This Week Health

Don't forget to subscribe!

I'm sure there will be more stories about Apple's new products than the emergency security update that was released on Monday. BTW, patch your iOS devices and Mac's. But this one just scares me a little.

FTA

Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click.

Apple’s security team had worked around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with an advanced form of spyware from NSO.

The spyware, called Pegasus, used a novel method to invisibly infect Apple devices without victims’ knowledge. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into someone’s device without tipping the victim off.

Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls — even those sent via encrypted messaging and phone apps like Signal — and send them back to NSO’s clients at governments around the world.

----

Invisibly infect the device and get full access, turn on the microphone or camera at will. Seem's like these spy movies aren't too far off.

#healthcare #healthIT #cio #cmio #chime #himss

https://www-nytimes-com.cdn.ampproject.org/c/s/www.nytimes.com/2021/09/13/technology/apple-software-update-spyware-nso-group.amp.html

Transcript

This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

  Today in health IT iPhone exploit is the scariest thing. I've read Patch today. If you haven't already more in a minute. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current and engaged. Coming up, we have a really cool unique view at a ransomware event.

We're gonna do a webinar on October 7th at 11:00 AM Eastern Time. You can sign up on this week, health.com/register, and we are going to be talking to the CIO for Sky Lakes Medical Center. They are the health system that was ransom. We also have the CIO and CISO for Asante Health System, who happens to be their community Connect partner, and we are also gonna have Matt Sickles there.

Who's a cybersecurity first responder for Sirius Healthcare, and we're gonna be talking through their event, trying to get a handle on what it looks like, what it feels like to go through that event and what they have done since, to make sure that they are protected and what they wish they had done prior.

So I think this is a valuable event for anyone who has. Responsibility for protecting an organization. So if you get a chance to sign up this week, health.com/register. All right, here's today's story, and this comes from the New York Times. Title is Apple Issues Emergency Security Updates. I. To close a spyware flaw.

Let me just read you some of this stuff. It is really scary. Apple issued emergency software updates for a critical vulnerability in its products. On Monday, after security researchers uncovered a flaw that allows highly invasive spyware from Israel's NSO group to infect anyone's iPhone, iPad, apple Watch, or Mac computer without so much as a click.

That's right. You don't even have to click on anything, but it can infect your computer. Wait, it gets better. Apple Security team had worked around the clock to develop the fix Since Tuesday after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto discovered that a Saudi activist activist's iPhone had been infected with an advanced form of spyware from NSO.

The spyware called Pegasus used a novel method to invisibly infect apple devices without victims' knowledge known as a zero click remote exploit. It is considered the holy grail of surveillance because it allows governments, mercenaries, and criminals to secretly break into someone's suffice without

Tipping the victim off using a zero click infection method. Pegasus can turn on a user's camera, microphone, record messages, texts, emails, calls, even those sent via encrypted messaging and phone apps like Signal and send them back to NSOs. Clients at governments around the world. The spyware can do everything an iPhone user can do on their device and more said John Scott Walton, a senior researcher at Citizen Lab who teamed up with Bill Marza, a senior research fellow at Citizen Lab on the finding.

It goes on. Let me give you a couple more things and then we'll talk about the so what The discovery means that more than 1.65 billion apple products in use worldwide have been vulnerable to NSOs spyware since at least March. It signals a serious escalation in the cybersecurity arms race with governments willing to pay whatever it takes to spy on digital communications on mass.

And with tech companies, human rights activists, and others racing to uncover and fix the latest vulnerabilities that enable such surveillance. On Monday, Yvonne Stic, Apple's head of Security engineering and Architecture commended citizen lab for findings and urge customers to run the latest software updates.

For the fixes to take effect by installing iOS 14.8 Mac OSS 11.6 and watch OSS 7.6 0.2. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. Mr. Christi said. Apple has said it. Plans to introduce new security defenses for iMessage.

Apple's texting application in its next iOS 15 software update expected later this year. NSO did not immediately respond to inquiries on Monday. NSO has long, drawn controversy. The company has said that its sell, its spyware only to governments. That meet strict human rights standards and that it expressly requires customers to agree to use its spyware only to track terrorists or criminals.

But over the past six years, NSOs, Pegasus Spyware has turned up on phones of activists, dissidents, lawyers, doctors, nutritionists, and even children in countries like Saudi Arabia and. The UAE and Mexico. That's probably enough of the story. What's the, so what you know today should have been a day when we were talking about all the new iPhone releases and the iPad releases and all those kind of things, and I did watch the event.

It was interesting and there was some interesting new features that are gonna be on the. Phones and on the iPads and other things. So you'll wanna check those things out. Nothing earth shattering, but you know, again, good movement, good progress. But on a day when the news cycle should be filled with those kinds of stories instead, this is in the New York Times, what's the so what on this?

The, so what obviously is the patch, your iPhone, your iPad, your, your Mac immediately? And what is the relevance to health it? You might ask . I, I think the relevance is you have to tell your people to patch their phones and their other iOS devices, and remember that cybersecurity requires a multifaceted approach.

Many of the devices that can be compromised by this exploit are no longer corporate assets, but they still represent risk to the organization. The devices that your people carry, regardless of ownership, fall into your area of responsibility to secure them and protect them. Crazy. . Yeah, I know it's crazy, but those are the times that we live in.

That's all for today. If you know of someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com, or wherever you listen to podcasts. Apple, Google Overcast, Spotify, Stitcher, you get the picture. We are everywhere. We wanna thank our channel sponsors who are investing in our mission to develop the next generation of health leaders.

VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks. Thanks for listening. That's all for now.

Thank You to Our Show Sponsors

Our Shows

Today In Health IT with Bill Russell

Related Content

1 2 3 282
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved