Senate Finance Committee Warned DHS of Poor Security of Organ Transplant Sharing Network

Illuminate Education data breach highlights school system tracking system risks, Experts puzzled over Secret Service's January 6 texts back-up fail, Oz teen spent RAT proceeds on take-away food, more

Aug 1

man in white dress shirt wearing white goggles — Photo by National Cancer Institute on Unsplash

Leaders of the Senate Finance Committee grew so alarmed during a closed-door briefing earlier this year about the security of the system for getting donated kidneys, livers, and hearts to desperately ill patients that they warned officials at the Department of Homeland Security and intelligence agencies they had “no confidence” in the security of the transplant network.

The United Network for Organ Sharing (UNOS) holds the monopoly on getting organs to transplant victims. The Health Resources and Services Administration (HRSA) oversees UNOS, but that agency has little authority to regulate transplant activity, and UNOS has rejected any attempts to regulate the system. The Finance Committee has scheduled a hearing on the system for Wednesday. (Joseph Menn and Lenny Bernstein / Washington Post)

Drew Harwell @drewharwell

The monopoly that runs America's organ transplant network works worse than DoorDash, won't let anyone see its source code and has gone down for hours at a time. 20% of usable kidneys go to waste, 2x worse than other countries washingtonpost.com/health/2022/07… @LennyMBernstein @josephmenn

Kaitlan Collins @kaitlancollins

The system for getting donated kidneys, livers & hearts to desperately ill patients relies on out-of-date technology that’s crashed for hours at a time & has never been audited by federal officials for security weaknesses or other major flaws, WaPo reports Thousands of lives depend on a transplant network in need of ‘vast restructuring’The mechanics of the entire transplant system must be overhauled, a government review concluded, citing aged software, periodic system failures, mistakes in programming and over-reliance on manual input of data.washingtonpost.com

A recent cyberattack on Illuminate Education, a leading provider of student-tracking software, highlights how the software many school districts use to track students contains highly confidential information on children such as “Intellectual disability,” “Emotional Disturbance,” “Homeless,” “Disruptive,” “Defiance,” “Perpetrator,” “Excessive Talking. and more.

The Illuminate incident affected the personal information of more than a million current and former students across dozens of districts, including New York City and Los Angeles, the nation’s largest public school systems. The exposure of students’ sensitive data could have long-term implications for them, which has prompted Hector Balderas, the attorney general of New Mexico, to sue tech companies for violating the privacy of children and students.

Balderas said that Congress had failed to enact modern, meaningful data protections for students while regulators had failed to hold ed tech firms accountable for flouting student data privacy and security. Illuminate said it had “no evidence that any information was subject to actual or attempted misuse” and “implemented security enhancements to prevent” further cyberattacks.

However, despite extolling a series of security upgrades the company has said it implemented since the cyber incident, Greg Pollock, the vice president for cyber research at UpGuard, a cybersecurity risk management firm, found one of Illuminate’s AWS buckets with an easily guessable name, which is one known route that bad actors can follow to obtain student data, particularly given how often organizations misconfigure those buckets. The reporter then found a second AWS bucket named after a popular Illuminate platform for schools. (Natasha Singer / New York Times)

Bill Fitzgerald (he/him) @funnymonkey

Thread. Data breaches, bad security. It's all here.

Natasha Singer @natashanyt

I spent the last month looking into the cyberattack on Illuminate Education which affected more than million students nationwide. Among our findings: 1. Before the hack, Illuminate Education did not have a chief information security officer. https://t.co/SlehIZozgP

leonie haimson @leoniehaimson

Re illuminate breach; “There has really been an epic failure,” said NM AG whose office has sued tech companies for violating kids privacy. Congress has failed to enact data protections for students while regulators failed to hold ed tech firms accountable.

A Cyberattack Illuminates the Shaky State of Student PrivacyAt a moment when education technology firms are stockpiling sensitive information on millions of school children, safeguards for student data have broken down.nytimes.com

Cybersecurity experts and former government leaders are stunned by how poorly the Secret Service and the Department of Homeland Security handled the preservation of officials’ text messages and other data from around Jan. 6, 2021.

Experts are divided over whether the disappearance of phone data from around the time of the insurrection is a sign of incompetence, an intentional coverup, or some murky middle ground. Paul Rosenzweig, a senior policy official at the Department of Homeland Security during the George W. Bush administration, polled 11 of his friends with cybersecurity backgrounds, including information-security chiefs at federal agencies, on whether any of them had ever done a migration without a plan for backing up data and restoring it. None of them had. Experts said that the Secret Service had truly wanted to preserve agents’ messages, it should have been almost trivially easy. (Drew Harwell, Will Oremus, and Joseph Menn / Washington Post)

Related: CNN, Insider, Bloomberg

matt blaze @mattblaze

This article is further confirmation of what I've also heard from trusted sources (and had been assuming): that the missing Secret Service messages were unarchived iMessage texts sent on agency-issued iPhones. Secret Service’s ‘ludicrous’ deletion of Jan. 6 phone data baffles expertsExperts are divided over whether the disappearance of phone data from around the time of the insurrection is a sign of incompetence or an intentional coverup.washingtonpost.com

Robᵉʳᵗ Graham @ErrataRob

It's not "baffling" it's simply "unknown". This is way conspiracy-theorists talk. Instead of clear evidence explaining malfeasance, they point to the "unexplained" -- the inability to explain the unexplained serves as proof of their conspiracy-theories.

Carol Leonnig @CarolLeonnig

“It’s ludicrous” Deletion of Secret Service texts from Jan. 6 - and lack of real plan to back them up baffles experts - ⁦@drewharwell⁩ ⁦@WillOremus⁩ ⁦@josephmenn⁩ https://t.co/kinYv2h6RA

Canadian coffee giant Tom Hortons proposes offering impacted customers a free hot drink and a baked good as a settlement in class action lawsuits filed after the company spied on app users for over a year.

The proposal, subject to court approval, settles four class action lawsuits in Quebec, British Columbia, and Ontario involving the Tim Hortons app. In June, Canadian regulators said that Tim Hortons’ data collection violated Canadian law by tracking every time a user entered or left a Tim Hortons competitor, a major sports venue, or their home or workplace. (Joseph Cox / Motherboard)

James McLeod @jamespmcleod

Ok so Tim Hortons spent more than a year silently and illegally tracking users through their mobile app, and the proposed class action settlement is ... a free coffee and a donut. I swear to fucking god. This is real.

Ten days after Krebs on Security published an expose on 911[.]re, a proxy service that has sold access to hundreds of thousands of Microsoft Windows computers daily, the service announced it is shutting down in the wake of a data breach that destroyed critical components of its business operations.

The proxy service operated multiple pay-per-install schemes that paid affiliates to surreptitiously bundle the proxy software with other software, continuously generating a steady stream of new proxies. (Brian Krebs / Krebs on Security)

Jared Rimer @jrimer2008

Krebs on security 911 Proxy Service Implodes After Disclosing Breach: 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a… dlvr.it/SVlK6G

Australian Federal Police allege that a teenager living in the suburbs of Brisbane, Jacob Wayne John Keen, created and sold a sophisticated hacking tool used by domestic violence perpetrators and child sex offenders to spy on tens of thousands of people across the globe and then used the proceeds to buy takeaway food.

They allege he created a sophisticated remote access trojan (RAT) called Imminent Monitor that allowed users to take control of their victims’ computers remotely. Keen allegedly sold the tool for $35 on a hacking forum, making between $300,000 and $400,000 by selling it to more than 14,500 people in 128 countries. (Michael McGowan / The Guardian)

Eva @evacide

What kind of take-out was this guy ordering? Was he living on that $75 fried rice with lobster and ikura?

The Justice Department unveiled a conspiracy charge against Russian national Aleksandr Viktorovich Ionov for allegedly orchestrating “a years-long foreign malign influence campaign that used various U.S. political groups to sow discord, spread pro-Russian propaganda, and interfere in elections within the United States.”

Prosecutors allege that the conspiracy was to establish relationships that would “further the interests of the Russian Federation.” Ionov, the indictment alleges, worked with FSB agents to “identify and exploit” connections with the US political groups.

They describe the groups as “separatist groups” based in Florida and California that advocated for seceding from the US and allege that Ionov had “direction or control over these groups on behalf of the FSB,” providing financial support for the group and using them to publish Russian and pro-separatist propaganda online and on the radio. The Treasury Department also announced sanctions Friday against Ionov and Natalya Valeryevna Burlinova, the president of an organization allegedly connected to the Russian intelligence service and their organizations. (Tierney Sneed and Holmes Lybrand / CNN)

Donie O'Sullivan @donie

For those interested in foreign influence operations -- the DOJ indictment today on Russians co-opting political groups in the US is a goldmine. Fascinating stuff.

