What is a JSON feed? Learn more

JSON Feed Viewer

Browse through the showcased feeds, or enter a feed URL below.

Now supporting RSS and Atom feeds thanks to Andrew Chilton's feed2json.org service

CURRENT FEED

Cyber Security & Privacy News | Hippogriff LLC

Every week Hippogriff shares some of the most alarming data breach and privacy infringing occurrences throughout the world. Keep stopping by to see the most recent entries.

A feed by Wizards that are not wee at work...

XML


Accidental Disclosures of PHI at Los Angeles Fire Department and Standard Modern Company

Permalink - Posted on 2021-07-30 15:00

The Los Angeles Fire Department has discovered the COVID-19 vaccination statuses of 4,900 employees has been accidentally exposed online. A list that included the full names of employees, dates of birth, employee numbers, and COVID-19 vaccination information (vaccination dates, doses, or declined vaccine) had been published on a website accessible to the public. During the time that the website was active, it was possible to visit the site and conduct searches of the database for names and employee numbers. The database was not password protected and no information had to be entered to authenticate users. If a wildcard search was conducted, a table was generated that listed the data of all 4,900 employees.


More Than 447K Patients Affected by Phishing Attack on Orlando Family Physicians

Permalink - Posted on 2021-07-30 15:00

Email accounts containing the protected health information of 447,426 patients of Orlando Family Physicians in Florida have been accessed by an unauthorized individual. Orlando Family Physicians said the first email account was compromised on April 15, 2021 as a result of an employee responding to a phishing email and disclosing their account credentials.


South Africa: Blood Service Hit by Cyber Attack

Permalink - Posted on 2021-07-30 15:00

The Western Cape Blood Service (WCBS) has confirmed its information systems have been hit by a cyberattack. The non-profit regional health organisation collects blood from voluntary blood donors in the Western Cape and provides safe blood products and services to the community. In response to questions on Facebook about the exposure of personal information, WCBS said it was still investigating the extent of the attack and would communicate once it had learned more. The WCBS attack comes a week after the IT applications of Transnet Port Terminals were disrupted by a ransomware attack.


North Carolina: Sandhills Center Sees Exfiltration of 634 GB of Files

Permalink - Posted on 2021-07-30 14:00

Sandhills Center in North Carolina manages public mental health, intellectual/developmental disabilities and substance use disorder services for the citizens of Anson, Guilford, Harnett, Hoke, Lee, Montgomery, Moore, Randolph and Richmond counties. As a publicly-funded Local Management Entity-Managed Care Organization (LME-MCO), Sandhills Center does not provide services directly, but describes itself as an agent of the North Carolina Department of Health & Human Services (NCDHHS). On some date unknown to DataBreaches.net, Sandhills Center was allegedly hacked by threat actors who claim to have exfiltrated 634 GB of data. The incident is posted on a web site run by “Marketo,” who auction or sell data from incidents.


Canada: Prisoners at Mission Institution Sue Authorities Over Alleged Privacy Breach

Permalink - Posted on 2021-07-30 14:00

The 47 prisoners say that from about April 2020 to July 2020 employees and servants of the federal medium and minimum security prison posted notices on a food services cart or multiple food services carts containing personal and medical information. They say the info included their names, fingerprint serial numbers and cell numbers, as well as prescription medications including methadone or suboxone, and any dietary or allergy restrictions.


California: City of Grass Valley Among Latest Local Governments Hit by Cyberattack

Permalink - Posted on 2021-07-30 14:00

Cybercriminals recently struck the City of Grass Valley with a ransomware attack that has many asking questions. Grass Valley isn’t the first city in the region to become targets, and likely won’t be the last. Though, it came as a surprise to some community members that the city decided to pay the attacker’s ransom. The City of Grass Valley wouldn’t release how much the ransom was that they paid, or how much their insurance policy is – concerned about another attack in the future. Though, they did say the city has a $50,000 deductible.


Amazon Gets $888 Million GDPR Fine for Behavioral Advertising

Permalink - Posted on 2021-07-30 14:00

Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising. The fine was issued by Luxembourg's Commission nationale pour la protection des données (CNPD), an independent public agency established to monitor the legality of the collection and use of personal information. In an SEC Form 10-Q filed today, Amazon states that this massive fine came out of CNPD in July 2021, which fined them for improper processing of personal data.


Canada: Calgary's Parking Authority Exposed Drivers' Personal Data and Tickets

Permalink - Posted on 2021-07-29 15:00

If you parked your car in one of the thousands of parking spots across Calgary, there’s a good chance you paid the Calgary Parking Authority for the privilege. But soon you might be hearing from the authority after a recent security lapse exposed the personal information of vehicle owners. The parking authority oversees about 14% of the paid parking spots in the Calgary region, and lets drivers pay to park their cars by a parking kiosk, online, or through the phone app by entering their vehicle’s license plate number and payment details. But a logging server used to monitor the authority’s parking system for bugs and errors was left on the internet without a password. The server contained computer-readable technical logs, but also real-world events like payments and parking tickets that contained a driver’s personal information. A review of the logs by TechCrunch found contact information, like driver’s full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses — which included license plates and vehicle descriptions — and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates. None of the data was encrypted.


Estonia: Hacker Downloads Close to 300,000 Personal ID Photos

Permalink - Posted on 2021-07-29 15:00

A hacker was able to obtain over 280,000 personal identity photos following an attack on the state information system last Friday. The suspect is reportedly a resident of Tallinn. The culprit had already obtained personal names and ID codes and was able to obtain a third component, the photos, by making individual requests from thousands of IP addresses.


Unknown Number of British Columbians' Personal Information for Sale Online After Health Company Extorted

Permalink - Posted on 2021-07-29 15:00

CTV News has learned the personal information of British Columbians has been leaked online, with an unknown number of people and agencies potentially still vulnerable, after a data breach at a mental health services provider. Homewood Health, headquartered in Ontario with services and contracts across Canada, acknowledges it was hacked earlier this year and has recently begun contacting affected companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. CTV News has confirmed at least some of the information leaked online is authentic, though the bulk of the data is still on the auction block at Marketo, a site that describes itself as a "leaked data marketplace."


Average Tme to Fix High Severity Vulnerabilities Grows from 197 Days to 246

Permalink - Posted on 2021-07-29 15:00

According to NTT Application Security researchers, the time to fix vulnerabilities has dropped 3 days, from 205 days to 202 days. The average time to fix is 202 days, the report found, representing an increase from 197 days at the beginning of the year. The average time to fix for high vulnerabilities grew from 194 days at the beginning of the year to 246 days at the end of June. Remediation rates have also decreased across all vulnerability severities, with rates for critical vulnerabilities falling from 54% at the beginning of the year to 48% at the end of June. Rates for high vulnerabilities decreased from 50% at the beginning of the year to 38% at the end of June.


Chipotle's Marketing Account Hacked to Send Phishing Emails

Permalink - Posted on 2021-07-29 15:00

Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links. Most of the messages directed users to credential-harvesting sites impersonating services from a financial business and Microsoft.


McLaren Health Care and Greenwood Leflore Hospital Impacted by Elekta Ransomware Attack

Permalink - Posted on 2021-07-28 15:00

McLaren Health Care Corporation (MHCC), the operator of 15 hospitals and over 100 primary care locations in Michigan and Ohio, has announced the protected health information of 64,600 of its cancer patients may have been compromised in a ransomware attack on vendor Elekta Inc.


Northern Ireland Suspends Vaccine Passport System After Data Leak

Permalink - Posted on 2021-07-28 15:00

Northern Ireland's Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification online service following a data exposure incident. Some users of the COVIDCert NI service were presented with data of other users, under certain circumstances, says the Department. This data incident comes at a time when there's much scrutiny and worry concerning COVID-19 vaccine passports among some members of the public.


Average Organization Targeted by Over 700 Social Engineering Attacks Each Year

Permalink - Posted on 2021-07-28 15:00

Barracuda analysts examined more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organizations between May 2020 and June 2021. The "Spear Phishing: Top Threats and Trends Vol. 6 -- Insights" report found that 43% of phishing attacks impersonate Microsoft and the average organization is targeted by over 700 social engineering attacks each year. Nearly 80% of BEC attacks target employees outside of financial and executive roles, with the average CEO receiving 57 targeted phishing attacks each year and IT staffers getting an average of 40 targeted phishing attacks annually. Cryptocurrency-related attacks also grew 192% between October 2020 and April 2021, and the researchers noted that the number of attacks rose alongside the general price of various cryptocurrencies. Almost 50% of all socially engineered threats the company saw over the past year were phishing impersonation attacks, and nearly all included a malicious URL.


Misconfigured Azure Blob at Raven Hengelsport Exposed Records of 246,000 Anglers

Permalink - Posted on 2021-07-28 15:00

Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. The unsecured Azure Blob Storage server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was spotted by the security arm of antivirus review site SafetyDetectives in early March.


Enterprise Data Breach Cost Reached Record High During COVID-19 Pandemic

Permalink - Posted on 2021-07-28 15:00

The average cost of a data breach has now reached over $4 million, hitting a record high during the COVID-19 pandemic. On Wednesday, IBM Security released its annual "Cost of a Data Breach" report, which estimates that in 2021, a typical data breach experienced by companies now costs $4.24 million per incident, with expenses incurred now 10% higher than in 2020 when 1,000 -- 100,000 records are involved. So-called "mega" breaches impacting top enterprise firms responsible for the exposure of between 50 million and 65 million records now also come with a higher price tag -- reaching an average of $401 million to resolve.


Judson ISD's Ransomware Nightmare Won't Be Cheap

Permalink - Posted on 2021-07-27 15:00

Judson Independent School District hasn’t escaped from its ransomware attack nightmare yet. And Bexar County’s fourth largest school district’s confusing updates are making a frustrating situation harder for its 26,600 students and staff. On June 17, the Northeast Side district announced its communications and computer systems had been hobbled by hackers. Not long after that, Judson officials set up alternate e-mail, phone and internet connections. Similar attacks over the last year have cost much smaller Texas school districts between $50,000 and $2.3 million each, and cyber experts say that’s only the beginning. Besides ransom, each attack costs exponentially more when you consider the response, remediation, recovery and upgrade costs. In Maryland, a ransomware attack in November cost Baltimore County Public Schools an estimated $8.1 million. The district released a spreadsheet breaking down the costs in May. The district’s initial emergency recovery cost $2 million, with longer-term upgrades exceeding $6 million. Its estimates not only included the technology costs, but also the various costs associated with the breach, such as consulting, public relations, legal fees and negotiation services. The district only recovered a portion of the $2 million initial response costs from insurance. And, interestingly, the Baltimore County Public Schools never disclosed whether it paid a ransom. If it paid a ransom, the actual cost is likely higher than $8.1 million.


South Africa's Port Terminals Still Disrupted Days After Cyber Attack

Permalink - Posted on 2021-07-27 15:00

South Africa's state-owned logistics firm said Tuesday it was working to restore systems following a major cyber-attack last week that hit the country's key port terminals. The attack began on July 22 but continued, forcing Transnet to switch to manual systems, it said. In a letter to its customers dated Monday, the company declared a force majeure -- a clause that prevents a party from fulfilling a contract because of external and unforeseen circumstances. It said it had "experienced an act of cyber-attack, security intrusion and sabotage, which resulted in the disruption of... normal processes and functions." The attack has affected ports in Durban -- the busiest in sub-Saharan Africa -- as well as Cape Town, Port Elizabeth and Ngqura, Transnet said in the "confidential" notice seen by AFP on Tuesday.


HP Finds 75% of Threats Were Delivered by Email in First Sx Months of 2021

Permalink - Posted on 2021-07-27 15:00

According to the latest HP Wolf Security Threat Insights Report, email is still the most popular way for malware and other threats to be delivered, with more than 75% of threats being sent through email messages. The report -- covering the first half of 2021 -- is compiled by HP security analysts based on customers who opt to share their threat alerts with the company. HP's researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools are able to solve CAPTCHA challenges using computer vision techniques. Some of the most targeted sectors include manufacturing, shipping, commodity trading, maritime, property and industrial supplies.


Indonesia's BRI Life Probes Reported Data Leak of 2 Million Users

Permalink - Posted on 2021-07-27 15:00

BRI Life, the insurance arm of Indonesia's Bank Rakyat Indonesia said on Tuesday it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers. Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found evidence which showed that multiple computers belonging to BRI and BRI Life employees had been compromised. In a post on the RaidForums website earlier on Tuesday, an unnamed user said they were selling a collection of 460,000 documents compiled from the user data of over two million BRI Life clients for $7,000. The post was accompanied by a 30 minute video of the documents, which included bank account details, as well as copies of Indonesian identification cards and taxpayer details.


Florida DEO Discloses Data Breach Affecting 58,000 Accounts

Permalink - Posted on 2021-07-27 15:00

Florida's Department of Economic Opportunity (DEO) has disclosed a data breach that affected its unemployment benefits system and targeted 57,920 claimant accounts. The breach affected accounts within the Reemployment Assistance Claims and Benefits Information System, commonly known as CONNECT, officials wrote in a July 23 letter to those affected. Personal information may have been taken from DEO between April 27, 2021, and July 16, 2021, when officials reportedly learned of the incident, the letter states. Information inside the accounts that may have been accessed includes Social Security number, driver's license number, bank account numbers, claim information, and other personal data including address, phone number, and date of birth. Attackers may have also accessed the PIN used to access the CONNECT account.


77% of Organizations Are Unable to Access Systems or Networks Post-Ransomware Attack

Permalink - Posted on 2021-07-27 15:00

New data from Keeper Security’s 2021 Ransomware Impact Report highlights some of the forgotten impacts to an organization’s productivity post-attack: Over three-quarters (77%) were unable to access needed systems or networks; 28% of outages lasted over a week; 26% of organizations were unable to fully perform job duties for at least a week; 33% faced difficult learning curves around new protocols; 21% were unable to access online tools and applications normally used; 36% of user had limited access to IT support for non-security related issues


36% of Organizations Suffered a Serious Cloud Security Data Leak or a Breach in the Past Year

Permalink - Posted on 2021-07-27 15:00

The primary causes of cloud misconfiguration cited are too many APIs and interfaces to govern (32%), a lack of controls and oversight (31%), a lack of policy awareness (27%), and negligence (23%). 21% said they are not checking Infrastructure as Code (IaC) prior to deployment, and 20% aren’t adequately monitoring their cloud environment for misconfiguration.


Cyber Attack Shuts Down Services in Greece's Second-Largest City

Permalink - Posted on 2021-07-26 15:00

Deputy Mayor of Business Planning, e-Government and Migration Policy Giorgos Avarlis saying the city – Greece's second-largest - closed its services and web applications, “so that proper investigations can be carried out and we do not risk being attacked again,” with no report what kind of defenses it has. Speaking to local radio, Avarlis said that a malicious virus had been installed, with hackers asking for a “ransom” to “unlock” the files, although it wasn't said how much or if he was paid.


Paperwork Containing PHI of Oklahoma Heart Hospital Patients Accidentally Donated to Charity

Permalink - Posted on 2021-07-26 15:00

Oklahoma Heart Hospital has started notifying certain patients about a privacy incident in which paperwork containing limited patient information was accidentally donated to charity. The notes included information such as patients’ names, medical record numbers, OHH visit numbers, dates of birth, ages, admit dates, genders, and clinical information consisting of diagnosis, lab results, medications and/or treatment information.


Check Point Reports 93% Surge in Smart Ransomware Attacks Over Past Year

Permalink - Posted on 2021-07-26 15:00

Israel’s Check Point Software Technologies Ltd., a maker of cybersecurity firewalls, said Monday that it is seeing a 93% surge in global ransomware attacks, as large scale, multi-vector attacks that infect multiple components are the “new norm.” Generation V attacks, which two years ago were considered rare, have become extremely common today, Shwed said at a press conference in Tel Aviv while presenting the financial results. Gen V attacks are large scale, multi-vector attacks, aimed at infecting a number of components, including networks, the cloud, and all kinds of connected devices.


First Came the Ransomware Attacks, Now Come the Lawsuits

Permalink - Posted on 2021-07-26 15:00

Another lawsuit filed against Colonial in Georgia in May seeks damages for consumers who had to pay higher gas prices. A third is in the works, with law firm Chimicles Schwartz Kriner & Donaldson-Smith LLP pursuing a similar effort. And Colonial isn’t the only company being sued. San Diego-based hospital system Scripps Health is facing class-action lawsuits stemming from a ransomware attack in April. Cybersecurity lapses at major companies have led to class-action lawsuits and settlements in the hundreds of millions of dollars. Retailer Target paid $10 million to consumers and $39 million to banks after hackers broke into its systems and stole personal information in 2013. Home Depot brokered a similar settlement with shoppers who had their credit card information stolen from the home improvement store’s computers.


Florida Heart Associates Recovering from Ransomware Hack

Permalink - Posted on 2021-07-26 15:00

It's a sticky situation that the CEO of Florida Heart Associates, Todd Rauchenberger, tells FOX 4 the company found itself in, in May. They ultimately chose not to pay and were able to get control back, but not before hackers took down their phone lines and essentially destroyed their entire system. The family of an FHA patient says they've been trying to get their loved one seen by a doctor for months. "You can't get in to get an appointment," said Brittany Wallace, "No one ever called and then we get a letter in the mail a couple of weeks after that stating that patients' information was [exposed] or that their system was hacked." And Wallace says the hack came at scary time. "One of his important medications that he didn't have any refills on was about to run out," he said. FHA tells FOX 4 that they've lost staff as a result of the hack and only just got their phones back online. In all, they estimate that they're operating at about 50 percent right now.


Tokyo 2020 Hit by Data Breach

Permalink - Posted on 2021-07-26 15:00

The user names and passwords of Tokyo 2020 Olympic Games ticket holders and event volunteers were reportedly leaked online, a Japanese government official said last week. The official told Kyodo news agency on condition of anonymity that the stolen credentials could be used to log on to websites for volunteers and ticket holders, compromising personal data such as names, addresses and bank account numbers.


California Breach Regulations and Definitions Expand

Permalink - Posted on 2021-07-23 15:00

California clinics, health facilities, home health agencies, and licensed hospices required to report breaches to the California Department of Public Health (CDPH) under California’s Health and Safety Code Section 1280.15 (Section 1280.15) are now subject to a new set of regulations. Section 1280.15, which has been in effect for a number of years, requires certain licensed California health care facilities to “prevent unlawful or unauthorized access to, and use or disclosure” of medical information and report any unlawful or unauthorized access, use, or disclosure of a patient’s medical information to the CDPH and the patient no later than 15 business days after discovery. The new regulations implementing Section 1280.15 expand the exceptions to the breach notification reporting requirement, impose requirements for the type of information that must be submitted to the CDPH in the event of a breach, and clarify the penalties available in the event of a violation of the regulations. This alert outlines the major takeaways from these new regulations and how they may affect California health care facilities moving forward.


AIG Unit Must Defend Texas Retailer in Data Breach Case

Permalink - Posted on 2021-07-23 15:00

A federal appeals court reversed a lower court Wednesday and ruled an American International Group Inc. unit is obligated to defend a retailer in connection with a data breach. Houston-based Landry’s Inc., which operates retail properties including restaurants, hotels and casinos, discovered a data breach that occurred between May 2014 and December 2015 that involved the unauthorized installation of a program on its payment processing devices, according to Wednesday’s ruling by the 5th U.S. Circuit Court of Appeals in New Orleans in Landry’s Inc. v. The Insurance Co. of the State of Pennsylvania. Over about a year-and-a-half, the program retrieved personal information from millions of credit cards and at least some of that information was used to make unauthorized charges, the ruling said. The issue led to litigation between Landry’s and its credit card processor, Paymentech LLC, a unit of JPMorgan Chase Bank N.A. Paymentech alleged Landry’s was obligated to pay it $20.1 million.


Fear Patient Data May Have Been Stolen from Auckland DHBs

Permalink - Posted on 2021-07-23 15:00

A data breach may have occurred at the organisation that provides health IT services to more than a third of the country, amid growing indications of a serious cyber-security incident. A spokeswoman for the Office of the Privacy Commissioner said it was notified by Counties Manukau DHB of a possible data breach on Wednesday. The notification was made by the DHB on behalf of HealthAlliance, which also provides the IT services used by Auckland, Waitemata and Northland district health boards.


CaptureRx Facing Multiple Class Action Lawsuits Over Ransomware Attack

Permalink - Posted on 2021-07-23 15:00

The healthcare administrative services provider CaptureRx is facing multiple class action lawsuits for failing to protect patient data, which was obtained by unauthorized individuals in a February 2021 ransomware attack. NEC Networks, doing business as CaptureRx, provides IT services to hospitals to help them manage their 340B drug discount programs. Through the provision of those services, CaptureRx is provided with the protected health information of patients. Around February 6, 2021, CaptureRx identified suspicious activity in some of its IT systems, which included the encryption of files. The investigation confirmed that files containing the protected health information of 2,400,000 or more patients were compromised in the attack.


Connecticut Enacts Safe Harbor from Punitive Damages in Data Breach Cases

Permalink - Posted on 2021-07-23 15:00

Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity program that meets certain requirements. Cyberattacks are on the rise – think Colonial Pipeline, Kaseya, JBS, and others – with ransomware attacks up 158 percent from 2019-2020 in North America. The hope is this law will provide covered entities of all sizes an incentive to implement stronger controls over their information systems.


Office Douments Deliver 43% of All Malware Downloads

Permalink - Posted on 2021-07-23 15:00

Malware delivered over the cloud increased by 68% in Q2, according to data from cybersecurity firm Netskope. The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter. The report noted that cloud storage apps account for more than 66% of cloud malware delivery.


Uber Found to Have Interfered with Privacy of Over 1 Million Australians

Permalink - Posted on 2021-07-23 15:00

Australian Privacy Commissioner has ordered Uber to comply with Australian Privacy Principles after finding the tech giant interfered with the privacy of 1.2 million Aussies when it suffered a data breach, and covered it up, back in 2016.


German Pharmacies Stop Issuing COVID Vaccine Passes After Security Breach

Permalink - Posted on 2021-07-23 15:00

German pharmacies have stopped issuing digital COVID-19 vaccination certificates after hackers created passes from fake outlets, the industry association said on Thursday, the latest blow to the inoculation drive. Germans who have been fully vaccinated are entitled to a certificate which allows them more freedoms, especially to travel. Pharmacies and vaccination centres issue them. The German Pharmacists' Association (DAV) said hackers had managed to produce two vaccination certificates by accessing the portal and making up pharmacy owner identities. DAV were alerted to the fact by the Handelsblatt newspaper.


U.K. Firearms Sales Website's CRM Database Breached

Permalink - Posted on 2021-07-23 15:00

Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The Guntrader breach earlier this week saw the theft of a SQL database powering both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The database contains names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords. It is a severe breach of privacy not only for Guntrader but for its users: members of the UK's licensed firearms community.


TikTok Fined €750,000 for Violating Children's Privacy

Permalink - Posted on 2021-07-23 15:00

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in the Dutch language, making it difficult for young children to understand what would happen to their data. The fine stems from a wider investigation that has now been passed to the Irish Data Protection Authority. When the investigation started, TikTok had no European headquarters and could be investigated by any national authority.


UPMC Settles Employee Data Breach Lawsuit for $2.65 Million

Permalink - Posted on 2021-07-22 15:00

UPMC has proposed a $2.65 million settlement to resolve a data breach lawsuit filed by employees affected by a February 2014 data breach. Pittsburg, PA-based UPMC announced the data breach in February 2021 and initially believed the attackers had only obtained the tax-information of a few hundred of its employees; however, in April 2014, UPMC determined that the breach was far more extensive and had affected 27,000 of its 66,000 employees. In May 2014, UPMC confirmed that the personal data of all of its employees had likely been compromised. The data compromised in the attack included names and Social Security numbers, some of which were used by the attackers to file fraudulent tax returns. Four individuals involved in the cyberattack have been charged and pleaded guilty to tax fraud and identity theft charges. They attempted to obtain around $2.2 million in tax refunds and received $1.7 million from the IRS.


Talbert House Investigating Hack and Theft of Employee and Client Data

Permalink - Posted on 2021-07-22 15:00

On July 9, threat actors calling themselves “Marketo” added a listing to their leak site for Talbert House in Ohio. Talbert House is an agency with a network of services focusing on prevention, assessment, treatment and reintegration for clients with a variety of issues. Their affiliates include the Council on Child Abuse of Southern Ohio (COCA), Gateways (an outpatient recovery center providing assessment, education and treatment services for adults struggling to cope with alcohol and/or drug use and mental health), and Health Care Access Now (HCAN) (providing access to health care for medically underserved populations). According to their web site, last year, Talbert House served more than 21,000 clients face to face with an additional 96,000 receiving prevention and hotline services. Whatever good karma they may have accrued wasn’t enough to protect them from a cyberattack.


Kaseya Ransomware Attack Highlights Cyber Vulnerabilities of Small Businesses

Permalink - Posted on 2021-07-22 15:00

The recent ransomware attack on software group Kaseya hit small businesses especially hard, targeting companies that often have few resources to defend themselves and highlighting long-standing vulnerabilities. The attack has been made worse during the pandemic when cyber threats against small businesses have multiplied, and companies have scrambled to stay afloat. “When large businesses aren’t doing the basics it’s negligence,” Kiersten Todt, managing director of the Cyber Readiness Institute, told The Hill. “When small businesses aren’t doing the basics, it’s often because they don’t have the resources, or the knowledge, or the education,” Todt added. The concerns around small businesses have been laid bare in the past week following the attack on Kaseya, which impacted up to 1,500 businesses using services of Kaseya customers.


TicketClub Italy Database Offered in Dark Web

Permalink - Posted on 2021-07-22 15:00

TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases. Their clients include Burger King, McDonald’s, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs. The actor having the alias “bl4ckt0r” has published TicketClub Italy database with over 340,957 users for sale and released several meaningful data dumps which may confirm the breach. The information has been originally published at RaidForums which are known for the illegal selling of any data loss from Internet portals and insecure online services.


Ransomware Gang Breached CNA's Network via Fake Browser Update

Permalink - Posted on 2021-07-22 15:00

Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached its network, stole data, and deployed ransomware payloads in a ransomware attack that hit its network in March 2021. As revealed by the US insurer, the attackers first breached an employee's workstation on March 5 using a fake and malicious browser update delivered via a legitimate website. The ransomware operator obtained elevated privileges on the system via "additional malicious activity" and then moved laterally through CNA's network, breaching and establishing persistence on more devices.


Cyber Attack Disrupts Major South African Port Operations

Permalink - Posted on 2021-07-22 15:00

A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected, three sources with direct knowledge of the matter told Reuters. Cape Town Harbour Carriers Association said in an email to members, seen by Reuters: "Please note that the port operating systems have been cyber-attacked and there will be no movement of cargo until the system is restored." Transnet's official website was down on Thursday showing an error message.


DDoS Attacks Increased 33% in H1 2021

Permalink - Posted on 2021-07-21 15:00

Between January and June, there were record numbers of attacks compared to the same period last year. The report also found that between Q1 2021 and Q2 2021 there was a 19% increase in DDoS campaigns, some of which were over 100 Gbps in attack volume; further evidence that hackers are continuing to exploit the vulnerabilities of businesses during the pandemic.


U.S. Congress Cancels Service Contract with Provider That Failed to Report Ransomware Attack

Permalink - Posted on 2021-07-21 15:00

The Office of the Chief Administrative Officer (CAO) -- which provides support services to US House members of both parties -- sent a letter to members of Congress announcing that it has terminated all contracts with iConstituent and will no longer be authorizing the platform's use because of multiple cybersecurity incidents. iConstituent is currently used by about 60 House members and was designed to facilitate communication between politicians and local residents. But in May the platform was hit with a ransomware attack and Chief Administrative Officer of the House Catherine Szpindor told Punchbowl News that the attack targeted iConstituent's e-newsletter system, which House members buy access to.


Ransomware Attack on Israeli IT Company Impacts More Than 100 Customers

Permalink - Posted on 2021-07-21 15:00

Shahaf reports that Pionet , which is owned by Malam Tim, suffered a ransomware attack that has paralyzed many of the company’s systems and the sites of more than a hundred of the company’s customers, including Assuta, Rambam, Hadassah, Budget Car Rental Company, Sonol Fuel Company, and Apple importer Idigital. Idigital’s customers include the Israel Electric Corporation and Israel Railways. The attackers have reportedly demanded a ransom of about half a million shekels (conversion: $151,861.82 USD). A ransom note demands an immediate/preliminary payment of $5000.00 in Monero.


Over 80 U.S. Municipalities' Sensitive Information Exposed in Massive Breach

Permalink - Posted on 2021-07-21 15:00

WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. This breach compromised citizens’ physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types of unique documents, it is difficult to estimate the number of people exposed in this breach. There was no need for a password or login credentials to access this information, and the data was not encrypted.


Walter’s Automotive Group Sees Customers PII Posted in Data Dump

Permalink - Posted on 2021-07-21 15:00

Credit reports for a few thousand customers of Audi Ontario and Porsche Ontario dealerships were dumped by ransomware threat actors who claim they locked Walter’s Automotive Group and exfiltrated data, but Walter’s would not respond to them. More than 22,000 driver’s license images were also in the data dump.


Three More Healthcare Providers Affected by Elekta Ransomware Attack

Permalink - Posted on 2021-07-20 14:00

Three more healthcare providers have announced they have been affected by the recent ransomware attack on the Swedish radiation therapy and radiosurgery solution provider Elekta Inc. Elekta provides a cloud-based mobile application called SmartClinic, which is used by healthcare providers to access patient information for cancer treatments. Cybercriminals gained access to Elekta’s systems between April 2, 2021 and April 20, 2021 exfiltrated the SmartClinic database prior to deploying ransomware and encrypting files. The database contained the personal and protected health information (PHI) of patients of 42 healthcare systems in the United States. Elekta notified affected customers in May 2021.


Ransomware Incident at Major Cloud Provider Disrupts Real Estate, Title Industry

Permalink - Posted on 2021-07-20 14:00

A ransomware incident at Cloudstar, a cloud hosting service and managed service provider for several industry sectors, has disrupted the activities of hundreds of companies. Cloudstar, which operates several data centers across the US, is primarily known in the mortgage, title insurance, real estate, legal, finance, and local government sector, where it provides services like virtual desktop hosting, software-as-a-service offerings, and other managed cloud infrastructure, which underpin many companies’ IT infrastructure. On Friday, the Florida-based company announced that it suffered a “highly sophisticated ransomware attack” that forced it to take down the vast majority of its services. With the exception of its encrypted email service, Cloudstar said in a status page today that most of its infrastructure continues to be down three days after the attack.


England: Hundreds of Touchscreen Ticket Machines Are Offline After a Ransomware Attack

Permalink - Posted on 2021-07-20 14:00

An apparent ransomware attack has resulted in hundreds of self-service ticket machines across the network being taken offline across the north of England. Customers who need to use the Northern rail company, which serves towns and cities across northern England, are urged to use the mobile app, website or ticket offices while the ticket machines remain disrupted. The attack comes just two months after 600 Northern-operated touchscreen ticket machines were installed at 420 stations across the region.


Geneva, Ohio Discloses Ransomware Attack

Permalink - Posted on 2021-07-20 14:00

Early Friday morning, July 16, 2021, the City of Geneva discovered an online breach into the city’s website and online data systems. The city is urging citizens to take precautions to monitor accounts in case of any data compromise.On July 18, threat actors calling themselves AVOSLocker listed Geneva on their dedicated leak site.


Lake County Health Department Notifies 25,000 Patients About Two Data Breaches

Permalink - Posted on 2021-07-19 15:00

The Lake County Health Department in Illinois has announced it has suffered two data breaches that potentially involved the personal and protected health information of around 25,000 patients. The first breach occurred in 2019 when a Lake County Health employee sent an unencrypted email from their work email account to an internal employee’s personal email account. The email had an attached spreadsheet of medical record requests dating from December 2016 to June 2019. The requests had been made through a third-party company which handled release of information requests for the Lake County Health Department. The spreadsheet included the names of 24,241 patients along with dates relevant to the vendor. Lake County Health discovered the breach on July 22, 2019; however, it took until July 2021 for notification letters to be sent to affected patients.


Ruthless Attackers Target Florida Condo Collapse Victims

Permalink - Posted on 2021-07-19 15:00

Families mourning the loss of loved ones to the partial collapse of the Champlain Towers South condo building in Surfside, Fla. are now being urged to check the credit of their deceased relatives thanks to a group of heartless hackers targeting victims in a new identity-theft scheme. Apparently, cybercriminals are watching the news and stealing the identities of victims read during the broadcast. Surfside Mayor Charles Burkett told local Florida news station 10 News that law enforcement is working to track down the cybercriminals.


Leak at Covid Testing Company Made It Possible to Fake Results in CoronaCheck App

Permalink - Posted on 2021-07-19 15:00

Due to a major leak at the coronavirus testing company Testcoronanu, it was possible for anyone to create their own Covid vaccination or test certificate, RTL Nieuws reported on Sunday. Additionally, private details from about 60 thousand people who took a coronavirus test at this company had been leaked. The company is affiliated with the testing for travel initiative from the government. The leak made it possible for anyone to easily add a fake negative coronavirus test result or proof of vaccination by adding two code lines. In the database, it was possible to personally enter which kind of test was absolved and what the result was. Afterward, you would automatically receive a travel certificate from Testcoronanu. The site has since been shut down by the Ministry of Health. Not only was it possible to add test and vaccination certificates, but users could also alter the data of others.


Jamaica: Staff, Patients Concerned About Data Breach at University Hospital

Permalink - Posted on 2021-07-19 15:00

Loose network and cybersecurity with the problem-plagued Hospital Information Management System (HIMS) that’s gobbling up millions in cost overruns has exposed to hackers thousands of patient data at the University Hospital of the West Indies (UHWI), a Sunday Gleaner investigation has found.


Ecuador's State-Run CNT Telco Hit by RansomEXX Ransomware

Permalink - Posted on 2021-07-19 15:00

Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. While CNT has not officially stated that they suffered a ransomware attack, BleepingComputer has learned that the attack was conducted by a ransomware operation known as RansomEXX.


Half of Organizations Are Ineffective at Countering Phishing and Ransomware Threats

Permalink - Posted on 2021-07-19 15:00

Half of US organizations are not effective at countering phishing and ransomware threats, Osterman Research research reveals. Key takeaways from the report include: 50% rated themselves ineffective overall at tackling phishing and ransomware; 72% consider themselves ineffective at preventing home infrastructure from being a conduit for attacks on corporate networks; Only 37% believed they were highly effective at following 11 or more of the highlighted best practices. The report further split the threat landscape into 17 types of security incident and found 84% of respondents had experienced at least one of these—highlighting the prevalence of phishing and ransomware. Most common were successful: Business email compromise (BEC) attack – 53%; Phishing messages resulting in malware infection – 49%; Account compromise – 47%.


Virginia Tech Says It Was Targeted in 2 Recent Cyber Attacks

Permalink - Posted on 2021-07-19 15:00

Virginia Tech says it was targeted in two recent cyberattacks but feels confident no data was stolen. Virginia Tech spokesman Mark Owczarski told the Roanoke Times Friday a few university units used Kaseya, a U.S. software company exploited in early July in a massive ransomware attack that snarled businesses around the world. Owczarski said the malware the hackers pushed out to Kaseya customers could have exposed student data but the university found no evidence that happened.


Saudi Aramco Data Breach Sees 1 TB Stolen Data for Sale

Permalink - Posted on 2021-07-19 15:00

This month, a threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale. ZeroX claims the data was stolen by hacking Aramco's "network and its servers," sometime in 2020. As such, the files in the dump are as recent as 2020, with some dating back to 1993, according to the group.


Ransomware Hits Law Firm Counseling Fortune 500, Global 500 Companies

Permalink - Posted on 2021-07-19 15:00

Campbell Conroy & O'Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 2021 ransomware attack. Campbell's client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation. Some of its current and past clients include Exxon, Apple, Mercedes Benz, Boeing, Home Depot, British Airways, Dow Chemical, Allianz Insurance, Universal Health Services, Marriott International, Johnson & Johnson, Pfizer, Time Warner, and many others.


Application Security Tools Ineffective Against New and Growing Threats

Permalink - Posted on 2021-07-19 15:00

As organizations around the world are faced with the task to digitally transform, many of the traditional tools and services no longer support the modern needs and architectures of the digitized world. While the increased need for flexibility, agility, and speed continues to drive the evolution of application development and increased deployment of microservice-based architectures, many organizations have not updated their security tooling and continue to rely on traditional web application and API security tools to protect their business.


30,000 Florida Blue Members Impacted by Brute Force Attack on Member Portal

Permalink - Posted on 2021-07-16 15:00

The protected health information of up to 30,063 members of Florida Blue (Blue Cross and Blue Shield of Florida) may have been viewed or obtained in a brute force attack on the Florida Blue online member portal. Starting on June 8, 2021, unknown individuals conducted a brute force campaign using a large database of user identifiers and corresponding passwords that was available from online sources in an attempt to gain access to the portal. The database appears to have been compiled from data breaches at third party companies where username and password combinations had been compromised. Florida Blue reports that some of those automated attempts were successful and the attacker gained access to information contained in online member accounts. This information typically included names, contact information, claims information, payment information, health insurance policy information, and other personal information.


An Insurtech Startup Exposed Thousands of Sensitive Insurance Applications

Permalink - Posted on 2021-07-16 15:00

A security lapse at insurance technology startup BackNine exposed hundreds of thousands of insurance applications after one of its cloud servers was left unprotected on the internet. BackNine might be a company you’re not familiar with, but it might have processed your personal information if you applied for insurance in the past few years. The California-based company builds back-office software to help bigger insurance carriers sell and maintain life and disability insurance policies. It also offers a white-labeled quote web form for smaller or independent financial planners who sell insurance plans through their own websites. But one of the company’s storage servers, hosted on Amazon’s cloud, was misconfigured to allow anyone access to the 711,000 files inside, including completed insurance applications that contain highly sensitive personal and medical information on the applicant and their family. It also contained images of individuals’ signatures as well as other internal BackNine files. Of the documents reviewed, TechCrunch found contact information, like full names, addresses and phone numbers, but also Social Security numbers, medical diagnoses, medications taken and detailed completed questionnaires about an applicant’s health, past and present. Other files included lab and test results, such as blood work and electrocardiograms. Some applications also contained driver’s license numbers. The exposed documents date back to 2015, and as recently as this month.


Texas: Thousands of Employees and Dependents of Whitehouse ISD Victims of Data Dump

Permalink - Posted on 2021-07-16 15:00

School districts continue to be low-hanging fruit for threat actors. While Grief threat actors hacked and then dumped data from Clover Park School District in Washington, Booneville School District in Mississippi, and Lancaster ISD in Texas, Vice Society hacked and then dumped data from Whitehouse ISD, also in Texas. On June 28, DataBreaches.net emailed Whitehouse ISD to ask about Vice’s claimed hack. The threat actors had not uploaded any proof of claims at that point, and Whitehouse did not respond at all to this site’s inquiries. On July 8, however, the district issued a statement on their web site.


D-Box Technologies Hit by Ransomware That Affected Most of Its Systems

Permalink - Posted on 2021-07-16 15:00

D-BOX announces that the Corporation was subject to a ransomware cyberattack on its information technology systems. The malware used to perform the attack encrypted electronic data stored on the Corporation’s network so it cannot be read or used. The attack took place after the close of business on July 12, 2021 and was detected on the same day, with steps immediately taken to contain and mitigate any potential impact to the Corporation’s data and operations and start the recovery process. D-BOX is still investigating the extent of the attack, but it is anticipated, as the attack affected most of its systems, that D-BOX’s business operations will be adversely affected for several days and potentially longer depending how quickly the Corporation may recover its data and make full use of its systems.


France: Ransomware Attack on Spa Is Anything But Relaxing

Permalink - Posted on 2021-07-16 15:00

On July 9, the Royatonic spa in France suffered a ransomware attack. A notice on their web site informs people that as of July 12, the spa had to close because a cyberattack blocked access to their server and paralyzed all their activity.


Bank Account Details Stolen in Major Insurance Hack in South Africa

Permalink - Posted on 2021-07-16 15:00

An attack on debit order collection company Qsure has impacted several South African insurers who use its services, including Hollard and Guardrisk. Australian security researcher Troy Hunt recently posted a notice from Ooba to its clients saying that although they do not yet know if any Guardrisk and Ooba clients were affected, they decided to send out cautionary notifications. Qsure informed Guardrisk on 20 June that it had suffered a “data incident” and that an unauthorised third party accessed policyholder information. Hollard spokesperson Warwick Bloom told MyBroadband that they received a notice from Qsure on 17 June confirming a data breach. The breach affected short-term insurance customers whose debit orders are processed via brokers who use or have used the Qsure service, dating back to 2014. Bloom said that Qsure advised them that the information stored on the compromised database consisted of account holder names, bank account numbers, and branch details.


Recent Attacks Lead to Renewed Calls for Banning Ransom Payments

Permalink - Posted on 2021-07-16 15:00

Major ransomware attacks that have disrupted businesses and caused supply chain ripples in the US economy have led to renewed calls for making it illegal to pay a ransom to cybercriminals. The switch to defunding the ransomware groups would not come without pain, Critical Insight's Hamilton says. "In order for a change like this to work, the federal government would necessarily need to provide financial support to rebuild networks and help victims get back to operational capacity," he says. "Unfortunately, this means some will lose data."


Australian Organisations Are Quietly Paying Hackers Millions in a Tsunami of Cyber Crime

Permalink - Posted on 2021-07-16 15:00

It's an open secret within the tight-lipped world of cybersecurity. For years, Australian organisations have been quietly paying millions in ransoms to hackers who have stolen or encrypted their data. This money has gone to criminal organisations and encouraged further attacks, creating a vicious cycle. Now experts say Australia and the rest of the world is facing a "tsunami of cyber crime". There has been a 60 per cent increase in ransomware attacks against Australian entities in the past year, according to the government's cyber security agency, the ACSC. Just in the past six months alone, the frequency of attacks and the size of ransoms being demanded has increased significantly, said Michael Sentonas, chief technology officer of Crowdstrike, one of the largest cybersecurity companies in the world. But this message is not being heard by Australian organisations, many of which remain complacent about the threat, he said.


IoT Attacks Increased 700% in Just Over Two Years

Permalink - Posted on 2021-07-16 15:00

A new study by cybersecurity company Zscaler reveales a disturbing fact, namely a 700% rise of cyberattacks on IoT devices. During two weeks in December 2020, security professionals examined the traffic to determine how much of it was malicious and what it accomplished.


Cyber Training Mostly Unsuccessful in Preventing Phishing

Permalink - Posted on 2021-07-16 15:00

Traditional cyber defences are apparently not enough to prevent cyberattacks such as phishing, with 54% of all victims having anti-phishing training and 49% having perimeter defences in place at the time of attack, a global study by cloud storage firm Cloudian revealed. The study called for organisations to place greater attention on putting systems in place that enable quick data recovery in the event of an attack, without paying ransom. According to Cloudian, many organisations spend large portions of their cybersecurity budget on defensive measures such as anti-malware software and anti-phishing training for employees. However, ransomware attacks have become increasingly sophisticated, enabling cybercriminals to penetrate the defences. The study found that phishing is among the top modes of entry for ransomware, with 24% of attacks initiated this way. Public cloud was the most common point of entry with 31% of respondents being attacked this way. More than half (55%) of respondents chose to pay ransom, with an average payment of US$223,000, and 14% paying over US$500,000. Additional costs stemming from attacks averaged at US$183,000. Cyber insurance covered only roughly 60% of total ransomware costs, presumably reflecting deductibles and coverage caps. Despite paying ransom, only 57% of respondents got all their data back.


India: 2000% Increase in Cyber Security Breaches During Pandemic

Permalink - Posted on 2021-07-16 15:00

The Covid-19 pandemic and rising digitisation has led to a surge in cybercrimes. India saw the number of breaches increased by 2,000 per cent during the pandemic, said experts at Pursuit 2021 -- an event on cybersecurity organised by Internet and Mobile Association of India. There has been a rise in targeted attacks, during the pandemic and "cyberwar has started", said Gulshan Rai, India's first Cybersecurity Coordinator and Distinguished Fellow, ORF. Although 90 per cent of attacks are traditional attacks, which include phishing, malware, etc, however, the key concern is the rise in the number of targeted attacks (which accounts for 9 per cent currently). Solar winds, Wannacry, are some examples of targeted attacks which are detrimental for any organisation and nation.


Ireland: Cancer Patient to Sue Cork's Mercy Hospital Over Cyber Hack

Permalink - Posted on 2021-07-15 15:00

One of the first legal cases over the release of sensitive medical information on the dark web as part of the HSE cyber hack has been lodged at Cork Circuit Court. The case was lodged on Monday against Mercy University Hospital (MUH) by a Cork solicitor acting on behalf of a middle-aged family man who received treatment there for cancer. Glanmire-based solicitor Micheál O'Dowd said some, but not all, information relating to the man's medical files had been put up on the dark web and he had other clients in a similar situation for whom he expects to lodge legal proceedings as well. All of the cases relate to people getting cancer treatment.


Cyber Attack on Florida Heart Associates Potentially Affects 45,000 Patients

Permalink - Posted on 2021-07-15 15:00

Florida Heart Associates is notifying 45,148 patients about a recent security breach in which their personal and protected health information may have been compromised. The security breach was detected on or around May 19, 2021, when unusual activity was spotted within certain networked computers.


Dermatology Clinic Chain Breach Affects 2.4 Million

Permalink - Posted on 2021-07-15 15:00

Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a recent hacking incident. The incident apparently involved a ransomware strain known as "Cuba." The incident is the third-largest breach added to the Department of Health and Human Services' HIPAA Breach Reporting Tool website so far this year.


PHI of Over 200,000 Individuals Potentially Compromised in ClearBalance Phishing Attack

Permalink - Posted on 2021-07-14 15:00

San Diego, CA-based ClearBalance, a loan provider that helps patients spread the cost of their hospital bills, was the victim of a phishing attack on March 8, 2021 and employees were tricked into disclosing their login credentials. A review of the contents of the email accounts revealed they contained the following data elements: Names, tax IDs, Social Security numbers, dates of birth, government-issued ID numbers, telephone numbers, healthcare account numbers, balance amounts, dates of service, ClearBalance loan numbers and balances, personal banking information, clinical information, health insurance information, and full-face photographic images. The types of data in the accounts varied from individual to individual.


Personal Data Compromises Up 38%

Permalink - Posted on 2021-07-14 15:00

ybersecurity has been a prime topic of conversation following a string of attacks on critical U.S. infrastructure including the Colonial Pipeline attack, JBS Foods ransomware incident and others. On Wednesday, Atlas VPN released a report using Identity Theft Resource Center (ITRC) data, outlining personal data breaches for the first half of 2021. One of the listed infographics parses out data by the total number of data compromises and affected individuals for the first half of this year. Overall, June saw the highest number of breaches with 203, followed by April (151), March (144) and May (137). In order, February and January rounded out the top six with 111 and 100 compromises, respectively. Interestingly, the number of compromises does not always directly correlate with the number of individuals affected. For example, February topped the list for the first half of 2021 with 35,313,405 people impacted followed by April (25,443,298) and March (23,309,513). In order, May (20,657,152), January (7,214,985) and June (6,750,974) round out the top six months in terms of most people affected.


94% of Organizations Have Suffered Insider Data Breaches

Permalink - Posted on 2021-07-14 15:00

Egress’ Insider Data Breach Survey 2021 has revealed that an overwhelming 94% of organisations have experienced insider data breaches in the last year. Human error was the top cause of serious incidents, according to 84% of IT leaders surveyed. However, IT leaders are more concerned about malicious insiders, with 28% indicating that intentionally malicious behaviour is their biggest fear. Despite causing the most incidents, human error came bottom of the list, with just over one-fifth (21%) saying that it’s their biggest concern. Additionally, almost three-quarters (74%) of organisations have been breached because of employees breaking security rules, and 73% have been the victim of phishing attacks.


West Virginia: Morgan County Schools' Computers Hit by Ransomware Attack

Permalink - Posted on 2021-07-14 15:00

Morgan County Schools was one of many victims of a massive Fourth of July weekend ransomware attack that struck businesses and agencies nationally and around the globe. School Superintendent Kristen Tuttle said at a July 6 school board meeting that the hack occurred on Friday, July 2 and was contained to some of their office computers. Some individual machines were infected and some files were locked from the attack. The group behind the hack wants school officials to pay money for the files to be released.


Only Half of Organizations Can "Effectively" Defend Against Attacks

Permalink - Posted on 2021-07-14 15:00

Around half of firms don't have the technology to prevent or detect ransomware attacks, according to research by cybersecurity company Trend Micro. It suggests that many organisations don't have the cybersecurity capabilities required to prevent ransomware attacks, such as the ability to detect phishing emails, remote desktop protocol (RDP) compromise or other common techniques deployed by cyber attackers during ransomware campaigns.


Cyber Attacks Drive 185% Spike in Health Sector Data Breaches in 2021

Permalink - Posted on 2021-07-14 15:00

More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a new report from Fortified Health Security. Malicious cyberattacks caused the majority of these security incidents, accounting for 73% of all breaches. Unauthorized access or disclosure accounted for another 22%, and the remaining 5% were caused by smaller thefts, losses, or improper disposals. Further, the number of breaches reported to the Department of Health and Human Services during the first six months of 2021 increased by 27% year-over-year. Health care providers accounted for the most breaches with 73% of the overall tally, compared to health plans with 16% and business associates that accounted for 11%.


Supply Chain Ransomware Breach Affects 1.2 Million

Permalink - Posted on 2021-07-14 15:00

Practicefirst, an Amherst, New York-based medical management services provider, on July 1 reported to federal regulators a breach that occurred late last year. The company's breach notification statement appears to indicate that the firm paid a ransom in exchange for promises that the attackers would destroy and not further disclose files stolen in the incident.


1 in 5 Companies Fail PCI Compliance Assessments of Their Infrastructure

Permalink - Posted on 2021-07-13 16:00

According to a recent poll by SentryBay, the infrastructure of over 21% of surveyed companies has failed key PCI compliance assessments, designed to assist them to maintain high security standards when processing customer card payments. In addition, a further 29.3% said that they had no confidence in their own company’s compliance when it came to PCI DSS.


Millennia Group Notifying People of 2019 Email Breach

Permalink - Posted on 2021-07-13 16:00

Ohio-headquartered The Millennia Companies are involved in housing management. On some date that this site does not yet know, they learned that there had been unauthorized access to some employee email accounts between October 21, 2019 and December 18, 2019.


T-Shirt Maker Spreadshop Hacked in Data Breach

Permalink - Posted on 2021-07-13 16:00

Clients of Spreadshirt, Spreadshop, and TeamShirts have been warned of a data breach which has seen the details of customers, partners, and employees fall into the lap of cybercriminals. News of the breach first emerged on Thursday when customers were warned by email of a “security incident” involving an “unauthorised third party.” At the time, the print-on-demand T-shirt company said it was investigating what data might have been affected.


Maine: York Animal Hospital Hit by Ransomware, Lost All Patient Records for Past Four Years

Permalink - Posted on 2021-07-13 16:00

The owners discovered the attack Tuesday, July 6, prompting the hospital to close early on Friday, so the team could work on rebuilding the company's database. The team posted progress updates on Facebook throughout the ordeal, thanking clients for their patience. The practice's computers locked up, and the screen on one carried a ransom note demanding $80,000 in Bitcoin for files to be restored.


ClearBalance Notifying More Than 209,000 Patients Who Have Medical Expense Loans

Permalink - Posted on 2021-07-13 16:00

A recent filing with the Maine Attorney General’s Office reveals that beginning on March 8, there was unauthorized access to some employee email accounts. The access was not detected until April 26, when ClearBalance detected and thwarted an attempted wire transfer of funds. Subsequent investigation revealed that the email accounts compromised also contained personal information related to certain loan accounts.


Parts of Kazakhstan E-Gov Portal Infected with Razy Malware

Permalink - Posted on 2021-07-13 16:00

Razy malware has been around for a number of years now, and is still causing trouble. A Windows-based malware, one of the reasons that the malware has continued to be effective is that it can appear to be free software or a file on what would normally be a trusted site by the public, such as a government site. That recently happened to the Kazakhstan e-government portal.


Canberra Proposes IoT Ratings and Mandatory Cyber Standards for Big Business

Permalink - Posted on 2021-07-13 16:00

In a bid to "further protect the economy from cybersecurity threats", the government is proposing either a voluntary or mandatory set of governance standards for larger businesses that would "describe the responsibilities and provide support to boards". While the crux of both options is similar, the mandatory code would require the entities covered to achieve compliance within a specific timeframe. A mandatory code would also see enforcement applied. A voluntary option would not require specific technical controls to be implemented and would rather be treated as a suggestion. The government would prefer the code be voluntary, however, saying "on balance, a mandatory standard may be too costly and onerous given the current state of cybersecurity governance, and in the midst of an economic recovery, compared to the benefits it would provide". It also flagged there was no existing regulator with the relevant skills, expertise, and resources to develop and administer a mandatory standard. Small businesses, meanwhile, have had a "cyber health check" function suggested.


SolarWinds Confirms New Zero-Day Flaw Under Attack

Permalink - Posted on 2021-07-12 15:00

Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as “limited, targeted attacks.” In an advisory issued over the weekend, SolarWinds said a single threat actor exploited security flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products to launch malware attacks against “a limited, targeted set of customers.” This zero-day is new and completely unrelated to the SUNBURST supply chain attacks, the company said. The embattled company said the attacks were discovered by threat hunters at Microsoft who noticed live, in-the-wild attacks hitting a remote code execution flaw in the SolarWinds Serv-U product.


HHS Warns Entities; Patients File Potential Class Action Lawsuit Over PACS Breach

Permalink - Posted on 2021-07-12 15:00

HHS recently issued an alert about a known vulnerability allowing access to some picture archiving communications systems (PACS). The vulnerability had been reported two years ago, and again months later, and there had been updated alerts since then. HHS is advising entities to address this as a priority now if they have not done so already.


Health Insurers Facing Growing Risk of Customer Data Theft

Permalink - Posted on 2021-07-12 15:00

Health insurers and related third parties that fail to inventory and protect sensitive customer information face increased financial, reputational, operational and regulatory risks from cyberattacks, Fitch Ratings says. Insurance claims related to ransomware attacks have risen significantly, prompting carriers to raise premiums and change terms and conditions, including increasing deductibles and providing lower coverage. Price increases for cyber coverage have accelerated over the past two years. The Council of Insurance Agents & Brokers recently indicated that renewal pricing on cyber coverage increased by an average of 18% in first-quarter 2021. All of these costs increase the administrative burden on health insurers and raises premium rates for healthcare consumers.


Mint Mobile Hit by a Data Breach After Numbers Ported, Data Accessed

Permalink - Posted on 2021-07-12 15:00

Mint Mobile has disclosed a data breach after an unauthorized person gained access to subscribers' account information and ported phone numbers to another carrier. In addition to the ported number, Mint Mobile disclosed that an unauthorized person also potentially accessed subscribers' personal information, including call history, names, addresses, emails, and passwords.


North Carolina: Cyber Attack at Bank of Oak Ridge, Customer Data Exposed

Permalink - Posted on 2021-07-12 15:00

Bank of Oak Ridge, a community bank in Piedmont-Triad, said an "unauthorized actor" accessed banking customer data in late April, leading the bank to notify federal authorities and launch an investigation. A spokesperson with Bank of Oak Ridge told WFMY News 2 that the data breach occurred between April 26-27, 2021.


84% of Organizations Experienced Phishing & Ransomware Type Threats in the Past 12 Months

Permalink - Posted on 2021-07-12 15:00

Trend Micro Incorporated, a global cybersecurity leader, published new research revealing that half of US organizations are not effective at countering phishing and ransomware threats. The study asked respondents to rate their effectiveness in 17 key best practice areas related to ransomware and phishing, ranging from protecting endpoints from malware infection to ensuring prompt patching of all systems. Key takeaways from the report include: 50% rated themselves ineffective overall at tackling phishing and ransomware; 72% consider themselves ineffective at preventing home infrastructure from being a conduit for attacks on corporate networks.


Fashion retailer Guess Discloses Data Breach After Ransomware Attack

Permalink - Posted on 2021-07-12 15:00

The fashion retailer identified the addresses of all impacted individuals after completing a full review of the documents stored on breached systems on June 3, 2021. Guess began mailing breach notification letters to affected customers on June 9, offering complimentary identity theft protection services and one year of free credit monitoring through Experian to all impacted individuals. According to the breach notifications mailed on Friday, information exposed in the attack includes personal and financial data.


Kroger Proposes $5 Million Settlement to Resolve Data Breach Lawsuits

Permalink - Posted on 2021-07-09 17:00

The pharmacy and supermarket chain Kroger has proposed a $5 million settlement to resolve lawsuits filed by victims of data breach that exposed their personal and protected health information. Kroger was one of many victims of a cyberattack on Accellion’s File Transfer Appliance (FTA) in December 2020. The Accellion FTA is a legacy solution used to transfer files too large to be sent via email. Hackers exploited several zero-day vulnerabilities in the solution and gained access to the data of more than 100 companies. While ransomware was not used, the attack was linked to the Clop ransomware gang which threatened to publish the exfiltrated data. Individual companies were sent demands for payment to prevent the exposure of their stolen data.


Coastal Family Health Center Cyber Attack Affects 62,000 Patients

Permalink - Posted on 2021-07-09 17:00

Coastal Family Health Center (CFHC), the fourth largest community health center in Mississippi, has started notifying patients about a May 13, 2021 cyberattack that involved some of their protected health information. CFHC said hackers attempted to shut down its computer operations; however, that attempt failed and CFHC was able to continue treating patients and providing services to the community. An investigation was immediately launched into the incident to determine how the attack occurred and whether any sensitive patient information was accessed by the hackers. On June 4, 2021 the investigation revealed some files accessed by the attackers contained the protected health information of patients, including names, addresses, Social Security numbers, health insurance information, and health and treatment information.


Britian: ICO Fines Transgender Charity for Data Protection Breach Exposing Sensitive Data

Permalink - Posted on 2021-07-09 17:00

The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure. The ICO’s investigation began after it received a data breach report from the charity in relation to an internal email group it set up and used from August 2016 until July 2017 when it was decommissioned. The charity only became aware of the breach in June 2019. The ICO found that the group was created with insufficiently secure settings, leading to approximately 780 pages of confidential emails to be viewable online for nearly three years. This led to personal information, such as names and email addresses, of 550 people being searchable online. The personal data of 24 of those people was sensitive as it revealed how the person was coping and feeling, with a further 15 classified as special category data as mental and physical health and sexual orientation were exposed.


Colorado Becomes Latest State to Pass Data Privacy Laww

Permalink - Posted on 2021-07-09 17:00

Colorado has joined California and Virginia in passing a comprehensive data privacy law that forces companies to make wholesale changes to how they handle people's sensitive information online. The Colorado Privacy Act, which was signed into law on July 7 by Governor Jared Polis, gives consumers the right to ask companies not to sell their personal information while also giving them access to any data companies have about them. Consumers can also ask companies to delete their data, and the law forces enterprises to ask for consent to hold certain sensitive information like Social Security Numbers, drivers license numbers and more. While some states have passed narrower laws focused on specific data collection and sale practices, Colorado is considered among experts to be the third state after California and Virginia to pass a commercial privacy law.


N.Y. Dept. of Financial Services Announces a $1.8 Million Settlement with Two Insurers for Data Breaches

Permalink - Posted on 2021-07-09 17:00

The New York Department of Financial Services (“NYDFS”) recently announced that it has entered into a Consent Order with two affiliated life insurers for alleged violations of New York’s Cybersecurity Regulation (the “NY Cybersecurity Regulation”). The NYDFS conducted an investigation and determined that the two life insurers (the “Companies”) had been the subject of two phishing attacks in 2018 and 2019, which compromised the email accounts of several of the Companies’ employees, with access to a significant amount of sensitive and personal data of their customers. The NYDFS indicated that its investigation revealed the Companies allegedly violated the NY Cybersecurity Regulation by failing to implement Multi-Factor Authentication (“MFA”) without implementing reasonably equivalent or more secure access controls approved in writing by the Companies. Additionally, the NYDFS alleged the Companies falsely certified compliance with the NY Cybersecurity Regulation in 2018 because MFA was not fully implemented. The NYDFS also alleged that the two data breaches resulted in the exposure of numerous non-public personal data belonging to the Companies’ customers.


File Security Violations Within Organizations Have Spiked 134% as the World Reopened for Business

Permalink - Posted on 2021-07-09 17:00

BetterCloud surveyed more than 500 IT and security professionals—and examined internal data from thousands of organizations and users—to understand their top challenges, priorities, and the magnitude of data loss and sensitive information leaks.


Maryland Town Knocked Offline as Part of Massive Ransomware Attack

Permalink - Posted on 2021-07-09 15:00

A Maryland town was taken offline last week during the massive ransomware attack on through Miami-based technology firm Kaseya. Leonardtown had been informed by JustTech that the ransomware gang REvil was demanding $45,000 per computer, but the town's government never seriously considered paying. They are instead proceeding to attempt to get back online through computer backups.


Insurance Giant CNA Reports Data Breach After Ransomware Attack

Permalink - Posted on 2021-07-09 15:00

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. The data breach reported by CNA affected 75,349 individuals, according to breach information filed with the office of Maine's Attorney General. After reviewing the files stolen during the attack, CNA discovered that they contained customers' personal information such as names and Social Security numbers.


Consumers Trust Organizations Less After Receiving Scam Messages Claiming to Represent Them

Permalink - Posted on 2021-07-08 16:00

Callsign revealed that the rise of scams is harming organizations’ reputations across the world. The global study of consumers revealed that just receiving a scam message purporting to be from any brand is enough for 45% of them to lose trust in the organization regardless of any real association with the message. The survey is a reminder that consumers have a choice. 21% of consumers who have been a victim of fraud they have stopped using the company whose name the fraudster used to execute the scam. In comparison consumers are less likely to leave the channel the scam is executed through (only 13% would leave their network provider) demonstrating that regardless of the scam method, it’s the brand being mimicked that suffers. SMS appears to be the weakest link with only 5% of consumers thinking it is a safe channel to communicate with their bank or retailer, and the channel has seen a 55% decrease in trust from those surveyed just because they have received a scam text message.


Ransomware as a Service: Negotiators Are Now in High Demand

Permalink - Posted on 2021-07-08 15:00

The Ransomware-as-a-Service (RaaS) ecosystem is evolving into something akin to a corporate structure, researchers say, with new openings available for "negotiators" -- a role focused on extorting victims to pay a ransom. On Thursday, KELA threat intelligence analyst Victoria Kivilevich published the results of a study in RaaS trends, saying that one-man-band operations have almost "completely dissolved" due to the lucrative nature of the criminal ransomware business. The potential financial gains squeezed from companies desperate to unlock their systems have given rise to specialists in cybercrime and extortion and have also led to a high demand for individuals to take over the negotiation part of an attack chain.


China Passes the Data Security Law

Permalink - Posted on 2021-07-08 15:00

On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which goes into effect September 1, 2021. Where the CSL is primarily focused on cybersecurity for Critical Information Infrastructure (CII) operators and network operators, the DSL was promulgated in order to regulate data processing activities, promote data security, protect the lawful rights and interest of individuals and organizations, and safeguard national sovereignty, security, and development interests. (Article 1). The scope of the DSL is quite broad, and without clarifying regulations or guidance, the law lacks significant detail on how companies should comply, leaving many open questions in advance of the September 2021 effective date. While it is expected that the relevant authorities in China will issue guidance and formulate certain corresponding regulations, it is clear that given the sweeping scope and broad territorial reach of the DSL, the DSL may have far-reaching implications for many companies.


Spanish Royal Family, Madrid Residents Have Vaccine Information Accessed in Breach

Permalink - Posted on 2021-07-08 15:00

Their vaccination data such as when and when they received their jab and which shot they were given could also be accessed. Thousands of people have reportedly been affected by the glitch. The security failure has mainly affected people living in Madrid.


Norwegian DPA: Moss Municipal Council Fined for Failing to Protect Systems

Permalink - Posted on 2021-07-08 15:00

The Norwegian Data Protection Authority has imposed a EUR 50,000 (NOK 500,000) fine on Moss Municipal Council for failing to adequately protect personal data. The error has been corrected and the case closed.


Cyber Attacks Continue to Interfere with Vaccination Efforts and Municipal Governments

Permalink - Posted on 2021-07-08 15:00

Like many countries, Georgia has been dealing with a significant increase in number of new COVID cases after previously lifting some restrictions. On July 2, the country received one million doses of the Sinopharm and Sinovac vaccines from China. A reservation window was opened for people to register to get the vaccine, but on Saturday (July 3), the registration portal at booking.moh.gov.ge was hacked, disrupting the sign-up process for the day. The municipality of Oradea, Romania issued a statement on July 5 about an attack. In the “Counter Room” (Pyramid) on the first floor of the municipal hall, no functions could be performed other than collecting taxes and duties.


Federal Judge Allows Blackbaud Consolidated Class Action Data Breach Lawsuit to Proceed

Permalink - Posted on 2021-07-08 15:00

Plaintiffs in a class action lawsuit against Blackbaud sufficiently demonstrated they have standing, and the lawsuit has survived Blackbaud’s motion to dismiss. Blackbaud is a publicly traded cloud software company with headquarters in Charleston, SC. Blackbaud provides data collection and maintenance solutions for administration, fundraising, marketing, and analytics to entities such as non-profit organizations, foundations, educational institutions, and healthcare organizations. In the course of providing its services, the company collects and stores personally identifiable information (PII) and Protected Health Information (PHI) from its customers’ donors, patients, students, and congregants. From February 7, 2020 to May 20, 2020, cybercriminals gained access to Blackbaud’s systems, exfiltrated data, and then used ransomware to encrypt files on Blackbaud’s systems. A ransom demand was then issued by the attackers and the attackers claimed they would provide the keys to decrypt data on Blackbaud’s systems and permanently delete the data they had exfiltrated if the ransom was paid. Blackbaud decided to pay the ransom and received assurances that the stolen files had been deleted. Following the attack, more than two dozen class action lawsuits were filed against Blackbaud. In December, the Judicial Panel on Multidistrict Litigation combined the lawsuits and, as of Thursday 1, 2021, there were 28 class action lawsuits combined in the Multidistrict Litigation with 34 named plaintiffs from 20 states. The plaintiffs assert six claims on behalf of a putative nationwide class and ninety-one statutory claims on behalf of putative state subclasses. The six types of injury the plaintiffs assert are identity theft or fraud, increased risk of identity theft in the future, time and money spent to mitigate the risk of harm, emotional distress, diminished value of data, and invasion of privacy.


Morgan Stanley Reports Data Breach After Vendor Accellion Hack

Permalink - Posted on 2021-07-08 15:00

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor. Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants. The Guidehouse server was breached by exploiting an Accellion FTA vulnerability in January before the vendor patched it within five days of the fix becoming available.


Pentagon Office Left Military Equipment Designs Open to Hackers, Watchdog Finds

Permalink - Posted on 2021-07-08 15:00

The office in charge of the U.S. military’s 3D printing left designs for defense technology vulnerable to theft by hackers and adversaries, according to a watchdog report made public on Wednesday. The report found that officials were unaware that the systems connected to local networks and the internet. Because the systems were miscategorized, the office failed to conduct a risk assessment required by the department altogether. Officials also failed to monitor removable media entering the systems.


Singapore Sees Spikes in Ransomware, Botnet Attacks

Permalink - Posted on 2021-07-08 15:00

Number of reported ransomware attacks climbed 154% last year, while malicious C&C servers and botnet drones increased 94% in the city-state, where cybercrime cases account for almost half of total crimes.


Online Brands Prioritizing Speed Over Security

Permalink - Posted on 2021-07-07 16:00

Consumers around the world fear that businesses are now compromising online security in their efforts to deliver seamless digital experiences. According to a research released by Trulioo, 71% of respondents living in China, the UK and the U.S. feel that online brands are now prioritizing speed over security.


Marsh McLennan Reveals April Data Breach

Permalink - Posted on 2021-07-07 16:00

Marsh & McLennan Cos. Inc. was hit by a data breach in April involving access to Social Security numbers and other personal information of staff, former staff, clients and a range of other people linked to the brokerage. The company sent a breach notification dated June 30, which was obtained by Business Insurance, stating that it discovered the breach on April 26 and that an “unauthorized actor had leveraged a vulnerability in a third party’s software since at least April 22.” In a statement, a Marsh McLennan spokeswoman said: “In late April, we detected unauthorized access to a limited set of data in our environment. At no point was there any disruption in our operations. We promptly investigated and remediated the issue and are in the process of notifying impacted individuals.” She declined to comment further on the data breach. The breach is one of several cyberattacks on high-profile insurance industry companies over the past year. Last September, brokerage Arthur J. Gallagher & Co. was hit by a ransomware attack and in March insurer CNA Financial Corp. was hit by a ransomware attack, which it reportedly paid $40 million to resolve.


UW Health Discovers 4-Month Breach of Its MyChart Portal

Permalink - Posted on 2021-07-07 16:00

University of Wisconsin Hospitals and Clinics Authority has reported a breach of its Epic MyChart portal which has affected 4,318 UW Health patients. Unusual activity was detected in the portal and an investigation was launched on April 20, 2021, to determine the nature and extent of the breach. The investigation ran until May 4, 2021, and determined unauthorized individuals had access to the portal for a period of around 4 months, with dates of access ranging from December 27, 2020 to April 13, 2021.


Ransomware Attacks Reported by 5 HIPAA Covered Entities and Business Associates

Permalink - Posted on 2021-07-07 16:00

Professional Business Systems, Inc. operating as Practicefirst Medical Management Solutions and PBS Medcode Corp, a provider of medical management services involving data processing for healthcare providers, has suffered a ransomware attack in which files containing patient information were obtained by the attackers. The ransomware attack was identified on December 30, 2020, and its systems were promptly shut down in an effort to contain the attack. Third-party cybersecurity experts were engaged to investigate the incident and law enforcement was notified. Practicefirst has not confirmed whether the ransom was paid but did say it received assurances from the attacker that the files copied from its systems have been destroyed and were not further disclosed.


Data Breach at Third-Party Provider Exposes Medical Information of U.S. Healthcare Patients

Permalink - Posted on 2021-07-07 16:00

A data breach at a third-party provider has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown actors gained unauthorized access to a database owned by Elekta, which provides a cloud-based platform that handles legally-required cancer reporting to the State of Illinois. In a security advisory, the healthcare provider, based in Chicago, said that the attackers made a copy of the datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.


Swedish Supermarket Closed by Kaseya Cyber Attack

Permalink - Posted on 2021-07-06 16:00

Most of one of Sweden's leading supermarket chains' 800 shops remained closed on Monday, three days after they were indirectly affected by the cyberattack targeting US company Kaseya.


PHI of Veterans with PTSD Potentially Compromised in OSU Data Breach

Permalink - Posted on 2021-07-06 16:00

n Ohio State University’s (OSU) pilot program to help veterans recover from Post Traumatic Stress Disorder (PTSD) and other mental health issues was breached and the personal information of patients has been compromised, according to a recent NBC4 Investigates Report. The (OSU) Veterans Neuromodulation Operation Wellness (NOW) pilot program was shut down permanently on June 15, 2021, but prior to the closure, a data breach occurred. OSU explained in its notification letters to affected individuals that the breach was detected on April 24, 2021, and occurred between January 25, 2021, and March 4, 2021.


BJC HealthCare Email Data Breach Lawsuit Survives Motions to Dismiss

Permalink - Posted on 2021-07-06 16:00

A class action lawsuit filed by two former patients against BJC HealthCare over a March 2020 email data breach has survived two motions to dismiss. Leaha Sweet and Bradley Dean Taylor took legal action against St. Louis-based BJC HealthCare in September 2020 after being notified that their protected health information had potentially been compromised in a data breach.


Western Digital Users Face Another RCE

Permalink - Posted on 2021-07-06 16:00

As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage devices. The latest zero-day entails an attack chain that allows an unauthenticated intruder to execute code as root and install a permanent backdoor on the vendor’s network-attached storage (NAS) devices. It’s found in all Western Digital NAS devices running the old, no-longer-supported My Cloud 3 operating system: an OS that the researchers said is “in limbo,” given that Western Digital recently stopped supporting it.


Rural Alabama Electric Cooperative Hit by Ransomware Attack

Permalink - Posted on 2021-07-06 15:00

A utility that provides power in rural southeastern Alabama said it was hit by a ransomware attack that means customers temporarily can’t access their account information. Wiregrass Electric Cooperative, which serves about 22,000 members, said no data was compromised in the attack. But member account information and payment systems were taken offline for maintenance and as a precaution, it said in a statement.


Healthcare Ransomware Attack Targets Practice Management Vendor

Permalink - Posted on 2021-07-06 15:00

Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII. The hacker attempted to deploy ransomware and successfully copied files from Practicefirst’s system that contained patient and employee PII. The information, later deleted, contained birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers.


Official Formula 1 App Hacked

Permalink - Posted on 2021-07-06 15:00

Racing fans around the globe received some unexpected and very strange push notifications from the official Formula 1 app over the July Fourth weekend. It’s believed the notifications were linked to a targeted cyber attack.


British Airways Settles with Data Breach Victims

Permalink - Posted on 2021-07-06 15:00

Compensation is to be paid to thousands of victims of a large-scale data breach at British Airways (BA). A legal claim was filed against the airline over a security incident that began in June 2018. Data belonging to around 420,000 people was compromised in a cyber-attack that went undetected for more than two months. Between June 22 and September 5, 2018, a malicious actor gained access to an internal BA application through the use of compromised credentials for a Citrix remote access gateway. The breach impacted personal data belonging to British Airways staff and to its customers in the United Kingdom, in the EU, and in the rest of the world. Magecart, a form of digital skimming code, was used by the attacker to collect and steal payment card information, names, and addresses. An investigation by the Information Commissioner's Office (ICO) found the security measures put in place by British Airways to protect the vast quantities of personal data being processed were inadequate.


Brits Lose Over £1 Biillon in Fraud So Far This Year

Permalink - Posted on 2021-07-06 15:00

Brits have lost over £1bn to fraud and cybercrime in the first six months of 2021, according to money.co.uk’s latest Quarterly Fraud and Cyber Crime Report. The analysis revealed that 81,018 fraud and cybercrime-related police reports were issued in Q2 2021, with UK residents experiencing a total loss of £382.3m due to these crimes. Interestingly, this represents a significant decrease compared with Q1 2021, when there were 137,695 reports. The personal finance advisory firm believes this decline is due to the easing of COVID-19 lockdown restrictions in Q2, as this reduced online activities. However, financial losses per average victim were £176 higher in Q2 compared to Q1, at £4719. The most common type of fraud and cybercrime in Q2 was related to online shopping and auctions, comprising one in five police reports (14,868). Victims lost a total of £11.9m to these types of activities.


Up to 1,500 Businesses Affected by Ransomware Attack

Permalink - Posted on 2021-07-06 15:00

Between 800 and 1,500 businesses around the world have been affected by a ransomware attack centered on U.S. information technology firm Kaseya, its chief executive said on Monday. Fred Voccola, the Florida-based company's CEO, said in an interview that it was hard to estimate the precise impact of Friday's attack because those hit were mainly customers of Kaseya's customers.


Leaked Infrastructure Secrets Costs Companies an Average of $1.2 Million in Revenue Annually

Permalink - Posted on 2021-07-06 15:00

In pursuit of these accelerated timelines, developers frequently have to choose between rapidity and security. They leave infrastructure secrets like API tokens, SSH keys, and private certificates in config files or next to source code in order to have easier access. But they are not always aware of the fact that the easier it is for them to access these secrets, the easier it is for cybercriminals to do the same. As specified by the leader in enterprise password management 1Password’s report dubbed “Hiding in Plain Sight“, companies are losing an average of $1.2 million every year because of leaked information, which researchers at the company called “secrets.”


1 in 4 Employees Say They Still Have Access to Accounts from Past Jobs

Permalink - Posted on 2021-07-06 15:00

A survey of more than 1,000 professionals reveals that most think their work password practices are secure, but the reality of the situation is anything but. Nearly half admit to password sharing, more than a third say they write their passwords on paper, and one in four said they still have access to accounts from past jobs. The survey, performed by passwordless security company Beyond Identity, suggests a need for businesses to tighten up their password policies, but with an important caveat: Making the process too laborious for employees means that they'll just find a way to circumvent the rules. With 45.6% of respondents saying they believe strict password policies hamper productivity, there's a good reason to ensure a balance is struck.


Northwestern Memorial HealthCare and Renown Health Affected by Elekta Cyber Attack

Permalink - Posted on 2021-07-02 16:00

Chicago, IL-based Northwestern Memorial HealthCare and Reno, NV-based Renown Health have been affected by a cyberattack on one of their business associates. The data breach was discovered by Stockholm-based Elekta, which provides a software platform used for clinical radiotherapy treatment for cancer and brain disorders. Elekta issued a statement confirming its first-generation cloud-based storage system was accessed by unauthorized individuals, which affected a subset of customers in North America.


Kaseya Supply Chain Attack Delivers Mass Ransomware Event to U.S. Companies

Permalink - Posted on 2021-07-02 16:00

Kaseya VSA is a commonly used solution by MSPs — Managed Service Providers — in the United States and United Kingdom, which helps them manage their client systems. Kaseya’s website claims they have over 40,000 customers. Now, an apparent auto update in the product has delivered REvil ransomware. By design, it has administrator rights down to client systems — which means that Managed Service Providers who are infected then infect their client’s systems.


South Africa: Data Breach Hits Major Insurance Player QSure

Permalink - Posted on 2021-07-02 16:00

QSure, a big player in South Africa’s insurance industry, has been hit by a data breach in which bank account numbers and other sensitive information were compromised by a third party. The company would not say how many records were exposed through the breach, only that the incident is “still being investigated”.


Norwegian DPA: Oslo University Hospital Ordered to Amend Data Handling Agreements

Permalink - Posted on 2021-07-02 16:00

The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries.


Leaked Data Costing Organizations an Average of $1.2 million per Year

Permalink - Posted on 2021-07-02 16:00

Organizations are losing millions of dollars in revenue each year due to leaked infrastructure code, credentials and keys, according to a new report from 1Password. 1Password's report "Hiding in Plain Sight" said that on average, enterprises lose an average of $1.2 million each year due to leaked details, which researchers at the company called "secrets." Researchers found that IT and DevOps workers leave infrastructure secrets like API tokens, SSH keys, and private certificates in config files or next to source code for easy access and to make things move faster. The report features analysis from 1Password researchers as well as an April 2021 survey of 500 IT and DevOps workers in the US. For 10% of respondents who experienced secret leakage, their company lost more than $5 million. More than 60% of respondents said their organizations have dealt with secrets leakage. In addition to the money lost, 40% said their organizations suffered from brand reputation damage and 29% said clients were lost due to the consequences of secrets that had been leaked. According to the report and accompanying survey, 65% of IT and DevOps employees say their company has more than 500 secrets, with almost 20% saying they have more than they can count.


ACH Data Security Rule Takes Effect

Permalink - Posted on 2021-07-02 16:00

A new Automated Clearing House (ACH) data security rule to protect electronically stored sensitive financial information has come into force in the United States. As of June 30, the ACH Security Framework now requires large, non-financial-institution (Non-Fi) originators, third-party service providers (TPSPs) and third-party senders (TPSs) to protect deposit account information by rendering it unreadable when it is stored electronically. First introduced in April 2020, the new rule specifically applies to entities sending payments (ACH originators) and third parties that process in excess of six million ACH payments per year. Account numbers used for any ACH payment, whether consumer or corporate, are impacted by the new rule.


Smart Home Experiences Over 12,000 Cyber Attacks in a Week

Permalink - Posted on 2021-07-02 16:00

'WHich?' consumer group partnered with NCC Group and the Global Cyber Alliance (GCA) to conduct the experiment, in which a home was filled with numerous IoT devices, including TVs, thermostats and smart security systems. They then analyzed the number of attempted hacks that took place over several weeks. Which? revealed a “breathtaking” amount of hacks and unknown scanning attacks targeting these devices, rising to 12,807 unique scans/hacks during a single week in June. In this week, the most common method used was attempting to log in to the devices through weak default usernames and passwords, such as ‘admin.’ There was a total of 2435 specific attempts to maliciously log into devices in this way, equating to 14 per hour.


Spanish Telecom Giant MasMovil Hit by Revil Ransomware Gang

Permalink - Posted on 2021-07-02 16:00

Spain’s 4th largest telecom operator MasMovil Ibercom or MasMovil is the latest victim of the infamous Revil ransomware gang (aka Sodinokibi) On its official blog accessible via Tor browser, as seen by Hackread.com, the ransomware operator claims to have “downloaded databases and other important data” belonging to the telecom giant. As proof of its hack, the group has also shared screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM, and OCU, etc.


U.S. Insurance Giant AJG Reports Data Breach After Ransomware Attack

Permalink - Posted on 2021-07-02 16:00

Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September. "Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020," AJG said. As one of the largest insurance brokers in the world, AJG has over 33,300 employees and its operations span 49 countries. The company is also ranked 429 on the Fortune 500 list, and it reportedly provides insurance services to customers from more than 150 countries.


Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web

Permalink - Posted on 2021-07-01 16:00

The VPN provider known as LimeVPN has been hit with a hack affecting 69,400 user records, according to researchers. A hacker claims to have stolen the company’s entire customer database before knocking its website offline (Threatpost confirmed that as of press time, the website was down). The stolen records consist of user names, passwords in plain text, IP addresses and billing information, according to PrivacySharks. Researchers added the attack also included public and private keys of LimeVPN users.


Netherlands: De Mandemakers Group; "Despite Adequate Security" Still a Victim

Permalink - Posted on 2021-07-01 16:00

Kitchen and furniture seller De Mandemakers Groep (DMG) has fallen victim to hackers. They managed to block a large part of the IT systems. DMG has reported the incident to the police and reported the incident to the Dutch Data Protection Authority.


Microsoft finds Netgear Router Bugs Enabling Corporate Breaches

Permalink - Posted on 2021-07-01 16:00

Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks. The security flaws impact DGN2200v1 series routers running firmware versions before v1.0.0.60 and compatible with all major DSL Internet service providers. They allow unauthenticated attackers to access unpatched routers' management pages via authentication bypass, gain access to secrets stored on the device, and derive saved router credentials using a cryptographic side-channel attack. The three bugs "can compromise a network's security—opening the gates for attackers to roam untethered through an entire organization," Microsoft 365 Defender Research Team's Jonathan Bar Or explains. The security issues were discovered by Microsoft's researchers while reviewing Microsoft Defender for Endpoint's new device discovery fingerprinting capabilities after noticing that a DGN2200v1 router's management port was being accessed by another device on the network.


Florida: SWFL Inmates Filing Lawsuit After Data Breach

Permalink - Posted on 2021-07-01 16:00

Hacked. That was the headline back in April when it came to the 20th judicial Public Defender's Office. A document on the agency's website, says private information linked to more than half a million staff members and clients was potentially exposed. The notice encourages those who may have been caught up in that cyberattack, to put a fraud alert on their credit and monitor it carefully. But for 19 inmates, in the Lee and Collier county jails, that notice isn't good enough. "The data breach has caused major problems and we don't know the extent of it," said Reuben Mitchell, who is currently being detained in the Lee County Jail. "We've actually filed a civil class action lawsuit through the federal court system," said Wade Wilson, who is currently being detained in the Lee County Jail. Wilson is accused of murdering two women in Cape Coral in the summer of 2019. Police found Kristine Melton and Diane Ruiz dead within days of each other. Now, he and that group of inmates are working to sue the Public Defender's Office, the State Attorney's Office, Attorney General Ashley Moody, and governor Ron DeSantis as a result of the hack. Documents from a federal court show that the inmates are seeking 5 million dollars in damages per person, lifetime credit, and identity protection, mental health counseling and more.


Japan Airport Refueling Co. Discloses Ransomware Incident; Refueling Work Not Impacted

Permalink - Posted on 2021-07-01 16:00

Investigation confirmed that it was a ransomware attack, and the company received a ransom demand to decrypt data on the server, but there seemed to be no mention that any data was exfiltrated. Details as to the type of ransomware and types of data potentially compromised were not disclosed.


Indian Tech. Startup Exposed Byju's Student Data

Permalink - Posted on 2021-06-30 15:00

India-based technology startup Salesken.ai has secured an exposed server that was spilling private and sensitive data on one of its customers, Byju’s, an education technology giant and India’s most valuable startup. The server was left unprotected since at least June 14, according to historical data provided by Shodan, a search engine for exposed devices and databases. Because the server was without a password, anyone could access the data inside. Security researcher Anurag Sen found the exposed server, and asked TechCrunch for help in reporting it to the company.


Hackers Use Zero-Day to Mass-Wipe My Book Live Devices

Permalink - Posted on 2021-06-30 15:00

A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. After some users analyzed the device's logs, they found that on June 24th, a script called factoryRestore.sh was executed on their devices, which wiped the device's files. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that while threat actors used this vulnerability in attacks against My Book Live devices, it was actually a different zero-day vulnerability responsible for the factory resets.


Bucks County, PA Behavioral Health and Substance Abuse Nonprofit Struck in Cyber Attack

Permalink - Posted on 2021-06-30 15:00

The records of an unspecified number of clients of an Upper Bucks County behavioral-health and substance abuse nonprofit, which serves the Lehigh Valley, might have been stolen as part of a ransomware attack on the agency earlier this year. Penn Foundation in West Rockhill Township said it informed clients Tuesday of the possible data breach via a letter from Wayne A. Mugrauer, its president and CEO.


Australia: Morningstar Data Breach Reveals KPMG Deal Maker Lists

Permalink - Posted on 2021-06-30 15:00

A software glitch has exposed the key companies garnering the interest of big four advisory group KPMG’s deal makers and restructuring experts. The flaw in an alert system, run by US financial research firm Morningstar, for ASX-listed companies meant third parties could even view project names KPMG had assigned. That included “Project Africa Comps” for some ASX-listed Australian debt collectors.


University Medical Center of Southern Nevada Attacked by REvil Threat Actors

Permalink - Posted on 2021-06-30 15:00

The University Medical Center of Southern Nevada, who proudly proclaims itself the official healthcare provider for the Vegas Golden Knights, has allegedly been the victim of a cyberattack by REvil (Sodinokibi) threat actors. DataBreaches.net sent three email inquiries today to the medical center, asking for a statement confirming or denying the claimed attack, and describing the scope or impact of it if they confirmed it. There has been no reply. The medical center, which is the only public, non-profit hospital in Clark County and operates the state’s only Level I Trauma Center, provides services to patients in four states within 10,000 square miles. As such, it is critical to the area in the case of any mass casualty event and any attack encrypting files or systems could potentially be disastrous.


Freshly Scraped LinkedIn Data of 88,000 U.S. Business Owners Shared Online

Permalink - Posted on 2021-06-30 15:00

About a week after scraped data from more than 700 million LinkedIn profiles were put for sale online, it seems that threat actors have no intention of stopping their abuse of the social media platform’s scrape-friendly systems. Hours ago, a 68MB JSON database containing LinkedIn data recently collected from 88,000 US business owners was shared on a popular hacker forum. According to the poster, the scrape targeted US business owners who have “changed job positions in [the] past 90 days.” The database includes full names, email addresses, workplace information, and other data points the owners publicly listed on their LinkedIn profiles. The archive was posted on the hacker forum for anyone to access. While not highly sensitive, the data could still be used by threat actors to stage attacks against US business owners who the threat actors might see as being more affluent and potentially vulnerable to phishing and ransomware attacks.


U.K. Arm of International Charity the Salvation Army Hit by Ransomware Attack

Permalink - Posted on 2021-06-30 15:00

Criminals infected the Salvation Army in the UK with ransomware and siphoned the organisation's data, The Register has learned. A Salvation Army spokesperson confirmed the evangelical Christian church and charity was compromised, and said it alerted regulators in the UK. She told us: “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the Information Commissioner’s Office, are also in dialogue with our key partners and staff and are working to notify any other relevant third parties.” The Salvation Army refused to give any further information, such as the identity of the criminal attackers, or the volume and type of data accessed by the them. To date, nothing has emerged on known ransomware gang sites.


SolarWinds Hackers Remained Hidden in Denmark's Central Bank for Months

Permalink - Posted on 2021-06-30 15:00

The security breach is the result of the SolarWinds supply chain attack that was carried out by the Nobelium APT group (aka APT29, Cozy Bear, and The Dukes). The intrusion was revealed by the technology outlet Version2, which obtained official documents from the Danish central bank through a freedom of information request. “Some of the world’s most sophisticated hackers have had an IT backdoor at Danmarks Nationalbank for seven months. Danmarks Nationalbank itself cannot rule out that the suspected Russian state hackers have abused the back door to further compromise Danmarks Nationalbank.” states Version2. “It shows an access to documents that Version2 has received in the case. Access to the file states that Danmarks Nationalbank, which operates Denmark’s central financial infrastructure, was hit by the worldwide Solarwinds hacker attack back in December 2020.”


Zero Day Malware Reached an All-Time High of 74% in Q1 2021

Permalink - Posted on 2021-06-29 15:00

74% of threats detected in Q1 2021 were zero day malware – or those for which a signature-based antivirus solution did not detect at the time of the malware release – capable of circumventing conventional antivirus solutions, according to WatchGuard. More than 4 million network attacks were detected, a 21% increase compared to the previous quarter and the highest volume since early 2018. Corporate servers and assets on site are still high-value targets for attackers despite the shift to remote and hybrid work, so organizations must maintain perimeter security alongside user-focused protections.


Portugal: Cyber Attack on Hospital do Divino Espírito Santo Impacting Notification of COVID-19 Test Results

Permalink - Posted on 2021-06-29 15:00

The Hospital do Divino Espírito Santo de Ponta Delgada was hit with a cyberattack that was detected on June 24. As of today, the hospital is still working to recover from the attack while prioritizing notifying people who tested positive for COVID-19 in recent tests. Those who tested negative have experienced delays in notification. In an update today, SAPO reports that Clélio Meneses, the Secretary of Health of the Government of the Azores, acknowledged that there were delays in the disclosure of negative tests for COVID-19 in the region due to the cyberattack.


Italy: Muncipality of Cagliari Services Interrupted by Cyber Attack

Permalink - Posted on 2021-06-29 15:00

The Comune di Cagliari issued a notice on their web site on June 27 that a computer virus had reduced the functionality of its services, requiring extraordinary maintenance intervention. According to the notice, the impairment was also impacting services through call centers.


Bordeaux-Gironde Chamber of Commerce in France and Gerry Weber in Germany Hit by Cyber Attacks

Permalink - Posted on 2021-06-29 15:00

Chamber of Commerce and Industry (CCI) for Bordeaux-Gironde was the victim of a cyberattack on June 25. Officials refused to pay an unspecified ransom demand and filed a police complaint. Meanwhile in Germany, textile retail chain Gerry Weber was also the victim of a cyberattack. Business Insider reported that the clothing retailer’s IT system was paralyzed for more than a weekm with employees unable to work regularly because time recording or label printing no longer worked after the systems were shut down as a precautionary measure.


Kentucky Healthcare System Exposes Patients' PHI

Permalink - Posted on 2021-06-29 15:00

A healthcare system located in Kentucky is notifying more than 40,000 patients of an error that saw their personal health information (PHI) emailed to the wrong address. UofL Health, which is based in Louisville, consists of five hospitals, four medical centers, nearly 200 physician practice locations, more than 700 providers, the Frazier Rehab Institute and Brown Cancer Center. Earlier this month, the system notified the Health and Human Services Office for Civil Rights of an email security incident involving the unauthorized disclosure of data belonging to 42,465 individuals.


Four States Propose Laws to Ban Ransomware Payments

Permalink - Posted on 2021-06-29 15:00

In New York, Senate Bill S6806A "prohibits governmental entities, business entities, and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack." Another New York Senate bill, Senate Bill S6154, provides money so that local governments can upgrade their networks. But it also "restricts the use of taxpayer money in paying ransoms in response to ransomware attacks." New York stands alone in terms of barring private sector businesses from paying a ransom. Legislatures in North Carolina (House Bill 813), Pennsylvania (Senate Bill 726), and Texas (House Bill 3892) are all considering bills that would prohibit the use of state and local taxpayer money or other public money to pay a ransom payment. This public money prohibition would likely hamstring local governments from paying off ransomware attackers. Pennsylvania Republican State Senator Kristin Phillips-Hill tells CSO she introduced her “Safeguarding the Commonwealth from Ransomware Attacks” bill to discourage at least some ransomware attacks, those aimed at public agencies, by removing the attackers’ financial incentives. If cybercriminals are rewarded for their efforts, they will simply continue to launch ransomware attacks, she says. Phillips-Hill’s bill also aims to develop guidelines agencies should follow in beefing up their preparedness to respond to ransomware attacks. The bill, however, does not appropriate any funds to help agencies bolster their ransomware response capabilities.


Technology's Complexity and Opacity Threaten Critical Infrastructure Security

Permalink - Posted on 2021-06-29 15:00

The frantic scramble that occurred after the recent SolarWinds cyber incident, as companies and governments rushed to understand the extent of the incident and where the compromised software was installed, is an example of how little knowledge we have of what goes into our technology. And this isn't a new phenomenon. When the federal government banned Kaspersky software in 2017, agencies and companies were forced to spend thousands of hours combing through their technology stacks seeking the offending code because they didn't have visibility into what was in the software they use. Complexity in technology is only going to increase. As such, it's vital that end users can get more thorough information about what is (or isn't) in the technology they consume, and technology providers are held more accountable for the content of the technology they deliver to consumers.


Survey Data Reveals Gap in Americans' Security Awareness

Permalink - Posted on 2021-06-29 15:00

The survey from security firm Armis finds more than 21% of respondents have not heard about the May cyberattack on Colonial Pipeline, and 24% believe the attack on the largest fuel pipeline in the United States will not have any long-lasting effects on the nation's fuel industry. Almost half (45%) of working Americans had no knowledge of the attempted tampering of the local drinking water supply in Oldsmar, Florida earlier this year. As more organizations consider moving back to the office, Armis' data shows 71% of employees intend to bring their work-from-home devices with them. The survey also finds 54% of respondents don't believe their personal devices pose any security threat to their organization.


Data for 700M LinkedIn Users Posted for Sale in Cyber Underground

Permalink - Posted on 2021-06-29 15:00

Privacy Sharks examined the free sample and saw that the records include full names, gender, email addresses, phone numbers and industry information. It’s unclear what the origin of the data is – but the scraping of public profiles is a likely source. That was the engine behind the collection of 500 million LinkedIn records that went up for sale in April. It contained an “aggregation of data from a number of websites and companies” as well “publicly viewable member profile data,” LinkedIn said at the time.


Americans Lost $29.8 Billion to Phone Scams in the Past Year

Permalink - Posted on 2021-06-29 15:00

A study of U.S. residents has found that one in three say they've fallen victim to a phone scam in the past year, and 19% say they've been duped more than once. Totaling 59.4 million people, the money lost in the past year increased by 51% over last year for a total of $29.8 billion. The data, from caller ID and spam blocking app Truecaller and Harris Poll, paints a picture of Americans ripe for the picking by phone scammers and spammers who are only growing in number and effectiveness, despite 85% saying they only answer calls if they can identify the caller.


Cyber Security and Business Priorities Don't Appear to Be Aligning

Permalink - Posted on 2021-06-29 15:00

According to new data from LogRythm in their latest research, Security and the C-Suite: Making Security Priorities Business Priorities, you may find that many organizations are simply talking the talk, but not walking the walk. 60% of organizations believe the cybersecurity leader should report directly to the CEO because it would create greater awareness of security issues throughout the organization. And yet, on average, the cybersecurity leader is three levels away from reporting to the CEO, with only 7% of cybersecurity leaders actually reporting directly to the CEO; Only 23% of cybersecurity leaders have complete ownership over their budget, so they rely on senior leadership to assist with allocating needed budget. 63% of orgs say the budget is insufficient to invest in the right technologies, and yet 64% of cybersecurity leaders report to the board on the effectiveness and efficiency of security programs and measures. So the board knows, but isn’t allocating enough; Nearly half (46%) of all senior leadership have confidence that the cybersecurity leader understands the business goals, and yet, 54% of security leaders only report to the board either once annually or only when a security incident occurs.


SolarWinds Attack Cost Affected Companies an Average of $12 Million

Permalink - Posted on 2021-06-28 15:00

The good news is that security teams are beefing up network defenses, but the bad news is that most companies have recently suffered a cybersecurity incident that required a board meeting. That's the analysis from the 2021 Cybersecurity Impact Report from IronNet. The report is based on interviews with 473 security IT decision makers from the U.S., U.K. and Singapore who work in the technology, financial, public service and utilities sectors. The survey found that 90% of respondents said their security posture had improved over the last two years, but 86% suffered attacks severe enough to require a meeting of the companies' C-level executives or boards of directors.


Electronic Arts Ignored Domain Vulnerabilities for Months Despite Warnings and Breaches

Permalink - Posted on 2021-06-28 15:00

Gaming giant Electronic Arts is facing even more criticism from the cybersecurity industry after ignoring warnings from cybersecurity researchers in December 2020 that multiple vulnerabilities left the company severely exposed to hackers. Officials from Israeli cybersecurity firm Cyberpion approached EA late last year to inform them of multiple domains that could be subject to takeovers as well as misconfigured and potentially unknown assets alongside domains with misconfigured DNS records. But even after sending EA a detailed document about the problems and a proof of concept, Cyberpion co-founder Ori Engelberg told ZDNet that EA did nothing to address the issues.


Details of Over 200,000 Students Leaked in Cyber Attack

Permalink - Posted on 2021-06-28 15:00

A pro-Palestinian Malaysian hacker group known as "DragonForce" claimed that it hacked into AcadeME last week, stating "THE LARGEST AND MOST ADVANCED STUDENT AND GRADUATE RECRUITMENT NETWORK IN ISRAEL Hacked By DragonForce Malaysia" in a Telegram message on June 20. The group claimed that they leaked emails, passwords, first and last names, addresses and even phone numbers of students who were registered on AcadeME. DragonForce attacked screenshots of code, server addresses and a table including email addresses and names. The hackers leaked the details of about 280,000 students who used the service since 2014, May Brooks-Kempler from the Think Safe Cyber Facebook group told Israeli media. The AcadeME site was taken offline and listed as "unavailable" as of Monday morning. A notice which appears when attempting to access the site said the site "should be back soon."


HMRC-Branded Phishing Scams Up 87% in a Year

Permalink - Posted on 2021-06-28 15:00

There were 1.07m scam reports in 2020-21, up from 570,000 the previous year, according to data obtained by accountancy group Lanop Outsourcing under the Freedom of Information (FOI) Act. Reports of suspected SMS scams shot up 52 per cent, rising from 67,497 to 102,562 attacks. Email scams jumped by 109 per cent, rising from 301,170 to 630,193, and reports of phone call scams increased 66 per cent, from 203,362 to 336,767. Of the scams listed, the majority were tax rebate or refund scams which rose by 90 per cent from 363,118 and 690,522. In addition, voice scam attacks rose by 66 per cent, jumping from 203,362 to 336,767. HMRC also receives reports for the Driver and Vehicle Licensing Agency (DVLA) and acts on its behalf to initiate website takedowns. In 2019-20 there were 5,549 reports and a whopping 42,233 reports in 2020-21 – an increase of 661 per cent.


Facebook Pays $6.5 Million to End Fee Fight in Breach Case

Permalink - Posted on 2021-06-25 16:00

Facebook Inc. will pay $6.5 million to class counsel in a lawsuit that alleged the company’s negligence allowed hackers to obtain user information via software bugs, ending a dispute over attorneys’ fees. The parties reached an agreement prior to a hearing scheduled for Thursday, they told Judge William Alsup. The amount is described in a stipulation as “a material reduction from the total attorneys’ fees and litigation costs Plaintiff initially sought.” Stephen Adkins sued the social media giant in 2018, saying the personal identifying information of 50 million users was exposed “due to a flaw in Facebook’s code” that allowed hackers to take over user accounts. The company said the breach was made possible by a bug in the website’s “view as” feature, which was intended to increase user control over privacy. The parties reached a settlement in the underlying class suit under which Facebook agreed to make numerous new security enhancements. Under the terms of the deal, class counsel agreed it would seek no more than $16 million for attorneys’ fees. The court approved the settlement and class counsel sought $10.7 million in attorneys’ fees and $1.2 million in litigation expenses, but Facebook opposed that bid in March. Alsup, of the U.S. District Court for the Northern District of California, approved the $6.5 million agreement via a remote hearing after asking the parties about the finality of the deal and about payments to a special master. The deal resolves all disputes in the case, and the special master will be paid from the established settlement fund, the parties said.


My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks

Permalink - Posted on 2021-06-25 16:00

Western Digital’s My Book storage device is designed for consumers and businesses. It typically plugs into computers via USB. The specific model involved in the data-demolition incident is known as My Book Live: a model that uses an Ethernet cable to connect to a local network. Users can remotely access files and make configuration changes through Western Digital’s cloud infrastructure. Western Digital is blaming the remote wipes – which have happened even if the network-attached storage (NAS) devices are behind a firewall or router – on the exploitation of a remote command-execution (RCE) vulnerability.


Cloud Database Exposes 800M+ WordPress Users' Records

Permalink - Posted on 2021-06-25 16:00

A misconfigured cloud database exposed over 800 million records linked to WordPress users before its owner was notified, according to Website Planet. Security researcher Jeremiah Fowler explained that the trove was left online with no password protection by US hosting provider DreamHost. The 814 million records he found were traced back to the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In the 86GB database, there was purportedly admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps, and configuration and security information. Some of the leaked information was linked to users with .gov and .edu email addresses, Fowler claimed.


India: Technisanct Confirms 3.4 Million Customers Have Data Posted on Dark Web

Permalink - Posted on 2021-06-25 16:00

Kochi: Kochi-based cybersecurity and big data startup, Technisanct has disclosed serious data breach in a trading platform in India. Information of over 3.4 million customers were compromised. Personal Identifiable Information (PII) which includes name, customer ID, contact number, email ID, trade login ID, branch ID, city and country were leaked. The security breach was identified by Technisanct’s digital risk monitoring tool ‘Integrite’. The data of the customers has been kept for sale in a data-sharing platform. The information was published on June 15 and the incident was reported to CERT by Technisanct.


FBI Director Urges Companies Stop Paying Ransoms to Hackers

Permalink - Posted on 2021-06-25 16:00

FBI Director Chris Wray on Wednesday pleaded with public companies and other hacking victims to avoid paying ransom, saying he fears it will only embolden cyber criminals to ramp up future attacks. Wray said on Wednesday that the FBI is seeing increasingly sophisticated types of ransomware attacks and that cyber thieves have been demanding larger sums of money. He said companies and municipal governments who become victims of ransomware attacks should consider going to the FBI as soon as possible, and not wait.


Irish Ransomware Attack Recovery Cost Estimate: $600 Million

Permalink - Posted on 2021-06-25 16:00

The recovery costs for the May ransomware attack on Health Service Executive, Ireland's publicly funded healthcare system, is likely to total $600 million, says Paul Reid, HSE's director general. Reid provided the estimate at a Wednesday hearing of a health committee of the country's legislative body, Oireachtas. The hearing was held to get updates on the May 14 suspected Conti ransomware attack on Ireland's state-run health services provider, which severely affected its maternity hospitals across the country. At the hearing, Reid noted the immediate cost of recovery totaled $120 million. But further investments in replacing and upgrading the affected systems, and other expenses, would bring the total cost to an estimated $600 million. He predicted it would take months for HSE to fully recover from the attack.


Mercedes-Benz Data Breach Exposes SSNs, Credit Card Numbers

Permalink - Posted on 2021-06-25 16:00

Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. It appears the data breach exposed credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz customers and potential buyers.


74% of Q1 Malware Was Undetectable via Signature-Based Tools

Permalink - Posted on 2021-06-25 16:00

WatchGuard Technologies recently analyzed threat data collected from customer networks during the first quarter of 2021 and found 74% of threats detected were zero-day malware for which no anti-virus signatures were available at time of malware release. As a result, the malware was capable of bypassing signature-based threat detection tools and breaching enterprise systems. The level of zero-day malware detections in the first quarter was the highest WatchGuard has ever observed in a single quarter and completely eclipsed the volume of traditional threats, the security vendor said in a report this week.


Ransom Leak Sites Reveal 422% Annual Increase in Victims

Permalink - Posted on 2021-06-24 16:00

Over three-quarters of consumers and cybersecurity professionals want to see ransom payments made illegal, as new figures showed a triple-digit year-on-year increase in victim organizations. Mandiant claimed to have detected a 422% increase in victim organizations announced by ransomware groups on their leak sites between Q1 2020 and the first quarter of 2021. That amounted to over 600 European organizations, with those in manufacturing, legal and professional services and retail most affected. The new figures come as research from Talion revealed that 78% of UK consumers and 79% of security professionals believe payments to these groups should be banned by law. It’s an increasingly controversial area, with many commentators blaming cyber-insurance policies for effectively bankrolling threat groups and encouraging more malicious actors to join the fast-growing ransomware cybercrime industry.


Maximus Reports Breach Affecting 334,000 Medicaid Healthcare Providers

Permalink - Posted on 2021-06-24 16:00

Ohio Medicaid has announced that its data manager, Maximus Corp, has experienced a data breach in which the personal information of Medicaid healthcare providers has been compromised. Maximus is a global provider of government health data services. Through the provision of those services the company had been provided with the personal information of Medicaid healthcare providers. On May 19, 2021, Maximus discovered a server that contained personal information provided to the Ohio Department of Medicaid (ODM) or to a Managed Care Plan had been accessed by unauthorized individuals between May 17 and May 19, 2021.


Indiana: Westfield Clerk, Mayor Battle Over Spyware Installed on City Hall Computers

Permalink - Posted on 2021-06-24 16:00

Spyware was found on all of the computers in the Westfield clerk treasurer’s office, and now she and the mayor are battling in court about it. This particular software allows remote access to all the data stored in that office, which includes information for a dozen city bank accounts, and personal information for city employees and taxpayers. Cindy Gossard, Westfield’s clerk treasurer, says she never gave permission to anyone to install the software and she doesn’t know who has access to sensitive city information held by her office.


Zyxel Warns Customers of Attacks on Security Appliances

Permalink - Posted on 2021-06-24 16:00

Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled. In the letter sent to customers, a copy of which security researcher JAMESWT shared on Twitter, the company says that a sophisticated threat actor is targeting USG/ZyWALL, USG FLEX, ATP, and VPN series devices running on-premises ZLD firmware. Zyxel says that the company has launched an investigation into the attacks and that it is working to resolve the issue.


Disruption to Irish Health Service Will Continue for Months Due to Ransomware Attack

Permalink - Posted on 2021-06-24 16:00

Ireland's health service faces months of disruption as it continues to recover from a ransomware attack, the head of the Health Service Executive (HSE) has warned. HSE, which is responsible for healthcare and social services across Ireland, fell victim to what was described as a "significant" ransomware attack on 14 May. Due to the ongoing disruptions, HSE warns that emergency departments are very busy due to IT outages and significant delays are to be expected, while many X-ray appointments are being cancelled.


Most Third-Party Libraries Are Never Updated After Being Included in a Codebase

Permalink - Posted on 2021-06-24 16:00

79% percent of the time, third-party libraries are never updated by developers after being included in a codebase – despite the fact that more than two thirds of fixes are minor and non-disruptive to the functionality of even the most complex software applications, Veracode research reveals.


Fashion Titan French Connection Has Data Stolen After REvil-linked Ransomware Infection

Permalink - Posted on 2021-06-24 16:00

Cheeky clothing firm French Connection, also known as FCUK, has become the latest victim of ransomware, with a gang understood to be linked to REvil having penetrated its back-end - making off with a selection of private internal data. Passport and identification card scans seen by The Register have been used by the gang as proof-of-breach, covering a range of staff members - including founder and chief executive Marks, chief financial officer Lee Williams, and chief operating officer Neil Williams. In a statement to The Register French Connection confirmed it had "been the target of an organised cyber-attack affecting its back-end servers, which control its internal systems and operations."


Swedish COVID-19 Lab with Millions of Test Results Breached

Permalink - Posted on 2021-06-24 16:00

IT solutions provider from Sweden reported it had detected hackers peaking inside a database for COVID-19 test results. Over three million test results Unclear whether intruders took any information from the database. The targeted company, InfoSolutions, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions.


Healthcare Giant Grupo Fleury Hit by REvil Ransomware Attack

Permalink - Posted on 2021-06-24 16:00

Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline. While local media has received confirmation that the company has suffered a cyberattack, Grupo Fleury has not officially confirmed a ransomware attack. However, multiple cybersecurity sources have told BleepingComputer that Grupo Fleury suffered an attack by the ransomware operation known as REvil, also known as Sodinokibi.


Breach of Workforce West Virginia Job Seeker Database Reported

Permalink - Posted on 2021-06-24 16:00

An unauthorized individual accessed the Mid Atlantic Career Consortium Employment Services database, or “MACC” website, Workforce West Virginia announced Tuesday. Workforce says it learned of the breach on April 13, 2021 and ‘immediately took steps to secure the network.’ Workforce West Virginia reports that files were not downloaded, extracted or manipulated. A computer forensic firm hired to help determine what happened determined some personal information stored in the job seekers database was potentially accessible including name, address, phone number, date of birth, and Social Security number.


NFC Flaws Let Researchers Hack ATMs by Waving a Phone

Permalink - Posted on 2021-06-24 16:00

Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader—rather than swipe or insert it—to make a payment or extract money from a cash machine. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe. Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems' firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash—though that "jackpotting" hack only works in combination with additional bugs he says he's found in the ATMs' software. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors.


