The Biggest Challenges and Best Practices to Mitigate Risks in Maritime Cybersecurity

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs to be addressed.

New Repository Leaks Souce Code From Microsoft, Adobe, and Dozens of Other Companies

Bleeping Computer reported this week that a new public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Roblox, and Disney: The leaks have been collected by Tillie Kottmann, a developer and reverse engineer, from various sources and from their own hunting for misconfigured devops tools that offer access to source code… According to Bank Security, a researcher focused on banking threats and fraud, code from more than 50 companies is published in the repository…

Kottmann told BleepingComputer that they find hardcoded credentials in the easily-accessible code repositories, which they try to remove as best as they can… Kottmann also says that they comply with takedown requests and gladly provide information that would strengthen the security of a company’s infrastructure. One leak from Daimler AG corporation behind the Mercedes-Benz brand is no longer present in the repository. Another empty folder has Lenovo in its name. However, judging by the number of DMCA notices received (estimated at up to seven) and direct contact from legal or other representatives, many companies may not be aware of the leaks…

COVID-19 Hospital Data Is a Hot Mess After Feds Take Control

slack_justyb shares a report from Ars Technica: As COVID-19 hospitalizations in the US approach the highest levels seen in the pandemic so far, national efforts to track patients and hospital resources remain in shambles after the federal government abruptly seized control of data collection earlier this month. Watchdogs and public health experts were immediately aghast by the switch to the HHS database, fearing the data would be manipulated for political reasons or hidden from public view all together. However, the real threat so far has been the administrative chaos. The switch took effect July 15, giving hospitals and states just days to adjust to the new data collection and submission process.

As such, hospitals have been struggling with the new data reporting, which involves reporting more types of data than the CDC’s previous system. Generally, the data includes stats on admissions, discharges, beds and ventilators in use and in reserve, as well as information on patients. For some hospitals, that data has to be harvested from various sources, such as electronic medical records, lab reports, pharmacy data, and administrative sources. Some larger hospital systems have been working to write new scripts to automate new data mining, while others are relying on staff to compile the data manually into excel spreadsheets, which can take multiple hours each day, according to a report by Healthcare IT News. The task has been particularly onerous for small, rural hospitals and hospitals that are already strained by a crush of COVID-19 patients.

Analysis of WastedLocker targeted ransomware

In late July 2020, tech news sites were brimming with articles about Garmin. Various Garmin services, including device syncing with the cloud and tools for pilots, were disabled. The dearth of accurate information left everyone theorizing wildly. For our part, we decided to wait for some concrete data before assessing the situation.

Avoid these PayPal phishing emails

For the last few weeks, there’s been a solid stream of fake PayPal emails in circulation, twisting FOMO (fear of missing out) into DO THIS OR BAD THINGS WILL HAPPEN. It’s one of the most common tools in the scammer’s arsenal, and a little pressure applied in the right way often brings results for them.