William Turton @WilliamTurton

Ionov, who was just charged with working on behalf of the Russian FSB to sew discord in American politics, was written about in this 2016 Buisnessweek story bloomberg.com/news/features/…

Researchers at Sentinel Labs say that a threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load beacons from penetration testing technology Cobalt Strike on compromised systems and evade detection by security software.

In a recent incident response case for a LockBit ransomware attack, researchers at Sentinel Labs noticed the abuse of Microsoft Defender’s command line tool “MpCmdRun.exe” to side-load malicious DLLs that decrypt and install Cobalt Strike beacons by exploiting a Log4j flaw on vulnerable VMWare Horizon Servers to run PowerShell code. (Bill Toulas / Bleeping Computer)

Related: SentinelOne

Thomas Griffiths @ThomGriffiths

Whilst this story is about abusing #microsoftdefender to install #cobaltstrike what is more notable is the continued success adversary's have in exploiting #log4j for initial access... #lockbit #cybersecurity #vulnerabilitymanagement

LockBit ransomware abuses Windows Defender to load Cobalt StrikeSecurity analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems.lnkd.in

U.S. lawmakers and researchers are seeking solutions for securing the thousands of satellites orbiting the Earth, many of which are now controlled by the private sector.

“We need to make every effort to understand what further actions can be and should be taken to strengthen cybersecurity for civil and commercial space systems, including commercial space systems that provide mission-critical government data and services," said Subcommittee on Space and Aeronautics Chairman Rep. Don Beyer (D-VA) in a hearing of the House Science, Space, and Technology Committee’s Subcommittee on Space and Aeronautics. One witness at the hearing, Theresa Suloway, Space Cybersecurity Engineer at MITRE Corporation, testified in favor of incentivizing commercial sector information-sharing through voluntary collaborations rather than regulatory approaches to getting the private sector on board, partly out of concerns that commercial space companies would choose to launch from other parts of the world where they did not have to comply. (Andrea Peterson / The Record)

Related: Meritalk, Science.House.gov

Morocco’s national security authorities have apprehended a French national, Sebastien Raoult, who is wanted by the US for alleged cybercrime, under a cooperation framework between Morocco’s General Directorate for National Security (DGSN) and the FBI.

U.S. intelligence authorities suspect that the French student is affiliated with ShinyHunters, an infamous cyberterrorism group believed to be behind some of the most notable data breaches made public in the past two years, including multiple cyber attack operations that had targeted U.S. companies, including tech giant Microsoft. According to media reports, the suspect’s attorney is requesting Moroccan authorities extradite his client to France rather than the United States, maintaining that he had only ever been to Morocco and France. (Jihane Rahhou / Morrocco World News)

Researchers at Volexity say that a threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers capable of stealing email content from Gmail and AOL in a cluster of activity they call SharpTongue.

SharpTongue share overlaps with an adversarial collective publicly referred to under the name Kimsuky has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea." The group’s latest effort employs an extension named Sharpext to exfiltrate email data. (Ravie Lakshmanan / The Hacker News)

Nirvana Finance, a Solana-based yield protocol, suffered a $3.5 million exploit utilizing flash loans to manipulate and drain its liquidity pools.

Nirvana’s stablecoin NIRV dropped 85% from its dollar peg after the hack. Nirvana appealed to the hacker on Twitter and offered a $300,000 “white hat” bounty and a cessation of further investigation if the stolen funds were returned. (Shaurya Malwa / Coindesk)

Nirvana Finance @nirvana_fi

To The Nirvana Hacker: On behalf of the Nirvana Finance community, we humbly ask that you return the stolen funds from our treasury. 1/5

Students at Sapir College near Sderot in Israel received text messages claiming that their personal information was being held for ransom by hackers.

The college issued a statement saying that "So far, no traces of a hack into sensitive information systems or personal accounts have been found.” (Arutz Sheva)

Related: PressTV, Jerusalem Post

Trend Micro researchers say the Gootkit access-as-a-service (AaaS) malware operators have resurfaced with updated techniques to compromise unsuspecting victims.

Although Gootkit used freeware installers to mask malicious files in the past, the researchers say it now uses legal documents to trick users into downloading these files. (Ravie Lakshmanan / The Hacker News)

Related: Trend Micro

Metacurity