Tulsa, Oklahoma Hacked Data Now Posted for Sale on Dark Web

Permalink - Posted on 2021-06-23 16:00

Officials in Tulsa, Oklahoma, are warning residents their personal information may have been leaked to the dark web following a ransomware attack on the city last month. The city announced Tuesday that hackers obtained more than 18,000 city files. The leaked files are mostly police citations and internal department files, officials said in a press release. The documents could contain personal information, including a person's name, date of birth, address and driver's license number.


Hackers Leak 260,000 Accounts from Pakistani Music Streaming Site Patari

Permalink - Posted on 2021-06-23 16:00

Patari or Patari.pk, a Pakistani music streaming site has suffered a data breach in which its database containing personal data and login credentials of over 257,000 registered users has been leaked on English and Russian language hacker forums. The exact date of the data breach remains unknown however the database was dumped online on June 13th, 2021.


Data Breaches: Most Victims Unaware When Shown Evidence of Multiple Compromised Accounts

Permalink - Posted on 2021-06-23 16:00

In the first known study to ask participants about actual data breaches that impacted them, researchers from the U-M School of Information showed 413 people facts from up to three breaches that involved their own personal information. The international team from U-M, George Washington University and Karlsruhe Institute of Technology found people were not aware of 74% of the breaches.


Brazil: Medical Firm Fleury Hit by Cyber Attack

Permalink - Posted on 2021-06-23 16:00

Brazilian medical lab company Fleury SA (FLRY3.SA) said in a securities filing that a cyberattack had resulted in a partial outage of its information technology systems on Tuesday.


Nearly 10% of SMB Defense Contractors Show Evidence of Compromise

Permalink - Posted on 2021-06-23 16:00

More than half of SMB contractors in the US defense supply chain are critically vulnerable to ransomware attacks, a new report has claimed. Cybersecurity vendor BlueVoyant chose to analyze a representative sample of 300 smaller contractors from a defense industrial base (DIB) estimated to have anywhere from 100,000-300,000 suppliers. The resulting Defense Industry Supply Chain & Security 2021 review uncovered concerning signs of weaknesses in this complex ecosystem of contractors — potentially putting national security at risk. It found that over half of the companies studied had unsecured ports vulnerable to ransomware attacks. In contrast, 48% had vulnerable ports and other weaknesses, including unsecured data storage ports, out-of-date software and operating systems, and other vulnerabilities rated severe by NIST. Unpatched flaws were particularly concerning: more than six months after critical F5 and Microsoft Exchange vulnerabilities were published, nine companies were yet to fix them. A fifth (20%) of SMB contractors were found to have multiple vulnerabilities and evidence of targeting, while 7% also featured evidence of compromise. In total, BlueVoyant found evidence of over 1300 email security issues, more than 400 vulnerabilities, and 344 indications that suggest “company resources are involved in anomalous or criminal activity.” Perhaps unsurprisingly, over a quarter (28%) of appraised contractors showed evidence indicating they would fail to meet the most basic tier-1 requirement for the Cybersecurity Maturity Model Certification (CMMC). This is a critical compliance standard designed to improve security best practices among US defense contractors.


Prominence Health Plan Data Breach Impacts Up to 45,000 Individuals Associates

Permalink - Posted on 2021-06-23 16:00

The Nevada health insurer Prominence Health Plan has announced it suffered a security breach on November 30, 2020 in which hackers potentially obtained the protected health information of some of its plan members. The data breach was discovered on April 22, 2021 and steps were immediately taken to prevent further unauthorized access, including changing the credentials used by the attacker to gain access to its network. While Prominence Health Plan has not confirmed whether this was a ransomware attack, all affected plan member data has been restored from backups. The incident involved audio recordings of phone calls to the Prominence call center along with PDF files that included provider claim forms and letters to patients advising them about claim approvals and denials.


San Juan Regional Medical Center Data Breach Affects 68,792 Patients

Permalink - Posted on 2021-06-23 16:00

San Juan Regional Medical Center has recently notified tens of thousands of its patients about a security breach that occurred in the fall of 2020. The Farmington, NM medical center discovered its network had been accessed by an unauthorized individual on September 8, 2020. Prompt action was taken to prevent further unauthorized access and an investigation was launched to determine the nature and extent of the breach. The forensic investigation revealed the attacker exfiltrated files between September 7th and 8th, with a manual review of those files confirming they contained the protected health information of 68,792 patients. The types of information in the files varied from patient to patient and included names in combination with one or more of the following date elements: Dates of birth, Social Security numbers, driver’s license numbers, passport information, financial account numbers, health insurance information, diagnoses, treatment information, medical record numbers, and patient account numbers.


IT Leaders Say Cyber Security Funding Being Wasted on Remote Work Support

Permalink - Posted on 2021-06-23 16:00

IT leaders are taking issue with the amount of cybersecurity money their organizations are spending to support remote work, according to a new survey from JumpCloud. On Wednesday, the company released the findings of its 2021 State of the SME IT Admin Report, which featured the responses of 401 IT decision-makers at small and medium-sized enterprises from April. Those surveyed include managers, directors, vice presidents, and executives. More than 60% of respondents said their enterprise was paying "for more tooling than they need" to manage user identities, while another 56% said too much was being spent on enabling remote work. Respondents were more split on the top concerns, with 39% referencing software vulnerabilities, 37% expressing concern about reused usernames and passwords and 36% mentioning unsecured networks. Another 29% said device theft was also a concern.


Only 7% of Security Leaders Are Reporting to the CEO

Permalink - Posted on 2021-06-23 16:00

While 60% of organizations have experienced a cyberattack in the last two years and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO, a LogRhythm report reveals. Yet, 42% of respondents say the IT security leader should be the person most accountable for preventing or mitigating the consequences of a cyberattack.


BEC Losses Top $1.8B as Tactics Evolve

Permalink - Posted on 2021-06-23 16:00

Business email compromise (BEC) attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organizations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cybercriminals either impersonating someone inside an organization, or masquerading as a partner or vendor, bent on financial scamming. A new report from Cisco’s Talos Intelligence examined the tactics of some of the most dangerous BEC attacks observed in the wild in 2020, and reminded the security community that in addition to technology, smart users armed with a healthy skepticism of outside communications and the right questions to ask are the best line of defense.


Wolfe Eye Clinic Allows 500,000 Patient Records to Be Put at Risk After Hack

Permalink - Posted on 2021-06-23 16:00

The records of roughly 500,000 patients of an eye clinic with locations throughout Iowa may have been stolen as part of a ransomware attack on the business earlier this year. Wolfe Eye Clinic said Tuesday its computer network was attacked on Feb. 8 by hackers who demanded a ransom to unlock access to its systems, but the company didn’t pay the hackers. The company plans to notify affected patients that their information may have been stolen and offer them a year of credit monitoring and identity theft protection services.


Lawsuits Filed on Behalf of Scripps Health Patients in Cyber Attack

Permalink - Posted on 2021-06-23 16:00

A pair of lawsuits have been filed on behalf of former and current Scripps Health patients who allege their personal information may have been compromised during the recent ransomware attack on the San Diego-based health care system. The complaints filed Monday in San Diego federal court allege Scripps did not properly safeguard its patients' personal information stolen in last month's cyberattack, even though Scripps should have been "on notice" of the potential risk due to similar incidents occurring in the health care industry. Scripps said earlier this month that it was notifying more than 147,000 people that their personal information was affected, though the health care system said there has been no indication that any data was used to commit fraud.


Colonial Pipeline Sued for Gas Crisis from Ransomware Attack

Permalink - Posted on 2021-06-23 16:00

Colonial Pipeline Co. was sued by a gas station seeking to represent thousands more over the ransomware attack in May that paralyzed the U.S. East Coast’s flow of gasoline, diesel and jet fuel. EZ Mart 1 LLC, a two-pump station in Wilmington, North Carolina, buys its fuel from a distributor supplied by Colonial, according to a complaint filed Monday in federal court in Georgia. Colonial’s headquarters, in Alpharetta, is the site of the “control center” where the electronic ransom note was discovered, EZ Mart says in the lawsuit, in which it seeks to represent more than 11,000 gas stations and asks for unspecified monetary damages. The hack occurred “despite advance knowledge and warnings,” and in the lead-up to the attack Colonial “repeatedly ignored and rejected efforts by the applicable regulatory agency to meet with it so as to check on its cybersecurity,” EZ Mart alleges.


Cyber Attacks on Gaming Grew 340% in Pandemic

Permalink - Posted on 2021-06-23 16:00

Gaming faced the highest growth in cyberattacks during the pandemic, according to a report by Akamai Security Research. The report showed that “relentless” web application and credential stuffing attacks targeting gamers and gaming companies persisted throughout 2020, said Steve Ragan, Akamai security researcher and author of the “State of the Internet Security report,” in an interview with GamesBeat. Akamai provides solutions for protecting and delivering digital experiences. Today, it released research showing that cyberattack traffic targeting the video game industry grew more than any other industry during the COVID-19 pandemic. The report said the video game industry faced more than 240 million web application attacks in 2020, a 340% increase over 2019.


76% of IT Decision Makers More Vulnerable to Mobile Attacks Than Just a Year Ago

Permalink - Posted on 2021-06-22 15:00

53 percent of IT decision makers admitted that it’s not possible to be prepared for all the tactics and strategies used by attackers targeting mobile devices, a survey by Sapio Research reveals. Going one step further, 38 percent claimed that it’s impossible to keep up with the pace of these attacks. The survey also found that three quarters of IT decision makers believe their organizations are more vulnerable to mobile cyberattacks than ever before. It has become clear that it isn’t a matter of if, but a matter of when.


Average Time to Fix Critical Cyber Security Vulnerabilities is 205 Days

Permalink - Posted on 2021-06-22 15:00

More than 66% of all applications used by the utility sector had at least one exploitable vulnerability open throughout the year, according to the report. Setu Kulkarni, a vice president at WhiteHat Security, said over 60% of applications in the manufacturing industry also had a window of exposure of over 365 days.


U.S. SEC Probing SolarWinds Clients Over Cyber Breach Disclosures

Permalink - Posted on 2021-06-22 15:00

The U.S. Securities and Exchange Commission (SEC) has opened a probe into last year’s SolarWinds cyber breach, focusing on whether some companies failed to disclose that they had been affected by the unprecedented hack, two persons familiar with the investigation said on Monday. The SEC sent investigative letters late last week to a number of public issuers and investment firms seeking voluntary information on whether they had been victims of the hack and failed to disclose it, said the persons, speaking under the condition of anonymity to discuss confidential investigations. The agency is also seeking information on whether public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading. The agency is also looking at the policies at certain companies to assess whether they are designed to protect customer information, one of the people said.


Three-Quarters of SMBs Can't Repel Cyber Attacks

Permalink - Posted on 2021-06-22 15:00

Millions of the UK’s small businesses aren’t confident they can withstand a cyber-attack, with resources frequently diverted to other areas, according to new research from Arctic Wolf. The security operations vendor polled over 500 decision-makers in the UK working at firms with fewer than 250 employees to better understand their cyber challenges. It found that three-quarters (73%) believe their organization lacks the in-house expertise and capabilities to defend against cyber-attacks. The figure could amount to as many as 4.5 million of the UK’s SMBs, the vendor claimed. More than half (55%) of respondents said cybersecurity issues are regularly deprioritized in favor of other business goals. This is having a major impact on security operations (SecOps): two-fifths (39%) of respondents said their teams are overwhelmed by security alerts and a similar number (34%) don’t have time to investigate every alert. The findings chime with a recent Trend Micro study that revealed that over half of SecOps teams in global organizations are drowning in alerts and 55% aren’t confident in prioritizing and responding to them. As a result, 70% admitted feeling emotionally distressed by the continuous pressure. This can impact both productivity and staff churn at a time when it’s already difficult to fill key security analyst positions.


City of Liege, Belgium Hit by Ransomware

Permalink - Posted on 2021-06-22 15:00

Liege, the third biggest city in Belgium, has suffered today a ransomware attack that has disrupted the municipality’s IT network and online services. Following the attack, most of the city’s civil status and population services are down, Liege officials said on a status page today. Appointments for town halls, birth registration, wedding, and burial services have been canceled due to workers’ inability to access the city’s IT network. Online forms for event permits and paid parking are also down, officials said.


50% of Misconfigured Containers Hit by Botnets in Under an Hour

Permalink - Posted on 2021-06-22 15:00

Aqua Security on Monday reported that data it collected from honeypots protecting containers over a six-month period revealed that 50% of misconfigured Docker APIs are attacked by botnets within 56 minutes of being set up. According to the research, it takes five hours on average for the adversaries’ bots to scan a new honeypot. The fastest scan occurred after a few minutes, while the longest gap was 24 hours.


Most Organizations Would Pay in the Event of a Ransomware Attack

Permalink - Posted on 2021-06-21 16:00

Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would shell out funds in the event of an attack, according to a research from Harris Interactive. When asked how much money they would consider handing over, one in five respondents said they would consider paying 20 percent or more of their company’s annual revenue.


Only 50% of WA Government Entities Get a Pass Mark for Infosec

Permalink - Posted on 2021-06-21 16:00

The state's auditor-general is having her audits fall on deaf ears, with 42% of the WA government entities probed not addressing her previous findings and continuing to allow weaknesses on their IT systems.


Japan: Sports Club NAS and Concrete Manufacturer Ito Yogyo Both Report Ransomware Incidents

Permalink - Posted on 2021-06-21 16:00

Neither victim corporation identified the type of ransomware used, and Sports Club NAS specifically noted that they did not receive any ransom demand.


Texans Regret Opting into Power Plan That Remotely Raises Thermostat Temps

Permalink - Posted on 2021-06-21 16:00

Some Texas residents who opted into programs that remotely raise thermostat temperatures during heat waves regretted that decision last week. Power companies in multiple states offer promotions to enroll users into services that let the companies remotely adjust smart thermostats' temperatures by a few degrees when energy demand is high. These programs apparently worked as intended during a heat wave in which the Electric Reliability Council of Texas (ERCOT) requested that thermostats be set at 78°F (26°C) or higher to cut electricity use. But some residents who didn't realize what they'd signed up for were taken by surprise, according to local news reports.


Vermont Hospital Still Calculating Cost of Ransomware Attack

Permalink - Posted on 2021-06-21 16:00

Officials at Vermont’s largest hospital are still trying to determine the full financial impact of the cyberattack last October that knocked out computers affecting three hospitals in Vermont and three in New York. Scheduling and patient medical records were affected and some cancer patients faced delays in treatment. It took months for the University of Vermont Health Network to recover from the attack, estimated to cost upwards of $63 million. The network is insured for $30 million and officials are continuing to negotiate with the insurance companies, but the final cost will exceed the coverage, WCAX-TV reported.


Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light

Permalink - Posted on 2021-06-21 16:00

The Water Sector Coordinating Council last week announced a new cybersecurity report focusing on water and wastewater utilities in the United States. The release of the report coincided with news that a threat actor in January attempted to poison the water at a facility in the U.S. The organization in April surveyed 606 individuals working at water and wastewater utilities in the U.S. to get a better understanding of the sector in terms of cybersecurity. According to the report made public on June 17, 356 of respondents said they did not experience any IT security incident in the past year. Three respondents said they experienced 5 or more incidents and 83 reported 1-4 incidents in the last 12 months. When it comes to cyber incidents involving operational technology (OT) systems, 410 respondents reported no incidents, 25 said they experienced 1-4 incidents, and one organization admitted suffering 5 or more incidents.


Six Flags Settles for $36 Million in Privacy Violation Case

Permalink - Posted on 2021-06-21 16:00

Theme park operator Six Flags Great America has agreed to pay $36m to settle a class-action lawsuit concerning the gathering and collection of its customers' biometric data. Filed in Lake County, Illinois, the lawsuit alleges that the use of finger-scanning equipment used at Six Flags entry gates violated the Prairie State's Biometric Privacy Act. The act regulates how companies collect and use an individual's retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Under the law, which was passed in 2008, a company must obtain an individual's written consent before gathering and storing their biometric data. A company that violates the law must pay damages of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.


Fertility Clinic Discloses Data Breach Exposing Patient Info.

Permalink - Posted on 2021-06-21 16:00

In a data breach notification issued by both RBA and its affiliate MyEggBank, RBA states that they first learned that they were hit by a ransomware attack on April 16th, 2021, when "a file server containing embryology data was encrypted and therefore inaccessible." However, they believe the attackers first gained access to their systems on April 7th and a server containing health information on April 10th.


73% of Enterprises Suffer Security and Compliance Issues Due to Internal Misalignment

Permalink - Posted on 2021-06-18 17:00

According to Enterprise Management Associates (EMA) and BlueCat’s recently published research report, nearly 3 in 4 enterprises (73%) have suffered security or compliance issues in the past year as a direct result of collaboration challenges between the cloud and networking teams. Not only do a shocking 72% of enterprises struggle to realize the full benefits of their cloud investments, but survey respondents admitted to experiencing a long list of repercussions. In the past year alone: 89% experienced IT operations challenges, such as delayed application rollouts and poor user experience; 82% suffered business problems, such as customer churn and lost revenue; 73% of surveyed organizations suffered security or compliance issues, such as regulatory fines or data leaks.


Georgia: Savannah Hospital System Experiences Outage After Ransomware Attack

Permalink - Posted on 2021-06-18 17:00

The St. Joseph’s/Candler (SJ/C) hospital system in Savannah was the victim of a ransomware attack Thursday morning. WSAV spoke with a patient who says all computers went down around 4 a.m., and nurses have been forced to keep track of medications with a pen and paper. “They can’t see our MRIs — they can’t see our information. They have the medication in the drawers, thank God, but they have to enter it manually,” said the patient, who wished to remain anonymous. “They can’t go into the computer to find out what our meds are at what time.” SJ/C officials say they became aware of “suspicious network activity” Thursday morning and took steps to immediately isolate their systems and notify law enforcement. It’s unclear at this time if personal or health information was impacted.


San Juan Regional Medical Center Notifies 68,792 Patients of Cyber Security Breach

Permalink - Posted on 2021-06-18 17:00

On June 4, 2021, San Juan Regional Medical Center (“SJRMC”) in New Mexico posted a breach notice on their web site. The notice said that SJRMC had identified unauthorized access to their network on September 8, 2020. Their subsequent investigation revealed that the threat actor removed files from the server on September 7-8, 2020.


Wegmans Notifies Customers of Database Security Breach

Permalink - Posted on 2021-06-18 17:00

Wegmans is notifying its customers of a security breach of a database that stores customer information. A statement posted to the grocery chain's website explains that the cloud database was meant for internal use only, but, due to a "configuration problem," was left open to potential outside access. Wegmans says they were notified of the issue by a third-party security researcher in mid-April. The company says the database contains customer phone numbers, addresses, email addresses, Shopper's Club Card numbers, and passwords to Wegmans.com


Sweden: Medhelp Will Pay 12 Million SEK After the 1177 Leak

Permalink - Posted on 2021-06-18 17:00

SEK 12 million in penalty fees against the company Medhelp, half a million against the Stockholm Region and SEK 250,000 against each against Sörmland and Värmland. This is the outcome of the review made by the Privacy Protection Authority in the case of the millions of 1177 calls that were left unprotected on the internet.


Lightfoot, Franklin & White Notifies Clients of Ransomware Incident

Permalink - Posted on 2021-06-18 17:00

Lightfoot, Franklin & White, LLC is a law firm based in Birmingham, Alabama that handles commercial litigation, product liability, professional liability, white-collar criminal, and other legal matters. In a copy of a notification obtained by DataBreaches.net, they forthrightly informed affected clients that there had been a ransomware incident. The firm does not indicate who the threat actors were or how much ransom they paid.


Reproductive Biology Associates and My Egg Bank Notify 38,538 Patients of Ransomware Incident

Permalink - Posted on 2021-06-18 17:00

Reproductive Biology Associates and its affiliate My Egg Bank North America issued a breach notification involving a ransomware incident that impacted the Atlanta entities. According to the notification submitted to Maine’s Attorney General’s Office and similar statements posted on their web sites, the entities first became aware of a potential data incident on April 16, 2021 when they discovered that a file server containing embryology data was encrypted and therefore inaccessible. They report that they quickly determined that this was a ransomware attack. Based on their investigation, they believe the threat actor gained access to the system on April 7 and gained access to the server with ePHI on April 10. On June 7, they determined which individuals had been impacted.


Digital Convenience Leads to Lax Security Habits Among Users

Permalink - Posted on 2021-06-18 17:00

A new IBM global report examining consumer behaviors finds an average of 15 new online accounts were created and 82% are reusing the same credentials some of the time. The survey shed light on a variety of consumer behaviors impacting the cybersecurity landscape today and moving forward. As individuals increasingly embrace digital interactions in more aspects of their lives, the survey found that many also have high expectations for ease of access and use. Attention spans have also grown more limited. Most adults (59%) expect to spend less than 5 minutes setting up a new digital account, according to the survey.


Colorado Privacy Act Passed and Awaits State Governor's Signature

Permalink - Posted on 2021-06-18 17:00

Colorado has joined California and Virginia in passing a comprehensive data privacy law to protect state residents. It has taken several amendments to get the Colorado Privacy Act over the line, but the Act was finally passed unanimously by the state Senate on June 8, 2021 and now awaits the signature of state governor Jared Polis. The Colorado Privacy Act applies to all data controllers that conduct business in Colorado that control or process the personal data of 100,000 or more Colorado resident consumers in a calendar year or derive revenue or receive a discount on the price of goods or services from the sale of personal data and process or control the personal data of 25,000 or more Colorado resident consumers.


Connecticut Legislature Enhances Data Breach Notification Law

Permalink - Posted on 2021-06-18 17:00

The Connecticut legislature has enhanced its data breach notification law, expanding the definition of personal information and shortening the maximum time frame for issuing breach notifications. The new law brings the data breach notification requirements in the state of Connecticut in line with those of other states that have recently updated their own privacy and security laws. The new data breach notification law was unanimously passed by the House of Representatives and the Senate and now awaits state Governor Ned Lamont’s signature.


Amazon Web Services Misconfiguration Exposes Half a Million Cosmetics Customers

Permalink - Posted on 2021-06-18 17:00

Hundreds of thousands of retail customers had their personal data exposed thanks to a misconfigured cloud storage account, Infosecurity has learned. A research team at reviews site WizCase traced the leaky Amazon S3 bucket to popular Turkish beauty products firm Cosmolog Kozmetik. The 20GB trove contained around 9500 files, including thousands of Excel files which exposed the personal information of 567,000 unique users who bought items from the provider across multiple e-commerce platforms. Although the research team discovered no payment information, they did find customers’ full names, physical addresses and purchase details among the leaked orders. In some cases, phone numbers and emails were also exposed.


U.K.'s Cake Box Says Customers Informed About 2020 Data Breach

Permalink - Posted on 2021-06-18 17:00

UK-based cake maker and retailer Cake Box Holdings Plc said on Thursday it had informed customers about a data breach in 2020 that might have compromised their personal information.


Oklahoma Health System Driven to EHR Downtime Due to Ransomware

Permalink - Posted on 2021-06-18 17:00

Stillwater Medical Center was hit with a ransomware attack on June 13 and is currently operating under electronic health record downtime as it attempts to bring its systems back online. The health system operates a number of care sites, specialist offices, hospitals and clinics in Oklahoma. According to the health care provider, the IT team quickly moved to ensure the security of the environment after the incident impacted access to certain systems.


Ransomware: Too Many Firms Are Still Willing to Pay Up If Attacked

Permalink - Posted on 2021-06-18 17:00

Over half of organisations would pay the ransom if they fell victim to a ransomware attack – despite repeated warnings that they shouldn't encourage cyber criminal extortion. Research by the Neustar International Security Council (NISC) found that six in ten organisations would pay cyber criminals for the decryption key in the event of a ransomware attack, according to its survey of 300 workers in 'senior positions'. That's despite the likes of The White House, the UK Home Office, law enforcement and cybersecurity experts warning that paying the ransom should be avoided because it signals to ransomware operations that their extortion schemes work.


Most Firms Face Second Ransomware Attack After Paying Off First

Permalink - Posted on 2021-06-18 17:00

Some 80% of businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack, amongst which 46% believe it to be caused by the same attackers.


SEC Settles with First American Over Massive Data Leak for Nearly $500,000

Permalink - Posted on 2021-06-18 17:00

The Securities and Exchange Commission announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images. Under the terms of the deal, the heavyweight real estate title insurance company will pay a $487,616 fine. The SEC had charged the company with inadequately disclosing the cybersecurity vulnerability that exposed the information. The digitized records included things like Social Security numbers and bank account statements.


Gateley Suffers Data Breach Following Security Incidentnt

Permalink - Posted on 2021-06-18 17:00

UK listed law firm Gateley said that it has suffered a cyberattack, according to a filing to the London Stock Exchange on Wednesday. The firm said it was managing a ‘cyber security incident’ after discovering that its systems had been breached by a ‘now known external source’.


Carnival Cruise Line Reports Security Breach

Permalink - Posted on 2021-06-17 17:00

Cruise ship operator Carnival Corp. said this week it recently detected a breach of its systems and as a result, data belonging to customers and employees may have been exposed. According to multiple news reports, Carnival detected the intrusion in March and alerted regulators. The company hired a cybersecurity firm to assist with the investigation. Reports say personal information belonging to guests, employees, and crew for Carnival Cruise Line, Holland America Line, Princess Cruises and medical operations was affected.


SEIU 775 Benefits Group Data Breach Impacts 140,000 Individuals

Permalink - Posted on 2021-06-16 16:00

A benefits administrator for home healthcare and nursing home workers, Service Employees International Union 775 (SEIU 775) Benefits Group, has experienced a cyberattack that resulted in the deletion of sensitive data. IT staff detected anomalies within SEIU 775’s data systems on or around April 4, 2021, which included the deletion of certain data. An investigation was launched into the malicious activity, led by third-party cybersecurity experts and forensic consultants. The investigation confirmed that its systems had been hacked and the data of unknown individuals had been deleted, including personally identifiable and protected health information. While information was deleted, no evidence was found to indicate any PII or PHI was viewed or acquired by the attackers and there have been no reported cases of misuse of data.


Australia: UnitingCare Paid Hundreds of Thousands of Dollars to REvil for Decryption Key and Deletion of Files

Permalink - Posted on 2021-06-16 16:00

On April 25, UnitingCare Queensland (UCQ) was the victim of a ransomware attack that impacted multiple Queensland hospitals and aged care centres. The next day, they posted a notice on their web site informing people as to what was happening and its impact. But their subsequent (and most recent) update of June 10 provided no update on whether they had determined whether any patient, employee, customer, or vendor data was exfiltrated or compromised. Nor did they disclose whether UnitingCare paid any ransom demand. DataBreaches.net can now report that UnitedCaring has reason to believe that patient data and personal information were compromised. And this site can now report that UnitedCaring paid REvil ransom to get a decryption key and to get assurances that all files would be deleted. UnitedCaring did not pay as much ransom as the threat actors originally demanded, but they did pay hundreds of thousands of dollars.


Thai Government "Apologizes" for Data Leak

Permalink - Posted on 2021-06-16 16:00

The Thai government has released a statement apologising for the data leak on Monday which saw people who registered for a Covid vaccine have their personal information revealed. The government says there was a “temporary glitch” on the thailandintervac.com vaccination booking website and the error was because of “urgent system maintenance”. Soon after the website launched, multiple expats complained that they could see and edit the personal information of other people registering because the information appeared on the web page.


Over a Billion Records Belonging to CVS Health Exposed Online

Permalink - Posted on 2021-06-16 16:00

On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protected and had no form of authentication in place to prevent unauthorized entry. Upon examination of the database, the team found over one billion records that were connected to the US healthcare and pharmaceutical giant, which owns brands including CVS Pharmacy and Aetna. The database, 204GB in size, contained event and configuration data including production records of visitor IDs, session IDs, device access information -- such as whether visitors to the firm's domains used an iPhone or Android handset -- as well as what the team calls a "blueprint" of how the logging system operated from the backend.


Alibaba Falls Victim to Chinese Web Crawler in Large Data Leak

Permalink - Posted on 2021-06-16 16:00

A Chinese software developer trawled Alibaba Group Holding Ltd. ’s popular Taobao shopping website for eight months, clandestinely collecting more than 1.1 billion pieces of user information before Alibaba noticed the scraping, a Chinese court verdict said. The software developer began using web-crawling software he designed on Taobao’s site starting in November 2019, gathering information including user IDs, mobile-phone numbers and customer comments, according to a verdict released this month by a district court in China’s central Henan province. When Alibaba noticed the data leaks from Taobao, one of China’s most-visited online retail sites, the company informed the police, the court said. A spokeswoman said Alibaba proactively discovered and addressed the incident and was working with law enforcement to protect its users. She wouldn’t elaborate on how many people were affected. No user information was sold to a third party and no economic loss occurred, she said. About 925 million people use Alibaba’s Chinese retail platforms at least once a month, according to the company.


Texas Joins Other States with New Texas Data Breach Notification Requirement

Permalink - Posted on 2021-06-16 16:00

The Texas amendment may indicate a growing trend towards increased information sharing in an effort to prevent future data breaches. On the federal level, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has implemented several programs in the past year to promote information sharing and awareness.


Security Flaw Discovered In Peloton Equipment

Permalink - Posted on 2021-06-16 16:00

A vulnerability in the Peloton Bike+ could have allowed an attacker to remotely spy on users, McAfee's Advanced Threat Research (ATR) team found. The bug, which has already been addressed through a mandatory patch issued to affected devices worldwide, could have given an attacker remote root access to the Peloton tablet. Researchers note a threat actor would have required physical access to the equipment in order to take advantage of the flaw.


SEC Settles Enforcement Action for Disclosure Controls Violations Stemming from Data Security Incident

Permalink - Posted on 2021-06-15 17:00

The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security incident was the subject of the first set of charges brought by the New York Division of Financial Services (NYDFS) under its cybersecurity regulations in 2020, and involved an application vulnerability that allegedly exposed sensitive personal information dating back to 2003 and was first publicly reported in May 2019 by the media. The SEC’s settlement order relates to the issuer’s handling of its disclosures of the incident under federal securities laws, rather than the underlying vulnerabilities alleged by the NYDFS against the NYDFS-regulated covered entity in its charges under state financial regulations. The SEC imposed a fine of approximately $487,000 for violations of Rule 13a-15(a). The NYDFS has scheduled a hearing for August 16, 2021 regarding its original statement of charges, which the company has said it is fighting. The SEC order alleged disclosure controls and procedures violations under Rule 13a-15(a), which requires every issuer of a security registered under Section 12 of the Exchange Act to maintain disclosure controls and procedures designed to ensure that information required to be disclosed by an issuer is “recorded, processed, summarized, and reported” within the requisite time periods. Here, the Commission alleged that the company “did not have any disclosure controls and procedures related to cybersecurity, including incidents involving potential breaches of data.”


South Korea: HMM Email Systems Hit by Cyber Virus Attack

Permalink - Posted on 2021-06-15 17:00

South Korean shipping company HMM has confirmed its email systems continue to be impacted by a virus attack on 12 June.


Wisconsin: Menominee Casino Resort Temporarily Closes After Cyber Attack

Permalink - Posted on 2021-06-15 16:00

The Menominee Casino Resort confirms it’s experiencing technical difficulties following a cyberattack. A statement from the casino said the issues were caused by an “attempted external attack on our computer systems.” Tribal Legislature Chairman Gunnar Peters told NBC 26 the security breach happened Friday.


Colorado: Cedaredge Company Fned for Not Securing Customer Data

Permalink - Posted on 2021-06-15 16:00

A Cedaredge-based mobile home management company has been fined $25,000 for failing to secure its customers data. The Colorado Attorney General’s Office announced the fine and an agreement for Impact MHC to implement new data security measures after a 2018 data breach. According to a news release, the breach exposed sensitive information belonging to 15,000 people.


100% Increase in Daily DDoS Traffic in 2020 as Potential Grows for 10 Tbps Attack

Permalink - Posted on 2021-06-15 16:00

Nokia Deepfield has discovered a 100% increase in daily DDoS peak traffic between Jan 2020 and May 2021. Nokia's IP network and data analytics arm was able to conduct a fingerprint and origin analysis of network traffic through their work with global service providers, webscale companies and digital enterprises. Craig Labovitz, CTO of Nokia Deepfield, unveiled the findings of the global DDoS traffic analysis at NANOG82 this week. The analysis found that there has been a massive increase in high-bandwidth, volumetric DDoS attacks, the majority of which originate from just a few dozen hosting companies. Labovitz told ZDNet that conventional wisdom generally says that DDoS attacks originate from all over the Internet, and that DDoS is impossible to block at the source.


Nationally-Known Australian Company Lawyered Up to Resist ASD Help

Permalink - Posted on 2021-06-15 17:00

The hacked company resisted Australian Signals Directorate involvement for weeks, and accepted only generic advice. Three months later, they were reinfected.


IKEA Fined $1.2 Million for Spying on Employees

Permalink - Posted on 2021-06-15 17:00

Swedish furnishing conglomerate IKEA has been fined €1m ($1.2m) for illegally spying on its employees in France and storing their data. The fine was ordered by a French court on Tuesday after a criminal probe launched in 2012 found that IKEA France had created an elaborate "spying system" to snoop on staff and on customers who had opened disputes.


Ransomware Attacks Continue to Surge, Hitting a 93% Increase Year Over Year

Permalink - Posted on 2021-06-15 16:00

Year over year, since June 2020, the industry sectors that are currently experiencing the highest increase of ransomware attack attempts globally are Education, which saw a 347% increase, Transportation, which saw a 186% increase, then the Retail/Wholesale sector, which suffered a 162% increase, and then the Healthcare sector, which experienced a 159% increase since June 2020. From the beginning of 2021, the “Consultancy” domain saw a 126% rise in attacks, followed by the education/research sector that experienced an 81% increase in attacks, followed by the transportation & Government/military sectors that saw an 80% & 75% increase in attacks.


VPN Attacks Up Nearly 2000% as Companies Embrace a Hybrid Workplace

Permalink - Posted on 2021-06-15 16:00

In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN.


Microsoft: Scammers Bypass Office 365 MFA in BEC Attacks

Permalink - Posted on 2021-06-15 16:00

Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise (BEC) campaign. The attackers compromised their targets' mailboxes using phishing and exfiltrated sensitive info in emails matching forwarding rules, allowing them to gain access to messages relating to financial transactions.


Largest U.S. Propane Distributor Discloses Data Breach

Permalink - Posted on 2021-06-15 16:00

This month, AmeriGas has issued a data breach notification letter to the New Hampshire Attorney General's Office. The data breach, however, originated at J. J. Keller, a vendor responsible for providing Department of Transportation (DOT) compliance services to AmeriGas. These services include helping AmeriGas with conducting driving record checks, drug and alcohol testing for drivers, and other DOT-imposed regulatory checks. On May 10th, J. J. Keller detected suspicious activity on their systems associated with a company email account.


1 in 3 Employees Has Picked Up Bad Cyber Security Habits Since Working Remotely

Permalink - Posted on 2021-06-15 16:00

A new report from human layer security company Tessian reveals that most IT leaders (56%) believe their employees have picked up bad cybersecurity behaviors since working from home. As organizations make plans for the post-pandemic hybrid workforce, Tessian’s Back to Work Security Behaviors report reveals how security behaviors have shifted during the past year, the challenges as organizations transition to a hybrid work model, and why a fundamental shift in security priorities is required. According to the report, younger employees are most likely to admit they cut cybersecurity corners, with over half (51%) of 16-24 year olds and almost half (46%) of 25-34 year olds reporting they’ve used security workarounds. In addition, two in five (39%) say the cybersecurity behaviors they practice while working from home differ from those practiced in the office, with half admitting it’s because they feel they were being watched by IT departments. IT leaders are optimistic about the return to office, though, with 70% believing staff will more likely follow company security policies around data protection and privacy. However, only 57% of employees think the same.


Chip Shortages Lead to More Counterfeit Chips and Devices

Permalink - Posted on 2021-06-14 16:00

Beginning with the first Wuhan quarantine in January 2020, the COVID-19 pandemic hit the world from both sides of the law of supply and demand. Independent Distributors of Electronics Association (IDEA) founder Steve Calabria believes this two-fisted squeeze will spawn a surge in counterfeit electronics, with consequences for longevity and reliability of equipment built with substandard components. Calabria tells ZDNet that "worldwide shortages have opened the door for criminals to exploit the electronic component marketplace," adding that he's already seeing early signs of trouble. "Companies that have never been rated by any other company in the industry [are] showing significant quantities of parts that are in shortage."


Brazil: Macaé Municipality Points to Ransomware-Type Cyber Attack

Permalink - Posted on 2021-06-14 16:00

Macaé City Hall was the target of a cyber attack on the 3rd of June, the Corpus Christi holiday. Malware has hit network file servers, systems and databases. The Assistant Secretary of Science and Technology sent a memorandum to the Municipal Attorney General requesting that the necessary legal measures be taken. The document also requests that an incident report be made to the Police Office for the Repression of Computer Crimes (DRCI).


Irish Police to Be Given Powers Over Passwords

Permalink - Posted on 2021-06-14 16:00

Irish police will have the power to compel people to provide passwords for electronic devices when carrying out a search warrant under new legislation. The change is part of the Garda Síochána Bill published by Irish Justice Minister Heather Humphreys on Monday. Gardaí will also be required to make a written record of a stop and search. This will enable data to be collected so the effectiveness and use of the powers can be assessed.


54% of Senior Executives Struggling to Keep Up with Threat Landscape

Permalink - Posted on 2021-06-14 16:00

According to a new report by Fujitsu, more than half (54%) of senior executives have struggled to adapt security policies to changes in the threat landscape and working practices. The survey, which Fujitsu carried out in September 2020, provides further evidence that many organizations are at higher risk of cyber-attacks due to the shift to remote working during COVID-19, with cyber-criminals taking advantage of the rising number of connections and devices to target corporate systems. The findings also indicated that current cybersecurity training techniques are not suited to the current situation. Close to two-thirds (61%) of employees surveyed said they believe their security training is ineffective, while around three-quarters (74%) of non-technical staff do not find it engaging enough. Additionally, 32% thought their company’s training courses were too long, and 35% said it was too boring or technical. These feelings may be partly explained by many organizations having a standardized approach to cybersecurity training: 60% of senior executives surveyed for the study admitted that all employees in their business receive the same type of training irrespective of the type of function they perform. Senior executives also recognized a degree of apathy among their employees when it comes to cybersecurity, with 45% stating that most people in their organization believe this has nothing to do with them.


Puerto Rico: LUMA Energy Power Supply Disrupted After DDoS Attack

Permalink - Posted on 2021-06-14 16:00

The same day the blackout took place, the company announced that a major DDoS attack disrupted its online services.


Phishing Maintained Near-Record Levels in the First Quarter of 2021

Permalink - Posted on 2021-06-14 16:00

The number of reported phishing websites peaked in January 2021 with an all-time high of 245,771 before declining later in the quarter. Still, March suffered more than 200,00 such attacks, the fourth-worst month in APWG’s reporting history.


Baby Clothes Giant Carter's Leaks 410K Customer Records

Permalink - Posted on 2021-06-11 17:00

Baby clothes retailer Carter’s inadvertently exposed the personal data of hundreds of thousands of its customers, dating back years, according to a new disclosure. The issue started with Linc, which is a vendor the company used to automate purchases online, according to analysts with vpnMentor who first discovered the issue. The Linc system was delivering customers shortened URLs with Carter’s purchase and shipping details without basic security protections. The links contained everything from purchase details to tracking information and more.


REvil Hits U.S. Nuclear Weapons Contractor

Permalink - Posted on 2021-06-11 17:00

Sol Oriens, a subcontractor for the U.S. Department of Energy (DOE) that works on nuclear weapons with the National Nuclear Security Administration (NNSA), last month was hit by a cyberattack that experts say came from the relentless REvil ransomware-as-a-service (RaaS) gang. The Albuquerque, N.M. company’s website has been unreachable since at least June 3, but Sol Oriens officials confirmed to Fox News and to CNBC that the firm became aware of the breach sometime last month.


Five Rivers Health Centers Phishing Attack Affects Almost 156,000 Patients

Permalink - Posted on 2021-06-11 17:00

Ohio-based Five Rivers Health Centers has notified 155,748 patients that some of their protected health information was stored in email accounts that have been accessed by an unauthorized individual following a phishing attack. It is unclear when the breach was discovered, but Five Rivers Health Centers reports that following an extensive forensic investigation into the cyberattack and a manual document review, it discovered on March 31, 2021, that the breached email accounts contained patients’ personal and health information. The forensic investigation confirmed that the email accounts had been breached between April 1, 2020, and June 2, 2020. Notification letters were sent to affected patients on May 28, 2021 – More than a year after the first email accounts were breached.


Volkswagen America Discloses Data Breach Impacting 3.3 Million

Permalink - Posted on 2021-06-11 17:00

More than 3.3 million individuals were impacted in the incident. According to VWGoA, for “over 97% of the individuals, the exposed information consists solely of contact and vehicle information relating to Audi customers and interested buyers.” For roughly 90,000 Audi customers, or individuals interested in making a purchase, the leaked data also includes information on eligibility for a purchase, loan, or lease. In most cases (over 95%), this includes driver’s license numbers.


Arizona Asthma and Allergy Institute Provides Notice of Maze Attack in 2020

Permalink - Posted on 2021-06-11 17:00

An incident initially reported to HHS on May 3 has been updated to 70,372 patients from the initial report of 50,000. The following is the entity’s notice on their web site, and after you read it, I’ll meet you on the other side to explain it more, because they only discovered the breach when DataBreaches.net contacted them.


Cost of Ransomware Attack on Baltimore County Public Schools Climbs to $7.7M

Permalink - Posted on 2021-06-11 17:00

Baltimore County school officials estimate the ransomware attack in November will cost the system at least $7.7 million, nearing what Baltimore City spent following a similar attack in 2019. The estimated costs cover a wide range of programs, services, trainings and licenses that helped Maryland’s third-largest school system respond to and recover from the attack, which took place the day before Thanksgiving and canceled two days of online classes for 111,000 students.


Ohio: Five Rivers Health Centers Notified 155,748 Patients After Phishing Incident

Permalink - Posted on 2021-06-11 17:00

On May 28, Five Rivers Health Centers in Ohio notified HHS about a data security incident that impacted 155,748 patients. The following is their media notice, linked from the home page of their web site if you can find it (see attached, where I highlighted the location of the link on their home page). DataBreaches.net notes that they do not say when they first discovered the breach or how they discovered it.


DDoS Attacks Increase 341% Amid Pandemic

Permalink - Posted on 2021-06-11 17:00

During the pandemic, cyber attackers targeted industries providing connectivity, services and entertainment to populations forced to shelter-in-place, resulting in a 341% year-over-year increase in distributed denial-of-service (DDoS) attacks, according to Nexusguard.


Cox Media Group Hit by Major Cyber Attack

Permalink - Posted on 2021-06-11 17:00

According to two people familiar with the matter, Cox Media Group's television and radio stations in the US were the targets of a cyberattack last week, with some stations still suffering the consequences. According to one of the sources, federal law enforcement is investigating the attack. Staff at two stations say several systems are still down this week, including access to their digital video collection. Weather computers were also down at least two stations.


Food Service Supplier Edward Don Hit by a Ransomware Attack

Permalink - Posted on 2021-06-11 17:00

Edward Don has not publicly disclosed the attack at this time, but employees have stated that they cannot accept new orders until the systems are brought back online. As Edward Don is one of the leading distributors of food service supplies, this attack will cause a significant disruption in the supply chain for hospitals, restaurants, hotels, and bars.


Hackers Steal Data from McDonald's in U.S., South Korea and Taiwan

Permalink - Posted on 2021-06-11 17:00

McDonald's told U.S. employees in a message Friday that business contact information for U.S. employees and franchisees, as well as details about restaurants — such as seating capacity and the square footage of play areas — had been disclosed through the breach. In South Korea and Taiwan, hackers stole customer and employee emails, phone numbers, and addresses, McDonald's said.


Britian: Schools Forced to Shut Following Critical Ransomware Attack

Permalink - Posted on 2021-06-10 17:00

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police and the National Cyber Security Centre (NCSC). It revealed that on-premise servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables and registers were encrypted by the attackers, the decision was taken to close on Monday.


Humana and Cotiviti Facing Class Action Lawsuit Over Data Breach

Permalink - Posted on 2021-06-10 17:00

The Louisville, KY-based health insurance and healthcare provider Humana and its business associate Cotiviti are facing legal action over a data breach discovered in late December 2020. On May 26, 2021, a lawsuit was filed in the U.S. District Court for the Western District of Kentucky over the mishandling of Humana insurance plan members’ medical records. Humana had contracted with Cotiviti to handle medical records requests to send to the HHS’ Centers for Medicare and Medicaid Services (CMS). Cotiviti had subcontracted some of the work to Visionary Medical Systems Inc.


France: Camaïeu Retailer and Municipality of Pont-Saint-Esprit by Security Incidents

Permalink - Posted on 2021-06-10 17:00

Marc Grosclaude of La Voix du Nord reports that retailer Camaïeu was hit by a cyberattack that has left it with stocks running low and difficulty in replenishing stock with computer systems affected.


Arnoff Moving & Storage Data Breach Revealed Customer Information

Permalink - Posted on 2021-06-10 17:00

Arnoff Moving & Storage customers may have had their data stolen by hackers as part of a breach, the company said. The company could not say how many customers may have been impacted, how long ago the data may be from, or if the breach was limited to its regional Mid Hudson Valley branches. While the Poughkeepsie-based company serves Dutchess, Orange, Ulster and Putnam counties, it also has offices in the Capital region, western Connecticut and Massachusetts, and Florida, according to its site. The alleged hackers posted to a website what they claim are examples of the private information stolen, including forms that have names, contact information and credit card numbers.


South Korea's Data Watchdog Barks Warnings at Microsoft and Five Local Firms

Permalink - Posted on 2021-06-10 17:00

Microsoft and five other companies have received fines totaling US$75K from South Korea's Personal Information Protection Commission (PIPC), for running afoul of local data protection laws. The Commission fined Microsoft 16.4 million won (US$14,700) for failing to have protective measures on administrative accounts that led to the leak of over 119,000 email accounts, 144 of which belonged to South Korean residents. Furthermore, when Microsoft announced the leaks, it did so within 24 hours of the incident in English but not until 11 days later in Korean. The PPIC said Korean users should be notified in Korean. South Korean web giant company Kakao’s blockchain subsidiary Ground X and software company Innovation Academy were each handed 25 million won (US$22,400) in penalties for general privacy naughtiness. Ground X was slapped with an extra six million won (US$5,400) fine for not protecting passwords and Innovation Academy wore three million won (US$2,700) for a data leak.


54% of All Employees Reuse Passwords Across Multiple Work Accounts

Permalink - Posted on 2021-06-10 17:00

Data shows that since the start of the pandemic employees have been engaging in poor cybersecurity practices on work-issued devices, with business owners and C-level executives proving to be the worst culprits. At the same time, enterprises are falling short on cybersecurity best practices that need to be implemented for out-of-office environments. Less than a quarter of respondents admit to even implementing 2FA since the start of the pandemic and even then, many are using less secure and less user-friendly forms of 2FA like mobile authentication apps and SMS one-time passcodes. 54% of all employees use the same passwords across multiple work accounts. 22% of respondents still keep track of passwords by writing them down, including 41% of business owners and 32% of C-level executives. 42% of respondents admit to using work-issued devices for personal reasons daily while working from home. Of these, 29% are using work devices for banking and shopping, and 7% admit to watching illegal streaming services. Senior workers are among the biggest offenders, as 44% of business owners and 39% of C-level executives admit to performing personal tasks on work-issued devices every day since working from home, with 23% of business owners and 15% of C-level respondents using them for illegal streaming/watching TV. A year after the pandemic began and work-from-home policies were implemented, 37% of all employees across all sectors are yet to receive cybersecurity training to work from home, leaving businesses largely exposed to evolving risks. 43% of all employees suggest that cybersecurity isn’t the responsibility of the workforce, with 60% believing this should be handled by IT teams.


Meat Processor JBS Paid $11 Million in Ransom to Hackers

Permalink - Posted on 2021-06-10 17:00

The world’s largest meat processor said on Wednesday that it paid an $11 million ransom in Bitcoin to the hackers behind an attack that forced the shutdown last week of all the company’s U.S. beef plants and disrupted operations at poultry and pork plants. The company, JBS, said in a statement that the decision to pay the ransom was made to protect its data and hedge against risk for its customers. The company said most of its facilities were back up and running when the payment was made.


Hackers Breach Gaming Giant Electronic Arts, Steal Game Source Code

Permalink - Posted on 2021-06-10 17:00

Hackers have breached the network of gaming giant Electronic Arts (EA) and claim to have stolen roughly 750 GB of data, including game source code and debug tools. EA confirmed the data breach in a statement sent to BleepingComputer saying that this "was not a ransomware attack, that a limited amount of code and related tools were stolen, and we do not expect any impact to our games or our business." BleepingComputer spoke to the threat actor selling EA's data who claims to have stolen the full FIFA source, EA game clients, and points used as in-game currency.


Spain's Ministry of Labor and Social Economy Hit by Cyber Attack

Permalink - Posted on 2021-06-09 18:00

The Spanish Ministry of Labor and Social Economy (MITES) is working on restoring services after being hit by a cyberattack on Wednesday. While the ministry's website is still up after the attack, both the communications office and the multimedia room are down.


Settlement to Resolve Nebraska Medicine Data Breach Lawsuit Receives Preliminary Approval

Permalink - Posted on 2021-06-09 18:00

In September 2020, Nebraska Medicine and the University of Nebraska Medical Center discovered their systems had been hacked and malware had been downloaded to its network that gave hackers access to the protected health information of up to 219,000 individuals. The attack forced Nebraska Medicine to shut down its systems causing disruption to operations.


Taiwan Kadokawa Notifies Consumers While Responding to Ransomware Attack

Permalink - Posted on 2021-06-09 18:00

Taiwan Kadokawa Co, is part of the Kadokawa corporation group of companies. On June 3, they discovered they had been attacked. In a subsequent press release of June 4 and statement, they explained what appears to be a ransomware attack.


Humana Sued in Federal Court Over Apparent Data Breach

Permalink - Posted on 2021-06-09 18:00

A Humana Inc. customer filed a class-action lawsuit in federal court against the Louisville-based health insurance and health care provider. The suit, filed in the U.S. District Court for the Western District of Kentucky, alleges that a company called Visionary Medical Systems Inc. mishandled sensitive patient data, exposing the data to public access on the internet.


SmartSearch Issues Warning Over Risk of GDPR Breach

Permalink - Posted on 2021-06-09 18:00

Anti-money laundering specialist SmartSearch said regulated businesses in the housing chain which are relying on manual customer records risk non-compliance more than three years after the GDPR laws came into force in the UK. John Dobson, CEO at SmartSearch explained even after this time had lapsed a lot of firms did not have procedures in place to protect customer details. This, he said, had been exacerbated with the disruption caused by the coronavirus outbreak.


MoviePass Operators Settle Data Security Allegations

Permalink - Posted on 2021-06-08 17:00

The operators of subscription service MoviePass have agreed to settle Federal Trade Commission allegations of fraud and data security failures. Under the proposed settlement, MoviePass, Helios, former MoviePass CEO Mitchell Lowe, and former Helios CEO Theodore Farnsworth will be barred from misrepresenting their business and data security practices. The order also states that any businesses controlled by MoviePass, Helios, or Lowe must implement comprehensive information security programs.


Third-Party Phishing Attack Affects Up to 34,862 Lafourche Medical Group Patients

Permalink - Posted on 2021-06-08 17:00

Lafourche Medical Group, a Louisiana-based urgent care center operator, has notified 34,862 patients about a security breach that potentially involved some of their protected health information. On March 30, 2021, Lafourche Medical Group learned that an external accountant had responded to a phishing email that spoofed one of the owners of Lafourche Medical Group and disclosed login credentials to the attacker. The compromised credentials were used to gain access to the group’s Microsoft 365 environment.


Texas Passes Bill Establishing "Wall of Shame" for Data Breaches

Permalink - Posted on 2021-06-08 17:00

On May 31, 2021, the Texas Legislature approved House Bill 3746, which seeks to amend the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a breach of security of computerized data. Notably, the bill directs the Texas attorney general to post on its website a public listing of received data security breach notifications (for any breach involving at least 250 Texas residents) and then update the listing on a monthly basis.


Germany: Pearl Tkes Online Shop Offline After Cyber Attack

Permalink - Posted on 2021-06-08 17:00

On June 5, 2021, the IT systems of Pearl GmbH were attacked by hackers who had access to servers and virtual machines,” writes the company from Buggingen in Baden-Württemberg, without giving any information on whether it was on the extorted train of a ransomware attack.


Unauthorized Access Accounts for 43% of All Breaches Globally

Permalink - Posted on 2021-06-08 17:00

There has been a 450% surge in breaches containing usernames and passwords globally, according to a ForgeRock report. Researchers also found unauthorized access was the leading cause of breaches for the third consecutive year, increasing year-over-year for the past two years, accounting for 43% of all breaches in 2020.


F.B.I. Investigates Cyber Attack That Targeted N.Y.C. Law Department

Permalink - Posted on 2021-06-08 17:00

An early clue that something was amiss with the computers at New York City’s Law Department — the 1,000-lawyer agency that represents the city in court — emerged on Monday when a lawyer for the department wrote to a federal judge in Manhattan, asking for a short delay in filing court papers because of “connectivity” problems. “No one is currently able to log on to the Law Department’s computer system,” the lawyer, Katherine J. Weall, wrote. Later in the day, city officials revealed the cause of the problem: They had been forced to disable the Law Department’s computer network on Sunday afternoon after detecting a cyberattack. That attack is now under investigation by the intelligence bureau of the New York Police Department and the F.B.I.’s cyber task force, the officials said.


Largest Password Compilation of All Time Leaked Online with 8.4 Billion Entries

Permalink - Posted on 2021-06-08 17:00

What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches. According to the post author, all passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords. However, after running our own tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries.


Ransomware Struck Another Pipeline Firm — and 70GB of Data Leaked

Permalink - Posted on 2021-06-08 17:00

A group identifying itself as Xing Team last month posted to its dark web site a collection of files stolen from LineStar Integrity Services, a Houston-based company that sells auditing, compliance, maintenance, and technology services to pipeline customers. The data, first spotted online by the WikiLeaks-style transparency group Distributed Denial of Secrets, or DDoSecrets, includes 73,500 emails, accounting files, contracts, and other business documents, around 19 GB of software code and data, and 10 GB of human resources files that includes scans of employee driver's licenses and Social Security cards.


Computer Memory Maker ADATA Hit by Ragnar Locker Ransomware

Permalink - Posted on 2021-06-08 17:00

The Taiwanese memory manufacturer took down all impacted systems after detecting the attack and notified all relevant international authorities of the incident to help track down the attackers. "ADATA was hit by a ransomware attack on May 23rd, 2021," the company told BleepingComputer in an email statement today.


