When Teiranni Kidd walked into Springhill Medical Center on July 16, 2019, to have her baby, she had no idea the Alabama hospital was deep in the midst of a ransomware attack. For nearly eight days, computers had been disabled on every floor.

A real-time wireless tracker that could locate medical staff around the hospital was down. Years of patient health records were inaccessible. And at the nurses’ desk in the labor and delivery unit, medical staff were cut off from the equipment that monitors fetal heartbeats in the 12 delivery rooms.

[ Source : wsj ]

Read more 

Risk resulting from a cybersecurity event affects the entire organization. “As such, the cyber workforce—those responsible for preventing and responding to an attack—are no longer limited to just ‘the geeks in the basement,'” said James Hadley, CEO and founder of Immersive Labs, in an email exchange. “Until we prioritize cyber skills and education for the workforce at large, the threat landscape will continue to outpace us.”

To be more precise, cyberattacks can have a financial, reputational, regulatory, legal and technical impact. “This goes far beyond making sure employees don’t click on a phishing email,” Hadley added. “When cyber risk is all-pervasive, the skills that go towards protection and response must be equally as extensive.”

[ Source : techrepublic ]

Read more 

iPhone users have been urged to remove their Visa details from Apple Pay after researchers uncovered a dangerous flaw fraudsters could use to make unlimited contactless payments. Experts from the University of Birmingham and the University of Surrey warned the issue could even be exploited to make transactions from an iPhone inside someone’s bag, without their knowledge.

They claim the vulnerability only happens on Apple Pay when a Visa card is set up as an Express Travel Card, also known as Express Transit mode – a feature intended for owners to tap in and out of public transport without needing to unlock their phone.

[ Source : Mirror.co.uk ]

Read more 

Cybersecurity researchers disclosed details of an unpatched zero-day vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines.

“A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user,” SSD Secure Disclosure said in a write-up published today.

[ Source : thehackernews ]

Read more 

Researchers discovered API security flaws impacting several apps, potentially exposing the personal and financial information of millions of consumers.According to CloudSEK, around 250 of the 13,000 apps published to its BeVigil “security search engine” for mobile applications utilize the Razorpay API to conduct financial transactions.

Unfortunately, it was discovered that about 5% of these had disclosed their payment integration key ID and key secret. This is not an issue in Razorpay, which caters over eight million businesses, but rather with how app developers are misusing their APIs.

[ Source : ehacking News]

Read more