Mother Sues Alabama Hospital for Baby's Death During Ransomware Attack

Report unmasks security researchers tied to Trump org's communications with Alfa Bank, Data breach exposed data on nearly five million Nieman Marcus customers, FCC launches SIM swap rulemaking, more

Oct 1

Teiranni Kidd has sued Alabama hospital Springhill Medical Center for the death of her baby because a ransomware attack, likely launched by the Russian-based Ryuk gang, shut down critical fetal monitoring systems. Those systems would have alerted doctors to the necessity of a C-section delivery that could have easily saved her child’s life during delivery.

If Ms. Kidd wins her case, it will mark the first confirmed death from a ransomware attack. The hospital denies any wrongdoing and says it handled the attack appropriately. (Kevin Poulsen, Robert McMillan, and Melanie Evans / Wall Street Journal)

Andy Greenberg @a_greenberg

This needs to be translated into Russian and posted to every dark web/cybercrime forum. This is what it means to ransomware a hospital.

A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware DeathA lawsuit says computer outages from a cyberattack led staff to miss troubling signs, resulting in the baby’s death, allegations the hospital denieswsj.com

An investigation by the New York Times shows that contrary to the indictment by Trump-appointed special counsel John Durham against cybersecurity lawyer Michael Sussman, security researchers are suspicious of unusual communications between a server owned by the Trump organizations and a server run by Russia’s Alfa Bank. Those communications were detected in the run-up to the 2016 presidential election.

The New York Times has also revealed the names of the three researchers who studied those communications and whose findings were misleadingly cherry-picked in Durham’s indictment to downplay any possible nefarious motives for the servers’ communications activities. (Charlie Savage and Adam Goldman / New York Times)

Techno Fog @Techno_Fog

NYT gives an answer on the data used by the Sussmann, et al. Alfa Bank "researchers" - it was from DARPA. Relevance to criminal inquiry- What was the classification of that data? What were the restrictions on its use/dissemination? [They should be concerned]

Techno Fog @Techno_Fog

Look closer at Durham's indictment of Michael Sussmann - There lurks potential charges against the Alfa Bank research group for using classified gov't data for their own political operation.

High-end department store Neiman Marcus notified 4.6 million customers that their personal information, including credit card numbers, may have been part of a May 2020 data breach.

The data accessed may have included names and contact information, credit card numbers, and expiration dates, but not the CVV numbers on the back of the card, Neiman Marcus gift cards, usernames, passwords, and security questions and answers “associated with Neiman Marcus online accounts.” (Kim Lyons / The Verge)

The U.S. Federal Communications Commission launched a Notice of Proposed Rulemaking to tackle (SIM) swapping scams and port-out fraud, both of which bad actors use to steal consumers’ cell phone accounts without ever gaining physical control of a consumer’s phone.

The Commission proposes “to amend the Customer Proprietary Network Information(CPNI) and Local Number Portability rules to require carriers to adopt secure methods of authenticating a customer before redirecting a customer’s phone number to a new device or carrier. It also proposes requiring providers to immediately notify customers whenever a SIM change or port request is made on customers’ accounts.” (Karl Bode / Motherboard)

The FCC @FCC

Today, @FCC approved a proposal aimed at combatting SIM swapping scams and port-out fraud, which bad actors use to steal consumers’ cell phone accounts without ever gaining physical control of a consumer’s phone. Details here: go.usa.gov/xMya7. #FCCgov

FCC Combating Scams Used to Commandeer Consumers’ Cell Phone AccountsSeeks Input on Addressing SIM Swapping & Port-Out Fraudgo.usa.gov

According to a former OnlyFans employee, some former OnlyFans support staff still had access to users' data, including sensitive financial and personal information, even after they stopped working for the site. Sex workers use the site to sell nudes and porn videos.

Some ex-employees still had access to Zendesk, a popular customer service software used by OnlyFans to track and respond to customer support tickets, long after leaving the company, the ex-employee says. OnlyFans did not respond to requests for comment. (Samantha Cole / Motherboard)

Related: Digital Trends

In an SEC filing, trucking giant Forward disclosed a late-2020 data breach after a ransomware attack conducted by cybercrime gang Evil Corp. that allowed threat actors to access employees' personal information.

The threat actors potentially accessed employees' names, addresses, dates of birth, Social Security numbers, driver's license numbers, passport numbers, or bank account numbers. (Lawrence Abrams / Bleeping Computer)

Cybersecurity firm Kaspersky Lab published details about a new Chinese cyber-espionage group called GhostEmperor targeting high-profile entities across South East Asia since at least July 2020.

The threat group enters through public-facing servers such as Apache, Oracle, and Microsoft Exchange servers to breach a target’s perimeter network and pivot to more sensitive systems inside the victim’s network. It uses Cheat Engine, a tool used by online gamers to introduce cheats in their favorite video games, to bypass the Windows PatchGuard security feature, and install a rootkit called Demodex inside the victim’s Windows OS. Kaspersky discovered that GhostEmperor targeted governmental entities and telecommunication companies across South East Asia (Malaysia, Thailand, Vietnam, and Indonesia), with outliers in Egypt, Afghanistan, and Ethiopia. (Catalin Cimpanu / The Record)

Related: Bleeping Computer, Securelist

Researchers at cyber risk prevention firm Advanced Intelligence say that the Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.

Veam says there are many ways to keep backup data safe from this kind of attack, including immutable backup copies on-premises, in the cloud, storage system or unique service provider offerings, or even a combination of these. (Lisa Vaas / Threatpost)

Researchers at Cisco Talos say that fraudsters pose as human rights group Amnesty International to trick individuals into downloading malicious software.

Preying on growing concerns over the use of NSO spyware, the hackers advertise a demo for “Amnesty Anti Pegasus” software that could allegedly scan devices for the Pegasus spyware. The malware campaign targets ostensible targets of Pegasus, including activists and journalists, suggesting it might have a state-backed sponsor. (Tonya Jo Riley / Cyberscoop)

Google has issued another emergency update to Chrome to fix three flaws, including two currently exploited in the wild.

The one not known to be exploited in the wild is nonetheless concerning. It is a “use after free” issue, discovered by Weipeng Jiang, a cybersecurity researcher from the Codesafe Team of Legendsec at Qi'anxin Group in China. Google rewarded the researcher with $20,000 in a bug bounty. (Thomas Brewster / Forbes)

Video conferencing app Zoom’s $14.7 billion deal to buy cloud contact center software company Five9 was scuttled after Five9 shareholders rejected the idea.

The news follows concerns expressed by the Justice Department to the Federal Communications Commission that the deal might pose national security risks, specifically linked to Zoom’s interests in China. (Jordan Novet / CNBC)

Photo by Piron Guillaume on Unsplash