Results 1 to 5 of 5

Thread: Dark Angel Medical email hacked

  1. #1
    Join Date
    Oct 2006
    Location
    Alexandria, VA
    Posts
    5
    Feedback Score
    8 (100%)

    Dark Angel Medical email hacked

    Just received an email from Dark Angel with links to anti Trump CNN content. Dark Angel assures me they were hacked and would never send garbage like that to their customers

  2. #2
    Join Date
    Apr 2007
    Location
    Texas
    Posts
    10,566
    Feedback Score
    43 (100%)
    Kerry is a really, really good dude, and I believe him.

    Without going way off into the weeds, you can do some web searches on "Chinese APT41 watering hole attack". This is happening right now at a rate no one has ever seen before.

    Basically, Chinese government-sponsored hackers are putting malicious software onto reputable sites. You go visit a perfectly normal website, and you get a hacker payload installed on your machine.

    Somebody then uses those creds to log into a web portal. Or logs into your bank account and transfers all your money.

    I'm not saying Chinese President Ji sat down and sent that email, but Kerry's explanation makes perfect sense. He's a really good guy, and one of the two best medical trainers I know.

    Computer Nerditry is my business.

  3. #3
    Join Date
    Aug 2009
    Location
    Central PA
    Posts
    363
    Feedback Score
    16 (100%)
    This might explain an email I received on my work account after visiting there. Thanks for the info.
    Open the pig!

  4. #4
    Join Date
    Apr 2007
    Location
    Texas
    Posts
    10,566
    Feedback Score
    43 (100%)
    Quote Originally Posted by TommyG View Post
    This might explain an email I received on my work account after visiting there. Thanks for the info.
    Yup, be really careful with a work laptop. Not everyone's company uses the same methods to control access to external web pages. Some use what is called a "split-tunnel VPN". In layman's terms, it does not offer as much protection when you go visit and external website.

    It is a really good idea to only use a company asset to visit corporate resources as much as possible. If you want to dive deep into the weeds, start looking at Multi-Factor Authentication, Zero Trust Models, Tiered Access and Privileged Account Management.

    Sigh - guess what I do all day?

  5. #5
    Join Date
    Aug 2009
    Location
    Central PA
    Posts
    363
    Feedback Score
    16 (100%)
    Quote Originally Posted by SeriousStudent View Post
    Yup, be really careful with a work laptop. Not everyone's company uses the same methods to control access to external web pages. Some use what is called a "split-tunnel VPN". In layman's terms, it does not offer as much protection when you go visit and external website.

    It is a really good idea to only use a company asset to visit corporate resources as much as possible. If you want to dive deep into the weeds, start looking at Multi-Factor Authentication, Zero Trust Models, Tiered Access and Privileged Account Management.

    Sigh - guess what I do all day?
    It was my personal phone which has a work email account. They had us install some sort of mobile management software so I may show a work IP address when I browse on my personal phone. I don’t even Google things I need for work with their laptop. I wish I didn’t need them in my phone but it lets me remotely manage my team and handle after hours issues.

    I don’t know if I can add anything to what they have installed to beef up security even further.
    Last edited by TommyG; 03-29-20 at 08:24.
    Open the pig!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •