- Shared Security Podcast
- Posts
- New Episode Alert EP141
New Episode Alert EP141
More Ransomware Attacks on Hospitals! 😷
In episode 141 for October 5th 2020: Universal Health Services is the latest victim of a massive hospital ransomware attack, the FBI issues new warnings about false claims of hacked voter information, and the top Android 11 privacy and security features.
Get off the grid with Silent Pocket's full line of faraday bags, wallets, and phone cases which will make your devices untrackable, unhackable and undetectable. Visit
to check out their full product line and because you listen to the Shared Security Show, don't forget to take 15% off your order by using discount code "sharedsecurity".
Large US hospital chain hobbled by Ryuk ransomware
I feel like I'm starting to sound like a broken record here but just like I talked about on last week's show, this week we saw another ransomware attack on a hospital but this time
. On September 28th Universal Health Services (or known as UHS) disclosed a quote "IT Security Issue" stating that the entire IT network across all of their facilities was offline and unavailable. And while they did not state they were the victim of a ransomware attack,
quickly came to that conclusion. This was based on supposed eyewitness details and other sources who say they work at the hospital system stating that Ryuk ransomware, which may have started from a phishing email, was to blame. Considering that the ransomware took down an entire network with over 400 locations, it's very possible that the attackers may have also stolen patient and employee data as well. In the meantime, hospital and facility workers have resorted to traditional "pen and paper" to conduct their jobs all the while ensuring they are taking care of their patients. No deaths, at least as of this podcast recording, have been attributed to this attack.
as this story continues to develop.
In other ransomware news the cybercriminal responsible for attacking a Nevada school district with a ransomware attack
. In this case, the school district refused to pay the ransom which led to the publishing of student names, Social Security numbers, addresses and financial information all on an underground forum.
FBI warns of disinformation campaigns about hacked voter systems
The Federal Bureau of Investigation and the US Cybersecurity and Infrastructure Security Agency last week
about the threat of disinformation campaigns targeting the 2020 US elections. According to the alert, threat actors are actively spreading false information about successfully compromised voting systems and voter registration databases to quote "manipulate public opinion, sow discord, discredit the electoral process and to weaken the public's trust in US institutions." What's interesting here is that US voter registration data can easily be purchased or acquired through public sources so there would be no "hacking" needed to get to this information anyway. However, many people don't know this and when these threat actors (most likely from Russia, China, and Iran) spread false news, especially through social media, it can definitely cause huge problems for our upcoming election. The FBI has some great advice though. Verify what you read or see in the media through multiple sources and never share potentially false information through social media without first verifying its factual, and to report suspected disinformation through in-platform tools offered by social media companies for reporting suspicious posts that appear to be spreading false information. Like I talked about a few weeks ago when Microsoft alerted about an increase in cyberattacks targeting the US election coming from Russia, China, and Iran, these attacks and disinformation campaigns are only going to get worse the closer we get to election day. Remember, don't just take what you read or see in the media about voter fraud as the end all be all truth, as we all need to think more critically and carefully when it comes to news and factual information related to this upcoming election.
Android 11 — 5 New Security and Privacy Features You Need to Know
In last week's episode I touched on the top Apple iOS 14 privacy features and improvements so this week I want to talk about
which was released a few weeks ago. So let's get to it with the first feature which is called "one-time permissions". This allows you to grant apps single use access to certain permissions like your camera, microphone, or location. So if you prefer, each time you open the app, you'll be asked if you want to approve the request again. And related to that, another new privacy feature will reset the permissions of apps you haven't used in a while, preventing any unnecessary access in the background for apps you installed and only used once.
Next, Google improved the way Android 11 handles work and personal profiles for enterprise users called "scoped storage" which gives each app an isolated storage area on the device in a way that no other app installed on the same device can directly access data saved by other apps. Now that it's enabled for all apps by default, apps don't require any special permissions to save and access their own sandboxed files on external storage.
And probably the biggest improvement to privacy on Android 11 is further restrictions on how apps access background location data. So when an app requests permission to access your location, Android 11 ensures first granting only the foreground location, and if it requires access to the location from the background as well, the app has to make a separate permission request. In addition, Google also now requires developers to explain why their app needs access to background location data in the first place.
And lastly, from a security perspective Google has improved the Google Play Store integration on the device, allowing it to download and install critical OS security patches as modules instantly, just like an app, from Google's servers. This means, Android 11 users would receive security and bug patches as soon as they're available instead of relying on device manufacturers to release operating system updates.
Watch this episode on our YouTube Channel!
SeptemberMonthly ShowEpisode 104In our October monthly episode we continue our three part series on targeted attacks. In this episode we discuss the pretext and how attackers develop and launch their attacks with special guests Nathan Sweaney, Senior Security Consultant at Secure Ideas and Kevin Johnson, CEO of Secure Ideas.
Watch this episode on our YouTube Channel!
Please support our sponsors!
Take advantage of this exclusive offer and help support this podcast!
Visit
to shop Silent Pocket's great line of privacy focused products.