California City Hid Cyber Attack

Permalink - Posted on 2021-06-07 16:00

A California city whose police department recently revealed it had been victimized by cyber-criminals has now acknowledged it suffered an earlier cyber-attack in 2018. Azusa's 63-officer police department was targeted by the DoppelPaymer ransomware gang late last winter. The attack was kept secret while officials worked with the FBI, Los Angeles County Sheriff’s Department, and ransomware consultants to try to retrieve hundreds of highly sensitive files encrypted in the incident. In April, a stash of the department's documents was leaked online after the city elected not to pay the ransom demanded by the gang. Among the information leaked were criminal case files and payroll data containing Social Security numbers, driver’s license numbers, medical information, and financial account information. The city finally publicly acknowledged the hack on May 27 to coincide with the start of Memorial Day weekend, when America's attention typically flits away from the news cycle and toward outdoor social activities and honoring the fallen.


Australia: NSW Health Confirms Data Breached Due to Accellion Vulnerability

Permalink - Posted on 2021-06-07 16:00

The NSW Police Force and Cyber Security NSW have set up Strike Force Martine to determine the impact on NSW government agencies that were caught up in the attack on Accellion.


Australians Lose Record Amount to Scams in 2020

Permalink - Posted on 2021-06-07 16:00

Australians lost a record $851 million to scams in 2020, according to a new report from the Australian Competition and Consumer Commission (ACCC). Investment scams accounted for the biggest losses at $328 million, making up more than a third of total losses. Romance scams were the next biggest category, costing Australians $131 million, while payment redirection scams resulted in $128 million of losses. Meanwhile, health and medical scams increased more than 20-fold compared to 2019, accounting for over $3.9 million in losses. Phishing activity also thrived during the pandemic, especially through government impersonation scams. There were over 44,000 reports of phishing scams, representing a 75% increase.


U.S. Truck and Military Vehicle Maker Navistar Discloses Data Breach

Permalink - Posted on 2021-06-07 16:00

Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered on May 20, 2021. The company disclosed the attack in an 8-K report filed with the Securities and Exchange Commission (SEC) on Monday.


Phishing Trends Show X-Rated Themes Have Skyrocketed 974%

Permalink - Posted on 2021-06-07 16:00

“Between May 2020 and April 2021, the number of such attacks increased 974%,” the researchers write. “These attacks reach across a broad spectrum of industries and appear to target based on male-sounding usernames in company email addresses.” The researchers note that in addition to stealing information, the attackers can also return to blackmail victims.


U.K. Special Forces Soldiers' Personal Data was Floating Around WhatsApp in a Leaked Army Spreadsheet

Permalink - Posted on 2021-06-04 17:00

An astonishing data security blunder saw the personal data of Special Forces soldiers circulating around WhatsApp in a leaked British Army spreadsheet. The document, seen by The Register, contained details of all 1,182 British soldiers recently promoted from corporal to sergeant – including those in sensitive units such as the Special Air Service, Special Boat Service and the Special Reconnaissance Regiment. Special Forces soldiers’ identities are supposed to be protected from public disclosure in case terrorists target them or their families. Yet yesterday an Excel file was freely being passed around on WhatsApp groups after being leaked from inside the Ministry of Defence.


UF Health Florida Hospitals Back to Pen and Paper After Cyber Attack

Permalink - Posted on 2021-06-04 17:00

UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network. While UF Health would not shed further light on the attack, Villages-News reports that the hospitals were affected by a ransomware attack that has forced employees to switch back to pen and paper.


Britian: Retailer Furniture Village Confirms Cyber Attack as Systems Outage Rolls into Day 7

Permalink - Posted on 2021-06-04 17:00

Furniture Village – the UK's largest independent furniture retailer with 54 stores nationwide – has been hit by a "cyber-attack", the company confirmed to The Register. Details are still sketchy, but it emerged late last week that some of the retailer’s internal systems had been taken offline. Although its website remains up and running, this is not the case for the back end. The problems emerged last weekend on 29 May when Furniture Village admitted it was experiencing "technical issues" and it was unable to answer calls. This is still the case at the time of publication, 6 days later. By Wednesday, Furniture Village revealed it was “still experiencing technical issues with [its] internal systems” and that the team was working to resolve them as quickly as possible. These included delivery systems, phone systems, and according to customers, payment mechanisms.


Live Streams Go Down Across Cox Radio & TV Stations in Apparent Ransomware Attack

Permalink - Posted on 2021-06-04 17:00

Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, have gone down earlier today in what multiple sources have described as a ransomware attack.


Ireland's Health Service Remains Significantly Disrupted Weeks After Attack

Permalink - Posted on 2021-06-04 17:00

HSE doesn't expect health services to return to normal for "a number of weeks" as it continues to deal with the fallout of the ransomware attack against critical IT infrastructure.


Diverse Six-Justice Majority Rejects Broad Reading of Computer-Fraud Law

Permalink - Posted on 2021-06-04 17:00

The Supreme Court’s decision on Thursday in Van Buren v. United States provides the court’s first serious look at one of the most important criminal statutes involving computer-related crime, the federal Computer Fraud and Abuse Act. Justice Amy Coney Barrett’s opinion for a majority 0f six firmly rejected the broad reading of that statute that the Department of Justice has pressed in recent years. Among other things, the CFAA criminalizes conduct that “exceeds authorized access” of a computer. Crucially, the statute defines that term as meaning “to access a computer with authorization and to use such access to obtain … information … that the accesser is not entitled so to obtain.” The question in Van Buren was whether users violate that statute by accessing information for improper purposes or instead whether users violate the statute only if they access information they were not entitled to obtain. In this case, for example, a Georgia police officer named Nathan Van Buren took a bribe to run a license-plate check. He was entitled to run license-plate checks, but not for illicit purposes. The lower courts upheld a conviction under the CFAA (because he was not entitled to check license-plate records for private purposes). The Supreme Court disagreed, adopting the narrower reading of the CFAA, under which it is a crime only if users access information they were not entitled to obtain.


11th Circuit Upholds Historic $380 Million Equifax Data Breach Settlement

Permalink - Posted on 2021-06-04 17:00

A three-judge panel for the 11th Circuit on Thursday upheld the largest-ever U.S. class action settlement over a consumer data breach, rejecting a bevy of challenges to the $380 million deal. Finalized in January 2020, the settlement compensates U.S. consumers whose personal information was exposed in a cyberattack on the credit bureau Equifax. The breach compromised an estimated 147 million people’s data, including social security numbers and addresses. The deal is supposed to provide up to $20,000 per person for out-of-pocket losses linked to the breach. Other benefits for affected consumers include credit monitoring, identity protection services, as well as reimbursement for time spent addressing identity theft concerns. The settlement benefits will not be distributed, however, until court proceedings are complete. Rehearing petitions and other legal action by those objecting to the settlement could hold up the distribution for months. An extended claims submission period is scheduled to last through January 22, 2024.


Dutch Pizza Chain Discloses Breach After Hacker Tries to Extort Company

Permalink - Posted on 2021-06-04 17:00

New York Pizza, one of the largest pizza restaurant chains in the Netherlands, has disclosed today a security breach after a hacker tried to extort the company over the weekend. “Last Sunday night on Monday morning we received some emails from a hacker,” the company said in a statement published on its website. “This hacker claimed he stole a large amount of customer data from New York Pizza and threatened to publish or sell it.” New York Pizza said they believe the hacker got its hands on the data of approximately 3.9 million users, a number that represents around 22% of the Netherlands’ entire population.


75.9% of Stolen Data in Breaches Involve Personal Information

Permalink - Posted on 2021-06-04 17:00

An in-depth analysis of more than 100 of the largest data breaches in the past decade by Imperva Research Labs reveals a bleak and troubling reality. Not only has there been a greater number and higher frequency of breaches over the last decade, but the vast majority of that data –- 75.9% — can be classified as PII. The rise in both data breaches and the number of records compromised has been dramatic in recent years. Since 2017, the number of data breaches has increased more than 30% each year, with the number of records compromised per breach increasing more than 130% per year in that time.


Mobile, AL County Cyber Attack Shut Down Systems for 3 Days, Sparked Federal Investigation

Permalink - Posted on 2021-06-04 17:00

The attack was first reported by SuspectFile on May 31 after it appeared on the dark web leak site of threat actors calling themselves Pay or Grief (or Grief — this site STILL hasn’t gotten an answer from them as to their name). But on the leak site, they wrote: “The network of Mobile County, Alabama was screwed and now we have about 95 GB data from file servers, including internal company documents, personal and HR data. According to our rules we are publishing this data step by step in case if this company will keep silence.”


Risk and Compliance Firm Reports Breach of 47,035 Records

Permalink - Posted on 2021-06-04 17:00

The risk and compliance firm LogicGate has identified a security incident in which the protected health information of 47,035 individuals has potentially been compromised. LogicGate explained in breach notification letters that an unauthorized individual gained access to credentials for its Amazon Web Services cloud storage servers which are used to store backup files of customers that use its Risk Cloud platform.


DNS Attacks on the Rise, Costing $1 Million Each

Permalink - Posted on 2021-06-04 17:00

According to new research, cyber-attacks using DNS channels to steal data, DDoS victims, and deploy malware have grown in volume and cost throughout the pandemic. EfficientIP’s 2021 Global DNS Threat Report was compiled by IDC from interviews with 1,114 organizations across the world about their experiences of last year. It found that 87% of organizations suffered one or more DNS attack in 2020, up eight percentage points from 2019. On average, victims were hit 7.6 times at the cost of $950,000 per attack. The most common forms of attack were DNS phishing (49%), DNS-based malware (38%), DDoS (29%), DNS hijacking (27%), DNS tunnelling for command and control (24%), zero-day bugs (23%) and cloud misconfiguration abuse (23%).


Malware Will Sit for 83 Hours in an Employees Inbox Before Being Noticed

Permalink - Posted on 2021-06-03 17:00

Research finds that malicious emails spend an average of 83 hours in employees inboxes before being noticed. Barracuda researchers have found it takes, on average, three and half days (83 hours) from when a malicious email attack arrives in an employees inbox, to the point where it’s discovered by a security team or reported by the end-user and removed. The researchers analysed threat patterns and response practices across 3,500 organisations in the companies most recent Threat Spotlight, this month the focus was on analysing what happens after a malicious email manages to bypass an organisation’s security and land in a user’s inbox. They discovered that a medium-sized organisation of 1,100 users will experience around 15 email security incidents per month, and on average 10 employees will be impacted by each attack that finds its way through.


Malware-Related Attacks Jump by 54%

Permalink - Posted on 2021-06-03 17:00

Extensive analysis of cyberthreats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019. Medical institutions ranked first in ransomware attacks, Positive Technologies reports.


FUJIFILM Shuts Down Network After Suspected Ransomware Attack

Permalink - Posted on 2021-06-03 17:00

FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread. While FUJIFILM has not stated what ransomware group is responsible for the attack, Advanced Intel CEO Vitali Kremez has told BleepingComputer that FUJIFILM was infected with the Qbot trojan last month.


India: Average Ransomware Payment Exceeds $76,000USD for Each Attack

Permalink - Posted on 2021-06-03 17:00

The recovery cost from the impact of a ransomware attack tripled in the last year in India -- up from $1.1 million (over Rs 8 crore) in 2020 to $3.38 million (more than Rs 24.5 crore) in 2021 as the country topped the list of 30 countries worldwide for ransomware attacks, a new report said on Tuesday. The average ransom payment in India was $76,619 (over Rs 55 lakh). However, paying up often doesn't pay off as Indian organizations that paid the ransom got back, on average, 75 per cent of their data and only 4 per cent got all their data back, according to 'The State of Ransomware 2021' report by global cybersecurity leader Sophos. The findings showed that 67 per cent of Indian organizations whose data was encrypted paid a ransom to get back their data a slight increase on the previous year when 66 per cent paid a ransom.


Many CISOs Blame Cyber Attack Surge on Remote Working

Permalink - Posted on 2021-06-03 17:00

Cybersecurity professionals have seen a surge in cyberattacks in the past year, and many blamed the trend on more employees working from home due to the COVID-19 pandemic, according to a report published on Thursday by VMware. Roughly three-quarters of respondents reported seeing an increase in attacks in the past year, and 78% of them said it was due to remote working. Moreover, 79% of respondents said cyberattacks had become more sophisticated. Over 80% of organizations admitted being breached in the past year — on average, they experienced more than 2 breaches per year — and in more than 80% of cases the incident was serious enough to require reporting to regulators or the involvement of incident response teams. Furthermore, 75% of those that suffered an attack reported some sort of negative impact on reputation.


Banking Fraud Up 159% as Transactions Hit Pre-Pandemic Volumes

Permalink - Posted on 2021-06-02 17:00

Banking fraud attempts soared by 159% from the final three months of 2020 to Q1 2021 as scammers sought to hide their attack in legitimate online activity, according to Feedzai. Data used in the firm’s Financial Crime Report Q2 2021 Edition includes 12 billion global transactions between January-March 2021. The vast majority (93%) of banking fraud during the period, as always, was online. However, while telephone banking made up less than 1% of total transactions, Q1 2021 saw fraud attempts via this channel spike by a dramatic 728% from the previous quarter. The primary tactics cyber-criminals used to defraud banks and their customers include account takeover (42%), followed by new account fraud (23%), impersonation (21%), purchase scams (15%) and phishing (7%).


Teen Crashes Florida School District's Network

Permalink - Posted on 2021-06-02 17:00

A teenage boy from Florida is facing felony charges after carrying out a cyber-attack that knocked 145 schools offline last spring. The unnamed 17-year-old junior at St. Petersburg High School crashed the entire computer network of the Pinellas County School District in Florida by deploying a distributed denial-of-service (DDoS) attack. His actions caused all the schools in the district to lose internet access on March 22 and 23.


Scripps Notifying 147K People of Data Breach

Permalink - Posted on 2021-06-02 17:00

A California healthcare provider is informing more than 147,000 people that their personal data may have been exposed in a recent cyber-attack. Scripps Health, which operates five acute-care hospitals in San Diego, among other facilities, took most of its network offline after detecting a ransomware infection at the beginning of May. The San Diego–based nonprofit system suspended access to several applications, including MyScripps and scripps.org.


Ransomware Attack Hits Nantucket, Martha's Vineyard Ferry Service

Permalink - Posted on 2021-06-02 17:00

Passengers planning to make their way over to the islands of Martha’s Vineyard or Nantucket on Wednesday could see delays due to a ransomware attack, The Steamship Authority said Wednesday. The Steamship Authority is the largest ferry service to the Massachusetts Islands of Martha’s Vineyard and Nantucket from Cape Cod.


The M.T.A. Is Breached by Hackers as Cyber Attacks Surge

Permalink - Posted on 2021-06-02 17:00

A hacking group believed to have links to the Chinese government penetrated the Metropolitan Transportation Authority’s computer systems in April, exposing vulnerabilities in a vast transportation network that carries millions of people every day, according to an M.T.A. document that outlined the breach.


More Than 11,000 People's Personal Information Released in APD Data Leak

Permalink - Posted on 2021-06-02 17:00

Since 2019, 11,402 people have had their birth dates and driver’s license numbers published accidentally, due to a glitch in the Anchorage Police Department records system, the department announced Wednesday. APD said an employee discovered the issue with traffic collision report records in February. Normally, a computer automatically redacts that personal information in records before they are published online. Captain Sean Case said the department identified a simple reason why the records were going out unredacted. “For lack of a better word, there’s a toggle switch, there’s a box you check on that has the public traffic collision report redacted,” he said. “And that box or that toggle switch was unchecked.”


Breached Companies Facing Higher Interest Rates and Steeper Collateral Requirements

Permalink - Posted on 2021-06-02 17:00

Companies are now being penalized financially by banks for data breaches, according to a new study from the American Accounting Association. In a new report, titled "Do Banks Price Firms' Data Breaches?" the organization found that banks are punishing companies that lose customer financial account information or social security numbers through data breaches with substantially higher interest rates and steeper requirements for collateral and covenants. The researcher behind the report analyzed data on 1,081 bank loans to publicly traded companies from 2003 to 2016. Of the 1,081 bank loans, 587 went to companies that had dealt with a data breach and 494 went to companies that had not. Henry Huang, co-author of the study and an associate professor of accounting at Yeshiva University, said he wanted to find a way of quantifying the financial consequences of breaches. The researchers matched companies in similar industries to see whether those that had been breached saw differences in how banks dealt with them. The report showed a clear link between higher interest rates and data breaches, with those that suffered more disastrous breaches faced even tougher treatment from banks. But banks did make a distinction between the companies that had been hacked by criminal groups and those that had lost control of customer data through accidents or mistakes.


Exagrid Paid $2.6m to Conti Ransomware Attackers

Permalink - Posted on 2021-06-02 17:00

According to information obtained by LeMagIT, the ransom was paid in the form of 50.75 Bitcoins on May 13. The caving in to the ransomware attackers' demands became even more embarrassing when the backup appliance vendor accidentally deleted the decryption tool and had to request it again.


Battle for the Galaxy: 6 Million Gamers Hit by Data Leak

Permalink - Posted on 2021-06-02 17:00

A Chinese game developer has accidentally leaked nearly six million player profiles for the popular title Battle for the Galaxy after misconfiguring a cloud database, Infosecurity has learned. AMT Games, which has produced a string of mobile and social titles with tens of millions of downloads between them, exposed 1.5TB of data via an Elasticsearch server.


Model Sues Law Firm Over Data Breach

Permalink - Posted on 2021-06-01 17:00

A fashion model is suing Baltimore-based law firm Goldberg Segalla for allegedly exposing her personal data when filing records in a different data breach lawsuit. Stephanie Hoffman claims the firm leaked her information twice on the Public Access to Court Electronic Records (PACER) service, which provides electronic public access to federal court records. Goldberg Segalla is representing Hoffman's former modeling agency, Major Model Management Inc (MMMI), in an ongoing proposed class-action lawsuit concerning an alleged data breach. That suit, which was also brought by Hoffman, accuses MMMI of failing to adhere to state laws, industry standards and best practices when collecting and storing the personal information of the models it contracted with.


Cyber Attack Victims Being Blame for Rise in Ransomare for Depending on Insurance to Pay

Permalink - Posted on 2021-06-01 17:00

Companies relying on their cyber-insurance policies to pay off ransomware criminals are being blamed for a recent uptick in ransomware attacks. Ransomware victims are increasingly falling back on their cyber-insurance providers to pay the ransom when they’re hit with an extortion cyberattack. But security researchers warn that this approach can quickly become problematic.


20/20 Eye Care Network and Hearing Care Network Notify 3,253,822 Health Plan Members of Breach

Permalink - Posted on 2021-06-01 17:00

20/20 Eye Care Network, Inc. is a managed vision care company in Florida that offers administrative services to health plans. 20/20 Hearing Care Network expands those services into hearing care. On May 28, 20/20’s Chief Compliance Officer notified the Maine Attorney General’s Office of an incident in which their Amazon AWS S3 buckets were accessed and data deleted.


Swedish Health Agency Shuts Down SmiNet After Hacking Attempts

Permalink - Posted on 2021-06-01 17:00

The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country's infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening.


Mexican Government Data Published for Sale

Permalink - Posted on 2021-06-01 17:00

The leaked data has been presumably stolen from multiple e-mail accounts in the result of ATO/BEC and compromise of network resources belonging to several Mexican government agencies. It is hard to determine sensitivity and the end impact in the result of such leaks, but it is one of the elements of an extortion game used by the bad actors. Mexico is the major trading partner of the United States, the second-largest economy in Latin America and the 17th-largest exporter in the world. The number of cyber attacks in the region is significantly growing. In 2020, Mexico was one of the countries.


California: Azusa Police Reveal Ransomware Attack in March

Permalink - Posted on 2021-05-31 18:00

On March 17, the DoppelPaymer threat actors added Azusa Police Department in California to the leak site where they list ransomware victims who have refused to pay their ransom demands. On April 22, the threat actors increased the pressure on the department — or attempted to — by dumping some files as proof that they had accessed the system and exfiltrated data. The files included police records concerning investigations and police business such as patrol officers’ reports. There was also some financial and payroll-related information.


Nuclear Flash Cards: U.S. Secrets Exposed on Learning Apps

Permalink - Posted on 2021-05-31 18:00

US troops charged with guarding nuclear weapons in Europe used popular education websites to create flash cards, exposing their exact locations and top-secret security protocols, according to the investigative site Bellingcat Friday.


Food Giant JBS Foods Shuts Down Production After Cyber Attack

Permalink - Posted on 2021-05-31 18:00

JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack. The incident impacted multiple JBS production facilities worldwide over the weekend, including those from the United States, Australia, and Canada.


Healthcare Organizations Facing Higher Cyber Insurance Costs for Less Coverage

Permalink - Posted on 2021-05-28 17:00

The number of cyberattacks now being reported is higher than ever before. A couple of years ago, healthcare cyberattacks were being reported at a rate of one per day, but in 2021, there have been months where attacks have been reported at twice that rate. The severity of cyberattacks has also increased and the cost of responding to and recovering from cyberattacks is now much higher. The likelihood of a serious cyberattack occurring and the high costs of remediating such an attack have prompted many healthcare organizations to take out a cyber insurance policy to cover the cost.


Ransomware Attacks Affect Community Access Unlimited and CareSouth Carolina Patients

Permalink - Posted on 2021-05-28 17:00

Hartsville, SC-based CareSouth Carolina has notified 76,035 patients that some of their protected health information has potentially been compromised in a ransomware attack on its IT vendor, Netgain Technologies. CareSouth Carolina was informed by Netgain on January 14, 2021 that the company had experienced a ransomware attack in December 2020, and the attackers had access to servers containing patient data from late November, some of which was exfiltrated prior to the use of ransomware.


Germany: Waschbär Reports Cyber Attack

Permalink - Posted on 2021-05-28 17:00

A more detailed version follows from their May 26 statement: "On Wednesday afternoon, May 19th, 2021, our company was attacked by hackers who smuggled virus software into our IT system. Our IT experts reacted immediately and shut down all systems as a precaution for security reasons. We are currently gaining an overview of the situation and the associated consequences and are already working on possible solutions. We cannot yet say how long the problem will persist and when we can restore normal operation."


Philly Data Breach That Impacted Health Employee Emails Also Hit Other Departments

Permalink - Posted on 2021-05-28 17:00

The City of Philadelphia has released an update on an investigation into a data breach that left some employee email accounts accessible to unauthorized individuals. The incident, initially identified in March 2020, was the result of an employee’s email account that was exposed due to a phishing attack. The breach impacted people receiving services from the Department of Behavioral Health and Intellectual disAbility Services, as well as Community Behavioral Health, a nonprofit contracted by the city to administer the behavioral health Medicaid program, HealthChoices. The city’s investigation has revealed that the breach did impact other city employee emails in departments outside of DBHIDS, and that DBHIDS and CBH accounts were accessed without authorization between March 11 and Nov. 15, 2020. The investigation also showed that other city department emails were accessed from March 2020 to January 2021.


Application Security Not a Priority for Financial Services Institutions

Permalink - Posted on 2021-05-28 17:00

Contrast Security announced the findings of a report based on a comprehensive survey of development, operations, and security professionals and executives at enterprise-level financial services institutions. The report explores the state of application security at these organizations, and the findings indicate that the security of these applications – that have access and control over consumers’ finances – is not a priority or major concern for most of them.


Identity Crime Victims Struggling with Financial, Emotional and Physical Impacts

Permalink - Posted on 2021-05-28 17:00

Nearly 30 percent of people who contact the Identity Theft Resource Center (ITRC) are victims of more than one identity crime. Their latest study covers the 36 months from 2018-2020 and goes beyond the known financial implications of identity crimes and explores the emotional, physical and psychological impacts experienced by victims.


Klarna's Users Reveals Major Data Breach

Permalink - Posted on 2021-05-28 17:00

Klarna, a popular online payment company, was forced to temporarily shut down its service after complaints that users were being indiscriminately logged into other people's accounts.


CEFCO Allegedly Victim of Data Theft

Permalink - Posted on 2021-05-27 17:00

Hackers have posted 42 gigabytes of data allegedly stolen from CEFCO Convenience Stores on a website known as Marketo. The website indicates the stolen data includes “agreements, financial data, account lists, budget reports, NDAs and other interesting documents,” according to the post attached to the file online.


Lawsuit Alleges Colonial Pipeline Was Negligent in Recent Cyber Attack

Permalink - Posted on 2021-05-27 17:00

The lawsuit was filed May 18 in the U.S. District Court for the Northern District of Georgia, according to Bloomberg Law. Plaintiff Ramon Dickerson said the company breached its duty to employ industry security standards which resulted in system outages that harmed consumers by raising prices at the pump.


Japanese Ministries Confirm Impact from Fujitsu Data Breach

Permalink - Posted on 2021-05-27 17:00

On Wednesday, Japan’s Ministry of Foreign Affairs announced that it was impacted by the incident, saying that study material was stolen, and that some personally identifiable information might have been affected as well.


Data Breach at Canada Post

Permalink - Posted on 2021-05-27 17:00

Canada's primary postal operator, Canada Post, confirmed Wednesday that it has suffered a data breach. The security incident occurred following a cyber-attack on one of the Crown corporation's suppliers, Commport Communications, which provides electronic data interchange solutions. Commport Communications was hired by the postal service to manage the shipping manifest data of its large parcel business' customers. Following the cyber-attack, Canada Post has informed 44 of its commercial customers that data belonging to more than 950,000 customers has been compromised.


Number of Breached Records Soars 224% Annually

Permalink - Posted on 2021-05-27 17:00

The volume of compromised records globally has increased on average by 224% each year since 2017, according to new findings shared by Imperva. In light of the GDPR’s third anniversary this week, the data security firm crunched statistics on thousands of breaches over the past few years to better understand the evolving risk to businesses. There were more records reported as compromised in January 2021 alone (878 million) than for the whole of 2017 (826 million). Alongside the increase in this figure over the past four years, there’s been a 34% rise in the number of reported breaches over the period, and a 131% increase in average number of compromised records per incident, said Imperva security researcher, Ofir Shaty.


Scripps Health Still Grappling with Impact of May 1 Ransomware Attack

Permalink - Posted on 2021-05-27 17:00

The hospital chain has been forced to reschedule operations and is working to bring its electronic health record systems back online.


U.K. Police Suffered Thousands of Data Breaches in 2020

Permalink - Posted on 2021-05-26 17:00

There were over 2300 data breach incidents reported by just 22 of the UK’s police forces in 2020, according to new Freedom of Information data. VPNoverview requested information from the UK’s 45 police forces and received responses from 31. All told, the results revealed a national average of 299 data breaches per police station over the period dating from 2016 to the first four months of 2021. This included a combination of human error — for example, staff emailing sensitive information to the wrong recipient — and malicious third-party attacks.


NHS to Share Patient Data with Third Parties, Fueling Privacy and Security Fears

Permalink - Posted on 2021-05-26 17:00

NHS patient data in England will be shared with third parties for research and planning purposes, fueling concerns about privacy and security, it has been reported today. The Financial Times revealed that NHS Digital, which runs the health service’s IT systems, will create a database containing the medical records of around 55 million patients in England who are registered with a GP clinic. This includes sensitive data on mental and sexual health, criminal records and abuse. This information will subsequently be made available to academic and commercial third parties involved in research and planning, although no details on the types of organizations that will have access have been provided.


Rising Cyber Attacks in West Highlight Vulnerabilities

Permalink - Posted on 2021-05-26 17:00

A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution.


