG: Additional DDoS Guidance for Federal Agencies
*   Tip: Understanding Denial-of-Service Attacks

**Ransomware warning**

Several security agencies and providers have warned that DDoS attacks are being used as cover for actual intrusions involving ransomware and data theft. In these attacks, the DDoS acts as a smokescreen, drawing attention from the far greater danger posed by the ransomware.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

KillNet hits healthcare sector with DDoS attacks

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. 



Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-1402

**Mattermost vulnerable to denial of service via large number of emoji reactions**

Moderate severity GitHub Reviewed Published Feb 9, 2024 to the GitHub Advisory Database • Updated Feb 9, 2024

**Package**

gomod github.com/mattermost/mattermost/server/v8 (Go)

**Affected versions**

< 8.1.8

\>= 9.2.0, < 9.2.4

\>= 9.1.0, < 9.1.5

**Patched versions**

8.1.8

9.2.4

9.1.5

**Description**

Published to the GitHub Advisory Database

Feb 9, 2024

GHSA-32h7-7j94-8fc2: Mattermost vulnerable to denial of service via large number of emoji reactions

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-25144

**Liferay Portal denial-of-service vulnerability**

Moderate severity GitHub Reviewed Published Feb 8, 2024 to the GitHub Advisory Database • Updated Feb 8, 2024

**Package**

maven com.liferay.portal:release.dxp.bom (Maven)

**Affected versions**

\>= 7.2.0, < 7.2.10.fp19

\>= 7.3.0, < 7.3.10.u6

\>= 7.4.0, < 7.4.13.u27

**Patched versions**

7.2.10.fp19

7.3.10.u6

7.4.13.u27

maven com.liferay.portal:release.portal.bom (Maven)

**Description**

Published to the GitHub Advisory Database

Feb 8, 2024

GHSA-w275-m8cr-hf2v:  Liferay Portal denial-of-service vulnerability

Mattax Neu Prater Eye Center said customer data was involved in third-party cyber-attack

Mattax Neu Prater Eye Center said customer data was involved in third-party cyber-attack

  

A healthcare clinic based in Missouri has informed US regulators of a data breach incident affecting more than 90,000 individuals.

Mattax Neu Prater Eye Center announced the breach at the end of June, however the incident took place in December 2021.

According to HIPAA, 92,361 individuals were impacted by the breach.

Mattax Neu Prater, which provides surgical and non-surgical care, said that the “third -party data security incident” may have resulted in unauthorized access to the sensitive personal information of some patients.

**Third-party leak**

The incident concerns electronic medical records platform myCare Integrity, which is owned by the practice performance company Eye Care Leaders.

According to Eye Care Leaders, on or around December 4, 2021, an unauthorized party accessed myCare Integrity data and deleted databases and system configuration files.

After discovering the suspicious activity, Eye Care Leaders said its incident response team immediately stopped the unauthorized access and began investigating.

“Notably, there was no evidence that this incident involved unauthorized access to any of Mattax Neu Prater’s patient records,” a statement from the clinic reads.

Read more of the latest data breach news

“This incident has affected eye care practices across the country, and is not specific to Mattax Neu Prater.

“This data security incident occurred entirely within Eye Care Leaders’ network environment, and there were no other remedial actions available to Mattax Neu Prater.”

The center added: “However, a lack of available forensic evidence prevented Eye Care Leaders from ruling out the possibility that some protected health information and personally identifiable information may have been exposed to the bad actor.”

Mattax Neu Prater said it does not have any evidence of identity theft as a result of the incident, but has informed anyone who might be impacted via postal mail.

YOU MAY ALSO LIKE Gitlab patches critical RCE bug in latest security release

US eye clinic suffers data breach impacting 92,000 patients

The National Defense Authorization Act passed today, but lawmakers stripped language that would keep the Trump administration from wielding unprecedented authority to surveil Americans.

The US Senate passed the National Defense Authorization Act (NDAA) on Wednesday after congressional leaders earlier this month stripped the bill of provisions designed to safeguard against excessive government surveillance. The “must-pass” legislation now heads to President Joe Biden for his expected signature.

The Senate’s 85–14 vote cements a major expansion of a controversial US surveillance program, Section 702 of the Foreign Intelligence Surveillance Act (FISA). Biden’s signature will ensure that the Trump administration opens with the newfound power to force a vast range of companies to help US spies wiretap calls between Americans and foreigners abroad.

Despite concerns about unprecedented spy powers falling into the hands of controversial figures such as Kash Patel, who has vowed to investigate Donald Trump’s political enemies if confirmed to lead the FBI, Democrats in the end made little effort to rein in the program.

The Senate Intelligence Committee first approved changes to the 702 program this summer with an amendment aimed at clarifying newly added language that experts had cast as dangerously vague. The vague text was introduced into the law by Congress in April, with Democrats in the Senate promising to correct the issue later this year. Ultimately, those efforts proved to be in vain.

Legal experts began issuing warnings last winter over Congress’s efforts to expand FISA to cover a vast range of new businesses not originally subject to Section 702’s wiretap directives. While reauthorizing the program in April, Congress changed the definition of what the government considers an “electronic communications service provider,” a term applied to companies that can be compelled to install wiretaps on the government’s behalf.

Traditionally, “electronic communications service providers” refers to phone and email providers, such as AT&T and Google. But as a result of Congress redefining the term, the new limits of the government’s wiretap powers are unclear.

It is widely assumed that the changes were intended to help the National Security Agency (NSA) target communications stored on servers at US data centers. Due to the classified nature of the 702 program, however, the updated text purposefully avoids specifying which types of new businesses will be subject to government demands.

Marc Zwillinger, one of the few private attorneys to testify before the nation’s secret surveillance court, wrote in April that the changes to the 702 statute mean that “any US business could have its communications \[wiretapped\] by a landlord with access to office wiring, or the data centers where their computers reside,” thus expanding the 702 program “into a variety of new contexts where there is a particularly high likelihood that the communications of US citizens and other persons in the US will be ‘inadvertently’ acquired by the government.”

Despite such warnings, Senate Democrats rushed to reauthorize the 702 program in April with the nebulous language attached. In a floor speech urging his colleagues to temporarily disregard the concerns, Mark Warner, chair of the Senate Intelligence Committee, vowed to amend the law again before the end of year. As of Wednesday it was clear he could no longer keep that pledge.

Text approved in June by Warner’s committee aimed to clarify the scope of the 702 program but was excised from the text of the NDAA earlier this month, reportedly at the urging of Ohio Republican Mike Turner, chair of the House Intelligence Committee, among others. WIRED reported in March that Turner had defended the 702 program during a closed briefing on Capitol Hill, using images of anti-war protesters at US universities to suggest that the spy powers were needed to ferret out potential ties between American students and Hamas. (No such ties have been reported.)

Wiretap orders issued under the 702 program permit the government to secretly eavesdrop on the calls and messages of foreigners, who generally lack any right to privacy under US law. The wiretaps, however, also routinely capture Americans in private conversation, despite constitutional limits that typically forbid such surveillance without a judge’s consent.

Notably, wiretap orders executed under Section 702 are never reviewed by a federal judge. Calls, texts, and emails collected under the program may be stored by the government for up to five years and will be accessed in some cases by the FBI. The bureau maintains its own Section 702 database, which is regularly used to develop leads in cases unrelated to why the wiretaps were originally collected.

An aide to Warner tells WIRED that the senator acknowledges that the changes to Section 702 this year are “overly broad,” adding that he’s aware the language must be “further narrowed.” Warner remains committed to fixing the law, said the aide, “whether it’s in this Congress or the next.”

The botched effort to check the government’s surveillance powers comes as the US national security establishment braces for what’s likely to be one of its most significant shakeups in decades. FBI director Chris Wray announced plans last week to voluntarily step down at the conclusion of Biden’s term, potentially clearing the way for a Republican-controlled Congress to fast-track Patel’s confirmation.

Patel has falsely accused Biden of rigging the 2020 presidential election and has vowed to bring cases “criminally or civilly” against members of the press. Trump has likewise pledged to investigate major news outlets that he has vaguely accused of “threatening treason.” Last week, Senate Republicans kneecapped an attempt by Democratic lawmakers to pass bipartisan legislation that would have shielded US journalists from government spying—likely a reaction to Trump issuing an command on Truth Social to “kill” the bill.

Privacy advocates on both sides of the aisle made failed attempts over the past year to limit the FBI’s access to Americans’ communications without a warrant. The calls for reform followed revelations that the 702 program had been inadvertently abused by FBI employees to conduct searches for the private messages of former and current federal officials, political commentators, and journalists. Other searches unlawfully performed at the FBI targeted a US senator, a state senator, and a state court judge.

According to the Privacy and Civil Liberties Oversight Board, US intelligence analysts have also abused the program to investigate potential sexual partners and potential tenants.

While the 702 program purportedly exists to exclusively further the government’s counterintelligence goals, surveillance experts say its scope likely extends far beyond terrorism and cyber threats, encompassing activities described as falling under the broad scope of US “foreign affairs.” Foreign journalists, government officials, and citizens of friendly nations never accused of a crime are just as likely to be deemed legitimate targets as foreign criminals and members of known terrorist organizations.

A separate amendment excised by congressional leaders from the NDAA, known as as the “Fourth Amendment Is Not For Sale Act,” was passed by the House of Representatives in April. Introduced initially as a standalone bill, the amendment would have banned the federal government from purchasing Americans’ location data without a warrant.

As WIRED has previously reported, US intelligence agencies have acknowledged purchasing large quantities of commercial data on US citizens, including information for which police normally require a warrant.

In a declassified report published last year, the Office of the Director of National Intelligence confirmed that the ocean of personal data being bought up by the government was highly sensitive, and that, in the wrong hands, it could be used to “facilitate blackmail” and other serious crimes.

Congress Again Fails to Limit Scope of Spy Powers in New Defense Bill

Categories: News
Tags: Windows 10

Tags:  Windows 11

Tags:  Windows 10 end of support

The current version of Windows 10, version 22H2, will be the last edition of the operating system (OS).



(Read more...)




The post Microsoft: You're already using the last version of Windows 10 appeared first on Malwarebytes Labs.

Microsoft issued a client roadmap update on Thursday to remind us once again that Windows 10 support is slowly coming to an end. In less than three years, all Windows 10 users will need to have moved to Windows 11. While moving to Windows 11 should be a win for security, some Windows 10 fans may be a little nervous. Upgrading isn't always straightforward, and exacting hardware requirements weigh heavily on Windows 11.

According to the update, the company intends the current version of Windows 10, version 22H2, to be the last edition of the operating system (OS). That meant no more new and significant features for Windows 10. Instead, interesting changes and enhancements will be incorporated into Windows 11. PCMag highlighted that this process is already underway.

Microsoft will continue to release monthly security updates for Windows 10 until October 14, 2025. After that, it will officially pull the plug for consumer users but not for organizations signed up to the Long Term Servicing Channel. Support for them will extend beyond the deadline for up to 10 years. From Microsoft's description:

> The Long-Term Servicing Channel (LTSC) is designed for Windows 10 devices and use cases where the key requirement is that functionality and features don’t change over time. Examples include medical systems (such as those used for MRI and CAT scans), industrial process controllers, and air traffic control devices. We designed the LTSC with these types of use cases in mind, offering the promise that we will support each LTSC release for 10 years--and that features, and functionality will not change over the course of that 10-year lifecycle.

Microsoft recommends Windows 10 users switch to Windows 11 if they haven't already done so. Despite that, Windows 10 remains hugely popular, with a 69 percent share of Windows desktops, globally. Windows 11 trails significantly with just 18 percent, not far off Windows 7, which still accounts for nine percent.

Windows 11's low numbers may soon change as the sunset date approaches, which would be good news for security. Microsoft's latest OS makes multiple improvements over what's available in Windows 10. Microsoft's approach has been to create a chain of trust that ensures the integrity of the entire hardware and software stack, from the ground up. Many of the links in that chain rely on Virtualization Based Security (VBS), a technology that creates secure sandboxes isolated from the main OS. Doing that requires hardware-based virtualization features, which is why Windows 11 has such stringent hardware requirements.

Windows 11 also includes a more efficient way of warding off phishing attacks; warnings when users type passwords into notepad files and other programs; and a default account lockout policy to combat the dangers of Remote Desktop Protocol (RDP) brute force attacks, an automated attack wherein hackers try to guess a users' passwords remotely, over RDP.

And, soon, Windows 11 will allow app developers to tap into its built-in human presence detection (HPD) capabilities to create and share unique experiences. HPD is a new feature that allows touch-free logins of laptops. It also automatically locks the device when a user walks away from it, giving them much-needed privacy. Of course, this feature can only be used if your laptop has the hardware to support it.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Search

lenovo warranty check/lookup | check warranty status | lenovo support us