Hollywood hospital hit with ransomware: Hackers demand $3.6 million as ransom

An internal emergency has been declared at a major US hospital in Los Angeles following a widespread ransomware-style cyberattack which has left staff unable to access vital patient data, it has been revealed.

Hackingstuffs

@Copyright Hackingstuffs

The Hollywood Presbyterian Medical Centre, located in the heart of LA, is now dealing with hackers who are reportedly demanding over 9000 bitcoins – which equates to roughly $3.6m – to release the encryption keys to computer systems that hold patient data, X-Ray scans, CT scans and crucial lab work.
Why advertise with us

According to NBC Los Angeles, hospital president and chief executive Allen Stefanek said that staff first started to notice “significant IT issues” on 12 February, however reports indicate that the attack may have started over a week ago. Now, forensic computer experts from the Los Angeles Police Department (LAPD) and the FBI have been called in to investigate further.

An unnamed doctor has admitted that the hospital’s computer system was hacked and is currently being held for ransom, adding that departments are now communicating through fax machines because they have no access to email. Furthermore, a number of patients have been transferred to other hospitals.

Meanwhile, a separate report by Fox (Los Angeles) reaffirmed that the cyberattack has directly affected the ‘day-to-day’ operations of the hospital.

What is Ransomware attack?

Ransomware is a type of malware which restrict access to the infected computers. And ask users to pay money to get access back to the system. Some type of Ransomware will encrypt the system hard drive in a way that you need to pay to decrypt it. While some may simply lock the system and display messages intended to coax the user into paying. This type of attack got popular from 2013.

UK arrests teen suspected of hacking CIA chief

British authorities, with help from the FBI, have arrested a teenager who infiltrated the personal email account of the director of the CIA and posting personal details online.

The 16-year-old boy was arrested in the East Midlands on Tuesday Feb 09 as part of an investigation in to the data breach of John Brennan’s emails last year.
landscape-tech-computer-hacker
For the past several months, a group calling itself “Crackas With Attitude” has been disclosing private information associated with such high-ranking officials as CIA Director John Brennan, Director of National Intelligence James Clapper, Homeland Security Secretary Jeh Johnson.

Information about rank-and-file employees working for the FBI, Justice Department and the Department of Homeland Security were posted online this week, though sources described the pilfered information as amounting to an internal phone directory.

Authorities suspect so-called “social engineering” may have helped those responsible gain access to the federal systems, according to one U.S. official.

But a spokesman for the South East Regional Organized Crime Unit would neither confirm nor deny what he called “speculation” linking the arrest to the hacks targeting U.S. officials.

Social engineering essentially involves a hacker gaining access to a system by sending an email to someone and pretending to be a known or trusted associate of the recipient.

“There is no indication at this time that there is any breach of sensitive or personally identifiable information,” DHS said in a statement earlier this week.

But officials expressed concern that more sensitive information was accessed and could be released.

In October, a personal AOL email account associated with CIA Director Brennan, and containing personally identifiable information, was hacked, as was an account linked to DHS Secretary Johnson.

Sources said it did not appear Brennan used the account for government business after he became CIA director. Johnson’s targeted account also was not used regularly, sources said at the time.

U.S. authorities began to identify what they thought was a group of suspects at least two months ago, ultimately narrowing in on the 16-year-old in England, the sources said.

Our Team- mourn death of former president APJ Abdul Kalam

#RIP Missile Man APJ Kalam

The missile man of India, an inspiration for thousands of students and youth, Bharat Ratna Mr. APJ Abdul Kalam passed away. Passionate legends usually die by holding their passion, as he died collapsing while delivering a lecture.

#RIP Missle Man APJ

#RIP Missle Man APJ – We miss You

One & Only President ever who made his presence everyday through his actions & A Great Role Model 2 Youth.

Android hijacking bug allows attackers to install password stealers

Half of Android devices may be vulnerable to surreptitious install exploits.

Roughly half of all Android handsets are vulnerable to a newly discovered hack that in some cases allows attackers to surreptitiously modify or replace seemingly benign apps with malicious ones that steal passwords and other sensitive data.

The “Android installer hijacking” vulnerability, as it has been dubbed by researchers from Palo Alto Networks, works only when apps are being downloaded from third-party app stores or when a user clicks on an app promotion advertisement hosted by a mobile advertisement library. Technically, it’s based on what’s known as a Time-of-check to time-of-use vulnerability. Affected devices fail to verify that the app being installed at the time of use was the one the end user approved during the time of check, which occurs when a user approves app permissions such as network access or access to the contacts database. The bug involves the way the system application called PackageInstaller installs app files known as APKs.

“A vulnerability exists in this process because while the user is reviewing this information, the attacker can modify or replace the package in the background,” Palo Alto Networks researcher Zhi Xu wrote in a blog post published Tuesday. “Verified with Android OS source code posted in AOSP [Android Open Source Project], it shows that the PackageInstaller on affected versions does not verify the APK file at the ‘time of use.’ Thus, in the “time of use’ (i.e., after clicking the ‘install button), the PackageInstaller can actually install a different app with an entirely different set of permissions.”

One scenario for exploiting the vulnerability involves an attacker using a benign-looking app to install malware in the future. A second scenario uses the same weakness to mask the true permissions an app requires. In both cases, targeted users can end up installing apps that are vastly different from the ones they approved during the permissions process.

The vulnerability has been patched in Android version 4.3_r0.9 and later, but Xu warned that some Android 4.3 devices remain vulnerable. By Google estimates, that accounts for 49.9 percent of the handsets the company monitors. Palo Alto Networks has released a scanner app that will indicate if a given device is vulnerable. People using vulnerable devices should steer clear of third-party app stores and use Google Play as their sole source of apps.

Credits : (www.arstechnica.com)

Twitch Website Hacked – Users are warned to reset their passwords

Video games live streaming website Twitch has been hacked, leaving user account information including credit card details vulnerable.

Twitch Website Hacked

Twitch Website Hacked

Twitch users’ accounts have been reset and it does not seem that any credit card or other financial information has been made available. But passwords do appear to have been leaked and the company recommends that users reset their details on any site where they use the same password.

Users this morning received emails this morning telling them that “there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password (which was cryptographically protected), the last IP address you logged in from, and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.”

Twitch accounts have had their passwords reset. Any connections between Twitch accounts and Twitter, Facebook or YouTube ones have been reset, and will need to be reconfigured by users.

Passwords have also been reset, and users will be prompted to set a new one when they first log back in to the service.

Amazon bought Twitch in 2014 for about $970 million (£650 million), outbidding internet giant Google for the company. Twitch receives more than 50 million unique visitors a month.

The deal was worth $970 million, and some analysts have said that the fast-growing industry could eventually be “bigger than Hollywood”.

NYPD Union website allegedly hacked by Anonymous

A cyberattack which shut down a website for the NYPD captains union, targeting it with malware, union officials said.

NYPD Union Website

NYPD Union Website Attacked By Anonymous

Anonymous Hackers Group, which supported the Occupy Wall Street movement recently started an online war with ISIS, Last friday corrupted the website of the Captain Endowment Association.

“There are indications the attack on our website was orchestrated by a group identifying themselves as “Anonymous” who have a history of targeting police websites across the country,” wrote the union’s president Roy Richter, in a letter to members.

This group hacked into California Statewide Law Enforcement Association’s website in 2012– and released it’s members’ addresses, as well as credit card information.

Richter wrote that the captain’s association does not store any personal information about union members on the website, so that no “confidential information has been compromised.”

The letter also noted that the association was adding new security protections to the website, and that the union considered the attack more an irritation than a threat.

Eithiopian Government and Hacking Team have joined the hands to use commercial spy-ware against journalists‏

Ethiopia’s Government has been termed as most political restrictive government on many occasions by international media in conjunction with Washington Post, ny times, and totally different credible medium sources. The suppression being beard by Journalists, civil society, and media ar presently extended to overseas journalists. The off-the-peg spyware was purchased by Ethiopian Government from the Italian Security Firm the Hacking Team for internal security of the country, but Government deconsecrated the terms and conditions of use and extended its implementation on Journalists. The Journalists operational for freelance Ethiopian News Network Ethiopian tv Network (ESAT) The network of freelance Ethiopian expat Journalists practiced interception by official of Ethiopian’s Internal information Security instrumentation referred to as as Ethiopian Internal Network Security Agency (INSA) troubled journalists operational from Alexandria, Virginia, but it’s presently for the first time that, Journalists outside the continent have practiced harassment by INSA.This attack on yank Journalists was applied by Hacking Team’s device System Spyware (RCS) in line with the Hacking Team product web site, designed to evade encoding by means that of an agent directly put in on the device to observe. proof assortment on monitored devices is concealment and transmission of collected information from the device to the RCS server is encrypted and untraceable. Hacking Teams’ Customers policy clearly states that “ we have a tendency to monitor the international politics state of affairs and that we review potential clients before a purchase to see whether or not or not there’s objective proof or credible issues that Hacking Team technology provided to the customer are going to be wont to facilitate human rights violations”. However, The Lab Report Suggests  that not solely did Hacking Team not suspend its service to Ethiopia’s government following the same attack back in 2013, however the Italian firm might have even provided the INSA with code updates within the year since despite of human rights accusations against the government. agency by targeted journalists and therefore the government’s long and storied history of political repression. That is a transparent violation of the company’s internal policing policy. “This is for that the second spherical of coordinated tends at putting in spyware in order that they will constantly monitor our systems and uncover WHO our sources are inside the Yaltopya,” aforementioned Neamin Zeleke, the director of Ethiopian satellite TV, that is commonly  referred to as ESAT.”This could be an extremely tenacious action to throttle on freedom of expression” Zeleke.It  became doubtable and malicious , instantly  a message arrived in his inbox in December with Associate in Nursing attachment claiming to possess info concerning upcoming elections. Normally, that is the style of info ESAT is raring to urge its hands and  is dominated by a government notoriously unfriendly to the press — departure a lot of  the freelance journalism on native affairs to outfits admire ESAT that operate outside of the country however believe sources from within Ethiopia.

Many corporations that market their tools to foreign governments have created it a degree to remain outside the vary of U.S. courts, he said, and that they typically argue they can’t be command accountable for what a rustic will once it buys the merchandise. “it  turns a blind eye to the abuses of their merchandise, and that they have been started with terrible starting,” Cardozo aforementioned.

The critics aren’t solely accuse Ethiopian Government and Hacking Team for this attack on freedom of expression, however stringent U.S. to require necessary actions against this sort of Malicious Attacks in African Territories as a result of presently these style of all suspicious shopping for deals to foreign governments lie outside the jurisdiction of courts of us.. It’s not for the primary time and it’s additionally not for the last , however it may be created as last attack by Foreign Governments on independence of Journalism, otherwise foreign Governments can keep manipulating these suspicious security equipment to suppress the their political rivals, media persons, and civil society activists.