Ransomware Gang Uses New Zero-Day To Steal Data On 1 Million Patients

Community Health Systems (CHS), one of the largest healthcare providers in the United States with close to 80 hospitals in 16 states, confirmed this week that criminal hackers accessed the personal and protected health information of up to 1 million patients. TechCrunch reports: The Tennessee-based healthcare giant said in a filing with government regulators that the data breach stems from its use of a popular file-transfer software called GoAnywhere MFT, developed by Fortra (previously known as HelpSystems), which is deployed by large businesses to share and send large sets of data securely. Community Health Systems said that Fortra recently notified it of a security incident that resulted in the unauthorized disclosure of patient data. “As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” according to the filing by Community Health Systems, which was first spotted by DataBreaches.net. The healthcare giant added that it would offer identity theft protection services and notify all affected individuals whose information was exposed, but said there had been no material interruption to its delivery of patient care.

CHS hasn’t said what types of data were exposed and a spokesperson has not yet responded to TechCrunch’s questions. This is CHS’ second-known breach of patient data in recent years. The Russia-linked ransomware gang Clop has reportedly taken responsibility for exploiting the new zero-day in a new hacking campaign and claims to have already breached over a hundred organizations that use Fortra’s file-transfer technology — including CHS. While CHS has been quick to come forward as a victim, Clop’s claim suggests there could be dozens more affected organizations out there — and if you’re one of the thousands of GoAnywhere users, your company could be among them. Thankfully, security experts have shared a bunch of information about the zero-day and what you can do to protect against it. Security researcher Brian Krebs first flagged the zero-day vulnerability in Fortra’s GoAnywhere software on February 2.

“A zero-day remote code injection exploit was identified in GoAnywhere MFT,” Fortra said in its hidden advisory. “The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses (when running in cloud environments, such as Azure or AWS).”

Read more of this story at Slashdot.

Amazon Plans To Eventually ‘Go Big’ On Physical Grocery Stores

Amazon CEO Andy Jassy told the Financial Times that the company intends to “go big” on its brick-and-mortar grocery store business. Engadget reports: Amazon bought Whole Foods in 2017 for $13.7 billion, but the company is far from dominating the grocery market like it has so many other sectors. The company’s physical store division accounts for 3.4 percent of overall business and has grown only around 10 percent since the Whole Foods acquisition. “We’re just still in the early stages,” Jassy told the Financial Times. “We’re hopeful that in 2023, we have a format that we want to go big on, on the physical side. We have a history of doing a lot of experimentation and doing it quickly. And then, when we find something that we like, doubling down on it, which is what we intend to do.”

Many of the layoffs Amazon recently announced were in its grocery division. It has closed several of its Fresh supermarkets and put plans to open new ones on hold as it tries to find a format and formula that works. Jassy noted that many Fresh locations opened in the midst of the COVID-19 pandemic and as such Amazon hasn’t “had a lot of normalcy.” The physical retail business has struggled on other fronts. Almost a year ago, Amazon said it was closing all of its bookstores, 4-star shops and pop-up locations across the US and UK. The aim at the time was to focus more on the grocery side of things as well as physical clothing stores. However, Amazon took a $720 million hit last quarter due to slowing down its grocery expansion plans.

Read more of this story at Slashdot.

Steep Declines In Data Science Skills Among Fourth- and Eighth-Graders Across America, Study Finds

A new report (PDF) from the Data Science 4 Everyone coalition reveals that data literacy skills among fourth and eighth-grade students have declined significantly over the last decade even as these skills have become increasingly essential in our modern, data-driven society. Phys.Org reports: Based on data from the latest National Assessment of Educational Progress results, the report uncovered several trends that raise concerns about whether the nation’s educational system is sufficiently preparing young people for a world reshaped by the rise of big data and artificial intelligence. Key findings include:

– The pandemic decline is part of a much longer-term trend. Between 2019 and 2022, scores in the data analysis, statistics, and probability section of the NAEP math exam fell by 10 points for eighth-graders and by four points for fourth-graders. Declining scores are part of a longer-term trend, with scores down 17 points for eighth-graders and down 10 points for fourth-graders over the last decade. That means today’s eighth-graders have the data literacy of sixth-graders from a decade ago, and today’s fourth-graders have the data literacy of third-graders from a decade ago.

– There are large racial gaps in scores. These gaps exist across all grade levels but are at times most dramatic in the middle and high school levels. For instance, fourth-grade Black students scored 28 points lower — the equivalent of nearly three grade levels — than their white peers in data analysis, statistics, and probability.

– Data-related instruction is in decline. Every state except Alabama reported a decline or stagnant trend in data-related instruction, with some states — like Maryland and Iowa — seeing double-digit drops. The national share of fourth-grade math teachers reporting “moderate” or “heavy” emphasis on data analysis dropped five percentage points between 2019 and 2022.

Read more of this story at Slashdot.

Arlo’s Security Cameras Will Keep Free Cloud Storage For Existing Customers After All

Security camera company Arlo is reversing course on its controversial decision to apply a retroactive end-of-life policy to many of its popular home security cameras. The Verge reports: On Friday, Arlo CEO Matthew McRae posted a thread on Twitter, announcing that the company will not remove free storage of videos for existing customers and that it is extending the EOL dates for older cameras a further year to 2025. He also committed to sending security updates to these cameras until 2026. The end-of-life policy was due to go into effect January 1st, 2023, and removed a big selling point — seven-day free cloud storage — for many Arlo cams. McRae now says all users with the seven-day storage service will “continue to receive that service uninterrupted.” But he did note that “any future migrations will be handled in a seamless manner,” indicating there are changes coming still.

The thread did not provide details on specific models other than using the Arlo Pro 2 as an example of a camera that will now EOL in 2025 instead of 2024, as previously announced, with security updates continuing until 2026. There was also no update on the plans to remove other features, such as email notifications and E911 emergency calling, or whether “legacy video storage” will remain. The EOL policy applied to the following devices: Arlo Gen 3, Arlo Pro, Arlo Baby, Arlo Pro 2, Arlo Q, Arlo Q Plus, Arlo Lights, and Arlo Audio Doorbell.

Read more of this story at Slashdot.

US Military Shoots Down Fourth Flying Object Near Michigan

The U.S. military shot down another high-altitude object Sunday, reports CNN — this one flying
“The operation marks the third day in a row that an unidentified object was shot down over North American airspace.”
Democratic Rep. Elissa Slotkin of Michigan said Sunday that the operation to down the object over Lake Huron was carried out by pilots from the U.S. Air Force and the National Guard…. The object was flying at 20,000 feet over Michigan’s Upper Peninsula and was about to go over Lake Huron when it was neutralized, a senior administration official told CNN on Sunday.

The object was “octagonal” with strings hanging off and no discernable payload, according to the official and another source briefed on the matter. While the U.S. has no indication that the object had surveillance capabilities, that has not been ruled out yet.

Why have so many flying objects been spotted in the last week? The Washington Post says the Chinese spy balloon and subsequently-spotted objects “have changed how analysts receive and interpret information from radars and sensors, a U.S. official said Saturday.”
The official, speaking on the condition of anonymity because of the sensitivity of the issue, said that sensory equipment absorbs a lot of raw data, and filters are used so humans and machines can make sense of what is collected. But that process always runs the risk of leaving out something important, the official said.

“We basically opened the filters,” the official added, much like a car buyer unchecking boxes on a website to broaden the parameters of what can be searched. That change does not yet fully answer what is going on, the official cautioned, and whether stepping back to look at more data is yielding more hits — or if these latest incursions are part of a more deliberate action by an unknown country or adversary….

The official said the current U.S. assessment is the objects are not military threats.

Read more of this story at Slashdot.