ONEREP Conspiracy, Chrome Phishing Protection, and Medical Device Vulnerabilities

The Daily Decrypt
The Daily Decrypt
ONEREP Conspiracy, Chrome Phishing Protection, and Medical Device Vulnerabilities
Loading
/

In this episode, we dissect the unexpected connections of Onerep.com‘s founder with the people-search industry, explore Google Chrome’s upcoming real-time phishing protection, and unravel the cybersecurity concerns plaguing medical devices as per Claroty’s latest research. Dive into the complexities of ensuring data privacy, the innovative steps taken by Google to balance security with user privacy, and the urgent cybersecurity measures needed in the healthcare sector.

Sources:

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags: cybersecurity, data privacy, Google Chrome, phishing protection, medical devices, healthcare security, Onerep.com, endpoint protection, known exploited vulnerabilities, Claroty, network segmentation, secure remote access

Search Phrases:

  • cybersecurity updates and insights
  • data privacy company controversy
  • Google Chrome real-time phishing protection
  • medical device cybersecurity risks
  • Onerep.com founder’s background
  • protecting healthcare networks from cyber threats
  • endpoint protection in medical devices
  • addressing known exploited vulnerabilities in healthcare
  • network segmentation for medical device security
  • secure remote access strategies for healthcare
  • latest cybersecurity trends and solutions
  • Claroty’s research on medical device vulnerabilities

Transcript:

[00:00:00] offsetkeyz: Google is updating Chrome with real time phishing and malware protection that enhances security for all users without compromising their privacy.

I’m offsetkeyz and you’re listening to the Daily Decrypt. Research from Krebs on Security reveals that OneRep. com, a company that offers to remove personal information from people search websites, was founded by Dimitri Shellest, who has previously launched numerous people search services.

Does OneRep. com have connections to the very people search firms it claims to protect against?

And research from Clarity reveals that only 13 percent of medical devices support endpoint protection agents, exposing a vast majority to cyber risks with 23 percent harboring at least one known exploited vulnerability. How does this affect patient safety and healthcare operations? [00:01:00]

[00:01:03] offsetkeyz: Onerep. com is a company that marks itself as a As a guardian of data privacy, promising to erase personal information from a vast network of people search websites. However, recent investigations have unveiled that this Virginia based entity is in fact operating from Belarus and Cyprus, and is led by Dimitri Shalest, who is deeply entwined in the very industry he claims to protect against.

OneRep. com charges individuals and families a fee to remove their data from nearly 200 people search websites, while also extending its services to corporations, offering them the ability to continuously cleanse their employees data from these platforms. So despite its proclaimed mission, the company’s background paints a contradictory picture.

Celeste, the CEO, is not just linked to, but has founded numerous people search services globally.

So there’s a lot of deception going on here. Firstly, that it’s marketing itself as a Virginia based [00:02:00] company, when in reality it’s operating out of Belarus and Cyprus. And it’s marketing to remove your data from search websites, while the owner also owns search websites.

What’s interesting about these sites is, in order to find the information that they’re trying to remove, they need to gather all the information that they want to find. So I recently signed up for a site that I won’t mention, but it’s not OneRep. And in order for them to go and hunt down my information, I needed to provide them with all my information.

And this was over a year ago, and it felt pretty weird, but I thought, hey, I’ll give it a shot. And, you know, turns out it did actually reduce the amount of spam calls I was getting, junk email that I was getting, and hopefully improved my privacy online. But, yeah, There’s something weird about providing this company with all of my data in order to go remove it from the web.

So this CEO [00:03:00] likely has realized how much data these companies get and is in turn just charging people and in turn is making money while also bolstering his people search websites with the data that you freely provided to him.

So hey, hats off to this Dimitri guy, but your jig is up, so sucks to suck, honestly.

[00:03:24] transition: Do, do, do, do, do, do.

[00:03:30] offsetkeyz: Some recent research by Clarity reveals that only 13 percent of medical devices are capable of supporting endpoint protection agents. Highlighting a significant cybersecurity gap within healthcare networks. This vulnerability is compounded by findings that 63 percent of known exploited vulnerabilities tracked by the Cybersecurity and Infrastructure Security Agency, or CISA, are present on these networks.

With 23 percent of medical devices, including crucial imaging, clinical [00:04:00] IOT, and surgical equipment, this are harboring at least one known exploitable vulnerability.

So that’s almost one in four medical devices are vulnerable to something that’s exploitable. And this is just a reminder that there are multiple types of vulnerabilities, but the ones that are exploitable, well all vulnerabilities are exploitable, but what this is referring to is ones that are actively exploited.

Like, I could go on Google with that medical device name and Google would return its exploits and vulnerabilities. Like, it’s not that complicated.

And many of you might be wondering, What is endpoint protection? Well, an endpoint is the device itself and protection is like what in the 90s we would call antivirus or whatever, like Norton. Every Windows 95 computer came with Norton. That’s sort of endpoint protection, but it’s essentially, yeah, just blocking things that shouldn’t be [00:05:00] accessing the device.

and it stores a dictionary of known signatures of threats and malwares and potentially unwanted applications and, and things that are launching code and, and all these things. It’s, it’s going to block things that you don’t want on these devices.

So without endpoint protection, medical devices are way more susceptible to malware and ransomware and cyber threats. Which can be exploited to gain unauthorized access, which could be exploited to steal patient data or disrupt medical services, maybe even tamper with the results. Giving inaccurate results would reduce credibility.

Lots of things that maybe not your everyday attacker would want to do, but maybe a nation state actor would want to do like. Cyber enemies like Russia and China.

These vulnerabilities can also put healthcare services in risk of compliance. [00:06:00] Which just causes way more headaches. And the system here in America is already pretty bogged down, we don’t need any more headaches. So this is just to add to the increasing need for cyber security in the healthcare industry.

We’re seeing these megacorporations get breached by ransomware, shutting down services to people who need healthcare services. And look, threat actors know that there’s one thing that anybody on the planet will pay for, and that’s their life. Which means it’s very exploitable.

So there’s no excuse for these devices to be less secure than my iPhone.

I’m really hoping for a shift towards healthcare security. And there, of course, are some challenges to some of these devices. They don’t have the computing power. They don’t have X, Y, and Z. But some of them, like pacemakers and stuff, I’m are directly tied to your life. If that’s hacked, they can be shut off, and so can your [00:07:00] heart.

Like, that’s pretty crazy. So,

there’s a lot of money to be had in healthcare, if you’ve listened to any of my previous episodes. Tons of money.

It’s one of the top industries in America, yet it’s one of the least secure. So, something’s gotta give, alright?

[00:07:25] offsetkeyz: And finally, Google is set to enhance its Chrome browser with an update that introduces real time phishing and malware protection for all users, aiming to improve security without compromising privacy. This update is building off of Google’s Safe Browsing feature, which was launched in 2005. And that feature protects users from web based threats by blocking malicious domains.

So unlike the current system which updates its list of dangerous URLs every 30 to 60 minutes, the new real time capability will allow Google to check sites against its server side list [00:08:00] instantaneously. This change is expected to increase the efficiency of blocking phishing attempts by 25 percent.

That’s pretty huge. There’s a lot of stuff that can be done to prevent phishing. This is gonna be great. The technology behind this allows for a much speedier and wider net to be cast.

Which might not be a perfect solution now, noting that it’s only about 25 percent increase, but it does open the door to a more robust solution. And I think there could be different levels that the user can opt into. For example, like, at my place of work, I tried to navigate to dailyDecrypt. com, but being that the podcast is less than a couple months old, the website is also less than a couple months old, and my workplace just blocks new websites. Like, hey, that’s a Marvel idea! At least throw up a banner if the website you’re trying to navigate to is less than a month or two months old.

[00:09:00] Like, hey, you’re navigating to a brand new website. Is this intentional? Because, hey, attacks aren’t very long run until they’re figured out and the website’s shut down. So most websites that contain phishing are pretty new. So that would be great if Google had something like that.

Now I’m sure there are a lot of smaller companies that provide these services to IT departments that would be pretty bummed by Google taking this and making it free. And there is no such thing as free. Google’s gonna get their money through your data,

which turns out you can’t remove using services like OneRep.

But hey, sorry to the smaller companies. If the bigger companies are gonna come in and do it better, That’s capitalism. We need safety. So, hats off to Google. Let’s keep it up. Let’s make this more robust. And, frickin stop phishing in its tracks, alright?

Alright, but that’s [00:10:00] all I got for you today. Happy Friday. We’ve tried out a couple new things this week, like getting rid of the super seductive AI announcer at the beginning, so Let us know if you miss him. Or if you’re glad that he’s gone, I miss him a little, but I think it takes away from the episode introduction.

[00:10:20] offsetkeyz: So I’m giving it a shot, but let, let me know if you want to hear more hot girl farmer, if you want to hear more dialogue, if you want to hear more expert guests, um, I’ve got some interest from across the industry and in appearing on this podcast, but I’m not quite sure how to weave them in. So literally any suggestion, if you want to be on this podcast, If you find value in this podcast, I’d love to hear from you.

I’ve heard from a few people that I haven’t heard from in years or ever saying they’re enjoying it and that really helps keep it going. You know, I’m reaching the point where without little dopamine hits, it’s harder and harder to keep going. So anything you can throw at me is greatly appreciated. I hope you have a great weekend and [00:11:00] we will talk to you on Monday.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.