In the latest episode of Unmasked, we’re taking a deep dive into August headlines, unpacking all the threats and vulnerabilities that lurk in our digital realm. We’re covering some major ground, from the Burger King data breach to unsettling cyber attacks on hospital EMR systems.
Join us as we also get into the nitty-gritty of credential stuffing attacks, exploring the quirky world of threat group naming, and delving into the intriguing realm of side channel attacks – it’s like something out of a spy movie!
Cybersecurity is like a never-ending puzzle, always evolving. So, keep your eyes peeled, stay informed, and remember that things are rarely straightforward in the world of cybersecurity!
You can subscribe to Unmasked wherever you get your podcasts.
Show notes
Headlines for beginning of August
- Emergency Rooms in 5 states shut down due to cyber attack
- WhatA- cyberattack has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted
- The “data security incident” began Thursday at facilities operated by Prospect Medical Holdings, which is based in California
- Then spread to Texas, Connecticut, Rhode Island and Pennsylvania.
- Ransomware Attack Disrupts Health Care in at Least Three States – The New York Times (nytimes.com)
- Burger King’s Data Breach Exposes Sensitive Credentials
- Experienced a serious data breach that made private login information public
- Security Affairs was first to note the vulnerability
- Exposed credentials could be exploited be malicious actors to access additional systems, perpetrate identity theft or launch targeted attacks on induvial and organizations to the breached data
- Burger King has reportedly taken immediate steps to rectify the situation
Additional: Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)
- Retail chain Hot Topic discloses wave of credential-stuffing attacks (bleepingcomputer.com)
- Sub topic: What is “Credential Stuffing”?
- Microsoft shifts to a new threat actor naming taxonomy | Microsoft Security Blog
- New naming conventions
- Weather related names (Blizzard, Sleet, Typhoon)
- Does this help or hurt?
- Need we ask, does this “water down the threats?” “Downpour of confusion?”
- Table with APT names: How Microsoft names threat actors | Microsoft Learn
- Acoustic attack
- This is one of those things people love to make sound magic.
- Sensitive compartmented information facility – Wikipedia