NZ: Volunteer Service Abroad Targetted by "Sophisticated" Ransomware Attack

Permalink - Posted on 2021-05-26 17:00

Ransomware attackers have targeted New Zealand’s largest volunteer agency working in international development. On Wednesday Volunteer Service Abroad (VSA) announced it had been the victim of a “sophisticated” ransomware attack. Last week Waikato District Health Board was brought to its knees by another attack. Chief executive Stephen Goodman​ said the non-governmental organisationwas hit last week, with attackers locking its computer systems and demanding a ransom.


Employee's Accidental Email Leads to a Significant Data Breach Ruling in Federal Appeals Court

Permalink - Posted on 2021-05-26 17:00

A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no indication of misuse or external disclosure. In McMorris v. Carlos Lopez & Associates, LLC, the 2nd Circuit Court of Appeals (hearing cases from New York, Connecticut, and Vermont) determined that the particular plaintiffs at issue did not have standing and that their mere fear of identity theft was insufficient for them to sustain a claim for relief. Importantly, however, the court set forth a three-part framework for how standing could be established in a similar situation.


Average Loss from Compromised Cloud Accounts Is More Than $500,000 a Year

Permalink - Posted on 2021-05-26 17:00

Average total annual financial loss for companies from compromised cloud accounts is more than $500,000, according to new research. The findings came from a survey of 600 IT and security professionals in the U.S. jointly produced by Proofpoint and the Ponemon Institute. The report also noted that 68% of respondents believe cloud account takeovers present a significant security risk to their organizations – and more than 50% indicated that the frequency and severity of cloud account compromises increased over the past year.


Japanese Government Offices Hacked

Permalink - Posted on 2021-05-26 17:00

Hackers have accessed information-sharing software developed by Japan's Fujitsu, resulting in data leaks from Japanese government offices. Fujitsu's ProjectWEB software is widely used by public offices and businesses. The hackers accessed the software at Narita Airport east of Tokyo and stole data on air traffic control, prompting the Cabinet Secretariat's national cybersecurity center to alert establishments that use the software. On Wednesday, the land, infrastructure and transport ministry reported that at least 76,000 email addresses of its employees and business partners were leaked, along with data on the ministry's internal mail and Internet settings. The cybersecurity center reported that data on the center's information system were stolen from several of its offices.


Court Finds GCHQ Breached Citizen's Privacy with Its Bulk Surveillance Regime

Permalink - Posted on 2021-05-26 17:00

The UK's intelligence agency was found to not have sufficient safeguards in place when performing bulk surveillance of civilians and, ultimately, breached the right to privacy.


Over 65% of Australians Across All Age Brackets Worry About Privacy in New Tech.

Permalink - Posted on 2021-05-25 17:00

Almost 70% of Australians, regardless of their age, are concerned about their privacy when using new technology, according to a survey conducted by the Australian Communications and Media Authority (ACMA). "Such deep immersion in the online world also brings with it a range of risks and challenges -- from privacy and security concerns to exposure to misinformation and disinformation, scams, online bullying, and other harms," ACMA said. This finding arose as part of two new reports that were released by ACMA on Tuesday. The first report provides data about the digital preferences of Australians aged 65 or over, while the second report looks at same type of data for Australians in the 18 to 34-year-old age bracket.


Zocdoc says "Programming Errors" Exposed Access to Patients' Data

Permalink - Posted on 2021-05-25 17:00

The New York-based company revealed the issue in a letter to the California attorney general’s office, which requires companies with more than 500 residents of the state affected by a security lapse or breach to disclose the incident. Zocdoc confirmed that around 7,600 users across the U.S. are impacted by the security incident. Zocdoc, which lets prospective patients book appointments with doctors and dentists, said that it gives each medical or dental practice usernames and passwords for its staff to access appointments made through Zocdoc, but that “programming errors” — essentially a software bug in Zocdoc’s own systems — “allowed some past or current practice staff members to access the provider portal after their usernames and passwords were intended to be removed, deleted or otherwise limited.”


Arizona: Phoenix Chiropractic Practice Offline After Ransomware Attack

Permalink - Posted on 2021-05-25 17:00

Spine & Disc Medical Center in Phoenix, Arizona is a chiropractic practice. They have apparently been the victims of a ransomware attack by Avaddon threat actors, who added them to their leak site and dumped some data as proof of claims.


France: Cyber Attack Against the ISERBA Group

Permalink - Posted on 2021-05-25 17:00

The ISERBA Group is a property maintenance firm (plumbing, heating, electricity, carpentry, etc.). An undated notice on their web site indicates that they have been the victim of a cyber attack. There does not seem to be any other news coverage or updates since then, so it seems to be a serious attack.


Clinical Laboratory Settles HIPAA Security Rule Violations with OCR for $25,000

Permalink - Posted on 2021-05-25 17:00

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced a settlement has been reached with Peachstate Health Management, LLC, dba AEON Clinical Laboratories as a result of multiple violations of the HIPAA Security Rule.


Bose Admits Ransomware Hit: Employee Data Accessed

Permalink - Posted on 2021-05-25 17:00

High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled “across Bose’s environment” and resulted in the possible exfiltration of employee data. The incident began on March 7, according to a disclosure letter sent to the Attorney General’s Office in New Hampshire, which kicked off a successful incident-response process, the company said. While the letter didn’t mention how much the ransom was, a company spokeswoman confirmed to media that Bose declined to pay up and instead was able to rely on its own resources to regain control of its environment.


Only Two-Fifths of U.K. Firms Report Data Breaches on Time

Permalink - Posted on 2021-05-25 17:00

It’s three years today since the GDPR was launched across Europe but UK businesses are still failing to meet some of its most basic reporting requirements, CrowdStrike has warned. The security vendor polled a sample of 500 UK business decision makers between April 30 and May 10 to better understand uptake of the legislation, and the Data Protection Act 2018, which applies its principles in UK law. Unfortunately, the poll found that just 42% of UK firms that have been breached report the incident to the regulator within 72 hours, as required by law. The study found a general lack of awareness and visibility elsewhere: 67% of respondents said they consider themselves “prepared” should they become a breach victim, but only around a third (36%) have actually readied specific protocols to deal with the fallout of such an incident. Over a fifth (22%) claimed they either don’t know or don’t think the GDPR applies to the UK following Brexit. What’s more, two-thirds of businesses either don’t know (41%) or underestimated (25%) the maximum amount the Information Commissioner’s Office (ICO) can fine erring companies: 4% of global annual turnover or £17 million, whichever is higher.


8.3 Million Plaintext Passwords Exposed in DailyQuiz Data Breach

Permalink - Posted on 2021-05-25 17:00

The personal details of 13 million DailyQuiz users have been leaked online earlier this year after a hacker breached the quiz builder’s database and stole its content, which he later put up for sale. The data, of which The Record has obtained copies from two different sources, contains details about 12.8 million users, including plaintext passwords, emails, and IP addresses for 8.3 million accounts. The stolen data has been sold on hacking forums and Telegram channels since January 2021 for a price of $2,000 paid in cryptocurrency, but leaked into the public domain this month, after it was exchanged through different data brokers, and eventually came into the hands of a security researcher, who shared it with The Record.


1.7 Million Customers' Data Likely Leaked from Japan Dating App Operator

Permalink - Posted on 2021-05-25 17:00

Japanese dating app operator Net Marketing Co. said Friday personal data of 1.71 million users, including names and face photos, was likely leaked due to unauthorized access to its server. The operator of the Omiai dating app said customer information provided to the company between January 2018 and last month might have been stolen, as its probe found its data server was hacked at least several times last month.


TPG Confirms Data on Dark Web Belongs to Its Customer

Permalink - Posted on 2021-05-24 16:00

TPG Telecom has confirmed that data freely available to download on the dark web belongs to one of its customers, following a cyber security breach of TPG’s servers in April. The 5 gigabyte download, available at no charge on at least one dark web site, comes from one of the customers of TPG’s TrustedCloud service, a cloud-hosting service which the company was already in the process of decommissioning when it was hacked on April 25, a TPG spokesperson told The Australian Financial Review.


England: Customers Hit as Ransomware Incident Blacks Out Doncaster Insurance F

Permalink - Posted on 2021-05-24 16:00

In 2018, the firm and Radford were fined more than £1 million for inadvertently spending £17.3m of client money on working capital and payments to directors. The Financial Conduct Authority fined the firm £684,000 for failing to arrange adequate protection for client money over nine years while Mr Radford was fined £468,600 after the FCA decided he ‘is not fit and proper to have any responsibility for client money or insurer money’… ‘on the basis of his lack of competence to perform such functions’. DarkSide reportedly demanded £15 million ransom to provide a decryptor key and not to publicly dump data.


India: Private Schools See Student Data Compromise Due to Gov't Mishandling of Database

Permalink - Posted on 2021-05-24 16:00

Private schools have complained of a data security breach by officials with the Department of Primary and Secondary Education, while student information was fed into the Unified District Information System for Education (UDISE+) database.


Amex Fined After Sending Over Four Million Spam Emails

Permalink - Posted on 2021-05-24 16:00

American Express is the latest big-name brand to receive a fine from the UK’s data protection regulator after spamming millions of customers. The Information Commissioner’s Office (ICO) fined American Express Services Europe (Amex) £90,000 after it sent over four million marketing emails to customers who did not want them. The ICO said it began its investigation after complaints from some of those customers, who claimed to have opted out of receiving the missives.


Cyber Insurance Premiums, Take-Up Rates Surge

Permalink - Posted on 2021-05-24 16:00

According to the GAO, cyber insurance adoption is picking up. The GAO found that the take-up rate for cyber insurance rose from 26% in 2016 to 47% in 2020. Along with that adoption, insurance brokers said that more frequent and severe cyberattacks have led to premium increases. The GAO said more than half of the respondents in its report saw prices go up 10% to 30% in late 2020. In addition, cyberattacks have led insurers to reduce coverage limits for some sectors including healthcare and education.


Hacker Leaks 180 Million India Domino's Pizza Customer Records

Permalink - Posted on 2021-05-24 16:00

In a major data leak, customer information related to 18 crore orders placed with Domino’s India have been made public by a hacker who claims to have breached the pizza major’s servers.


Bergen Logistics Left Databse Exposed

Permalink - Posted on 2021-05-24 16:00

Recently, the IT security researchers at Website Planet uncovered an exposed database belonging to Bergen Logistics that stored 467,979 records all relevant to their shipments and customers. This means that any clients that conducted business with Bergen or anyone who received a package from Bergen within the USA, could possibly be affected by this data leak.


Indonesia National Health Insurance Database Leaked

Permalink - Posted on 2021-05-24 16:00

Indonesia’s government has admitted to leaks of personal data from the agency that runs its national health insurance scheme. On May 20th Kominfo, Indonesia’s Ministry of Communication and Information Technology, acknowledged it was aware of a post on notorious stolen-data-mart Raidforums offering to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial (BPJS), an agency that runs national health insurance scheme Jaminan Kesehatan Nasional (JKN).


Boeing 747 Systems Compromised by Researchers

Permalink - Posted on 2021-05-24 16:00

Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It's an attack that's more of a curiosity than anything else: it's too difficult to pull off during an actual flight, and it's rare these days to see a 747 passenger service, anyway.


Cyber Insurance Firms Start Tapping Out as Ransomware Continues to Rise

Permalink - Posted on 2021-05-24 16:00

A global insurance carrier refuses to write new ransomware policies in France, while insurers rewrite policies. Are we heading toward a day when ransomware incidents become uninsurable?


Czech Republic: National Library Reports Outage Due to Cyber Attack

Permalink - Posted on 2021-05-21 17:00

Last month, DataBreaches.net reported an attack on the municipality of Olomouc in the Czech Republic. This month, we report an attack on Národní knihovna ČR, the national library of the Czech Republic. The library has not stated whether this was a ransomware incident or some other type of incident.


Toyota Admits to Twin Cyber Attacks

Permalink - Posted on 2021-05-21 17:00

Toyota has admitted to a pair of cyber-attacks. The first hit the European operations of its subsidiary Daihatsu Diesel Company, a Toyota-owned company entity that designs engines. In a statement [PDF] dated May 16th, Daihatsu said it “experienced a problem in accessing its file server in the internal system on 14 May 2021.” “After a brief investigation, a cyber-attack by an unauthorised access from a third party was confirmed as a cause of this issue,” the statement adds.


Sierra College Victim of Ransomware Incident

Permalink - Posted on 2021-05-21 17:00

"We are currently experiencing technical difficulties on the Sierra College website and some other online systems. This is the result of an external ransomware attack on our systems. We are working with law enforcement and third-party cybersecurity and forensic experts to investigate this incident, assess the potential impact, and bring our systems back online."


Tulsa Cyber Security Attack Similar to Pipeline Attack

Permalink - Posted on 2021-05-21 17:00

A cybersecurity attack on the city of Tulsa’s computer system was similar to an attack on the Colonial Pipeline and that the hacker is known, officials said Thursday. “I can’t share anything other than we know who did it,” Mayor G.T. Bynum said, adding that the city did not pay the hackers. “They wanted to talk with us about what (a ransom) would be for them not to announce (the attack) and we never engaged them.”


E-commerce Giant Suffers Major Data Breach in Codecov Incident

Permalink - Posted on 2021-05-21 17:00

E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. As earlier reported by BleepingComputer, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months. During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers' CI/CD environments. Using the credentials harvested from the tampered Bash Uploader, Codecov attackers reportedly breached hundreds of customer networks.


CNA Financial Paid $40 Million in Ransom After March Cyber Attack

Permalink - Posted on 2021-05-21 17:00

According to the two people familiar with the CNA attack, the company initially ignored the hackers’ demands while pursuing options to recover their files without engaging with the criminals. But within a week, the company decided to start negotiations with the hackers, who were demanding $60 million. Payment was made a week later, according to the people.


Air India Data Breach Impacts 4.5 Million Customers

Permalink - Posted on 2021-05-21 17:00

Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. The Indian national carrier first informed passengers that SITA was the victim of a cyberattack on March 19.


661 Fines Issued Snce GDPR Became Enforceable, Totaling €292 Million

Permalink - Posted on 2021-05-20 17:00

3 years since rolling out in May 2018, there have been 661 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine.


Update: Nocona General Hospital "Recently" Learned of a Breach

Permalink - Posted on 2021-05-20 17:00

According to its notification to HHS 3,254 patients were impacted. Letters were reportedly sent to them on April 30. For many of them, their protected health information may still be freely available on the internet, but they will have no idea of that.


Update: Rehoboth Mckinley Christian Health Care Services Notified 209,000 Patients of Ransomware

Permalink - Posted on 2021-05-20 17:00

As it has done in similar attacks, the threat actors dumped a small sample of files as proof. The files include copies of handwritten injury reports and other reports related to named individuals’ care. The reports include demographic and protected health information. The sample also contains images of driver’s licenses and a Social Security card, a prescription, and a passport.


Hackers Targeted SolarWinds Earlier Than Previously Known

Permalink - Posted on 2021-05-20 17:00

The hackers who carried out the massive SolarWinds intrusion were in the software company’s system as early as January 2019, months earlier than previously known, the company’s top official said Wednesday.


PHI of up to 50,000 Patients of Arizona Asthma and Allergy Institute Exposed Online

Permalink - Posted on 2021-05-20 17:00

Arizona Asthma and Allergy Institute in Peoria, AZ has discovered the protected health information of up to 50,000 patients has been temporarily exposed online and could potentially have been accessed by an unauthorized individual. The affected patient data had been exposed for a brief period in September 2020 under the name of a different organization. Upon discovery of the security incident, a third-party computer forensics firm was engaged to investigate and determine the scope of the security breach and the extent to which patient data had been affected.


Exchange Server Attackers Launched Scans Within Five Minutes of Disclosure

Permalink - Posted on 2021-05-20 17:00

Threat actors are “winning the race” to find vulnerable assets to exploit, launching scans within minutes of CVE announcements, a leading security vendor has warned. The 2021 Cortex Xpanse Attack Surface Threat Report from Palo Alto Networks was compiled from scans of 50 million IP addresses associated with 50 global enterprises, carried out January-March 2021. The report revealed that as soon as new vulnerabilities are announced by vendors, attackers rush to take advantage, utilizing cheap cloud computing power to back their efforts.


Blind SQL Injection Flaw in WP Statistics Impacted 600K+ Sites

Permalink - Posted on 2021-05-20 17:00

Researchers from the Wordfence Threat Intelligence discovered a Time-Based Blind SQL Injection vulnerability in WP Statistics, which is a WordPress plugin with over 600,000 active installs. The plugin was developed by VeronaLabs, it provides complete website statistics to site owners. The vulnerability could be exploited by an unauthenticated attacker to extract sensitive information from a WordPress website using the vulnerable plugin.


U.K. Recruitment Firm Exposes Application CV Data

Permalink - Posted on 2021-05-20 17:00

FastTrack Reflex Recruitment firm recently joined the ranks of other companies that have been affected by data leaks due to misconfigured AWS S3 buckets. This data breach majorly affected the applicants whose CVs containing personal information were leaked, reports the research team at Website Planet.


100M Users' Data Exposed via Third-Party Cloud Misconfigurations

Permalink - Posted on 2021-05-20 17:00

Mobile app developers have potentially exposed the data of more than 100 million users due to misconfigurations of third-party cloud services, report researchers who analyzed Android apps. The Check Point Research (CPR) team examined 23 Android applications and found multiple kinds of misconfigurations that may have exposed emails, chat messages, location, passwords, and photos. These misconfigurations may have also put developers' internal resources at risk. In 13 of these applications, CPR found publicly available sensitive data from real-time databases that allow app developers to store data in the cloud and ensure it's synchronized to connected clients in real time. Some real-time databases were not configured with authentication, so the team could access data like chats and passwords by simply sending a request to the database.


Recruiter's Cloud SNAFU Exposes 20,000 CVs and ID Documents

Permalink - Posted on 2021-05-19 17:00

Tens of thousands of jobseekers have had their personal information exposed by a misconfigured cloud account, according to researchers. A team at Website Planet discovered the AWS S3 bucket left unprotected and unsecured by FastTrack Reflex Recruitment, now TeamBMS. The 5GB trove contained 21,000 files including CVs featuring personal information such as email addresses, full names, mobile phone numbers, home addresses and social network URLs. Other details included dates of birth, passport numbers and applicant photos, according to Website Planet.


UHS Data Breach Lawsuit Proceeds

Permalink - Posted on 2021-05-19 17:00

A lawsuit filed against an American healthcare provider over a 2020 data breach has been allowed to proceed, but only for one patient. Sensitive data belonging to UHS was exfiltrated in September last year when the company was targeted by the Ryuk ransomware gang. All UHS sites in Puerto Rico and the US were affected by the cyber-attack, which caused the company's IT systems to go offline for a month. Some scheduled appointments were postponed as a result. The Fortune 500 healthcare organization said in March that the attack had cost it an estimated $67m in downtime and related expenses.


Health Plan of San Joaquin Notifying More Than 420,000 of Email Hack Last Year

Permalink - Posted on 2021-05-19 16:00

On or about October 12, Health Plan of San Joaquin (HPSJ) learned of unusual activity affecting its email system. On October 23, 2020, the investigation determined that an unknown person(s) had accessed a number of HPSJ employee email accounts between September 26, 2020 and October 12, 2020. Yesterday, HPSJ sent out notifications and notified the Maine Attorney General’s Office of the incident, reporting that “the information that could have been subject to unauthorized access includes name, address, and Social Security number.” Their notification did not indicate what else it included or whether all those being notified were health plan members or also included any employees or dependents. DataBreaches.net has sent an email inquiry to HPSJ requesting clarification on how many people had ePHI potentially accessed or viewed and will update this post if a response is received.


Update: CaptureRx Incident Impacted Almost 2 Mllion People

Permalink - Posted on 2021-05-19 16:00

For the past two months, DataBreaches.net has been tracking reports involving NEC Networks, LLC d/b/a CaptureRx. CaptureRx is a specialty pharmacy benefits manager whose services include prescription claims processing, patient assistance program administration, and public health service 340B drug program administration. CaptureRx provides these services for pharmacies and healthcare providers across the United States. This week, in its newest filing with a state regulator, we have learned that a total of 1,919,938 individuals (presumably patients) have been impacted by the incident.


New York: Filters Fast Settles Charges Stemming from Failure to Patch Critical Vulnerability

Permalink - Posted on 2021-05-19 16:00

In 2019, Filters Fast experienced a data breach when a threat actor exploited a plugin vulnerability in vBulletin. Using SQL injection, the attacker was able to obtain consumers’ cardholder names, billing addresses, expiration dates, validation codes, and primary account numbers for purchases made between June, 2019 and July, 2020. Filters Fast did not detect any vulnerability in their system or breach. When when notified in February 2020 that they were a “common point of compromise,” they investigated but claimed they did not find anything. In March, 2020, they had their web host rebuild the server “out of an abundance of caution,” but the bad code remained on the server, and hence, continued to compromise the checkout process.


Wyoming Health Director, Tech. Officer Quit After Data Leak

Permalink - Posted on 2021-05-19 16:00

Wyoming’s health director and chief information officer have resigned after a data leak involving the personal information of tens of thousands of people who were tested for the coronavirus. A state Department of Health employee working with computer code accidentally released COVID-19 test results, as well as blood alcohol test results going back to 2012, for 164,000 people in late 2020 and early 2021.


Irish Patients' Data Stolen by Hackers Shows Up in Negotiation Chat

Permalink - Posted on 2021-05-19 16:00

Medical and personal information about Irish patients stolen by hackers last week is now being shared online, screenshots and files seen by the Financial Times show. The records offered online by hackers to further their demands for almost $20m in ransom also include internal health service files, such as minutes of meetings, equipment purchase details and correspondence with patients.


Packaging Vendor Ardagh Admits Cyber Attack Disrupted Operations

Permalink - Posted on 2021-05-19 16:00

European glass and metal packaging manufacturer Ardagh Group has admitted falling victim to a cyber-attack. According to Ardagh, even though its metal beverage packaging and glass packaging facilities remained operational, the attack still caused shipping delays and interruption in some supply chain operations.


New Zealand Hospitals Infected by Ransomware, Cancel Some Surgeries

Permalink - Posted on 2021-05-19 16:00

New Zealand's Waikato District Health Board (DHB) has been hit with a strain of ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals. The attack disabled all IT services except email. Patient notes became inaccessible, clinical services were disrupted, and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only.


Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site

Permalink - Posted on 2021-05-19 16:00

The website, which belonged to a Florida water utility contractor, had been compromised in late December by hackers who then hosted malicious code that seemed to target water utilities, particularly those in Florida. More than 1,000 end-user computers visited the site during the 58-day window that the site was infected. One of those visits came on February 5 at 9:49 am ET from a computer on a network belonging to the City of Oldsmar. In the evening of the same day, an unknown actor gained unauthorized access to the computer interface used to adjust the chemicals that treat drinking water for the roughly 15,000 residents of the small city about 16 miles northwest of Tampa. The intruder changed the level of lye to 11,100 parts per million, a potentially fatal increase from the normal amount of 100 ppm.


Credential Stuffing Reaches 193 Billion Login Attempts Annually

Permalink - Posted on 2021-05-19 16:00

Attackers turned the credential-stuffing knob to 11 in 2020, inundating websites with 193 billion failed attempts to gain access to targeted users' accounts using stolen or reused credentials, according to Akamai's new "State of the Internet" report. In fact, the number of login attempts using credentials increased more than 310%, from 47 billion in 2019, although Akamai attributed an unspecified amount of the precipitous rise to more customers and improved visibility into such attacks. Overall Web attacks, such as SQL injection attacks, showed only a modest increase, growing to 6.3 billion in 2020, up from 6.2 billion in 2019.


Q1 2021 Sees 2.9 Million DDoS Attacks Launched

Permalink - Posted on 2021-05-18 16:00

Approximately 2.9 million Distributed Denial of Service (DDoS) attacks were launched in the first quarter of 2021, according to research from NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT). The estimated figure represents a 31% increase compared to the same period in 2020. All three months of the year's first quarter saw more than 900,000 DDoS attacks, which researchers said exceeded the existing baseline of 800,000 per month.


Argentina Orders Facebook to Suspend WhatsApp Data Sharing

Permalink - Posted on 2021-05-18 16:00

Argentina has ordered Facebook to suspend its data use policy allowing it to collect information from users of its WhatsApp messaging app, the government announced on Monday. The suspension will last at least six months and aims to prevent "the abuse of a dominant position," said a resolution published in the official bulletin. In the meantime, the national agency that protects personal data and access to public information will lead an investigation into Facebook's plans.


Utah: Astro Team Threat Actors Dump Patient-Related Files Allegedly from Eduro Healthcare

Permalink - Posted on 2021-05-18 16:00

On April 7, a relatively new group of threat actors called Astro Team added Eduro Healthcare to their dedicated leak site, claiming to have exfiltrated 40 GB of data. Astro Team’s ransomware has reportedly been linked to Mount Locker ransomware. On April 23, Astro Team dumped all the data, presumably because Eduro failed to pay unspecified ransom demands. Whether Eduro ever responded at all is unknown to DataBreaches.net. Nor can DataBreaches.net report with confidence that Eduro’s system(s) were encrypted, but given what is known about Astro Team, it seems plausible.


Japan to Restrict Private Sector Use of Foreign Equipment and Tech.

Permalink - Posted on 2021-05-18 16:00

After seeing the Colonial Pipeline hack unfold in the US, the Japanese government reportedly wants to impose stricter security regulations on the private sector to ensure the same thing does not happen in Japan.


Commercial Third Party Code Creating Security Blind Spots

Permalink - Posted on 2021-05-18 16:00

Despite the fact that third party code in IoT projects has grown 17% in the past five years, only 56% of OEMs have formal policies for testing security, a VDC Research reveals. Meanwhile, when asked to rank the importance of security to current projects, 73.6% of respondents said it was important, very important or critical.


Double-Extortion Ransomware Attacks on the Rise

Permalink - Posted on 2021-05-18 16:00

Zscaler announced a report featuring analysis of key ransomware trends and details about the most prolific ransomware actors, their attack tactics and the most vulnerable industries being targeted. In late 2019, there was a growing preference for “double-extortion” attacks in some of the more active and impactful ransomware families. These attacks are defined by a combination of unwanted encryption of sensitive data by malicious actors and exfiltration of the most consequential files to hold for ransom. Affected organizations, even if they are able to recover the data from backups, are then threatened with public exposure of their stolen data by criminal groups demanding ransom. In late 2020, the team noticed that this tactic was further augmented with synchronized DDoS attacks, overloading victim’s websites and putting additional pressure on organizations to cooperate.


Student Health Insurance Carrier Guard.me Suffers a Data Breach

Permalink - Posted on 2021-05-18 16:00

On May 12th, Guard.me discovered suspicious activity on their website that led them to take down their website. When visiting the website, visitors are automatically redirected to a maintenance page warning that the site is down while the insurance provider increases security on the site.


FBI says Cyber Crime Complaints More Than Doubled in 14 Months

Permalink - Posted on 2021-05-18 16:00

The FBI's Internet Crime Complaint Center (IC3) has seen a massive 100% in cybercrime complaints over the past 14 months. When the IC3 first began logging complaints in 2000, it took seven years to reach 1 million complaints. Since then, it has taken an average of 29.5 months for each additional million complaints. For the period between March 2020 and May 2021, the IC3 saw a massive increase of 1 million complaints in just 14 months.


City Pay $350,000 in Ruling After Careless Employee Sends Unsecured Data

Permalink - Posted on 2021-05-17 17:00

The city of Fullerton, California, has agreed to pay $350,000 to settle a lawsuit it brought against two bloggers it accused of hacking the city’s Dropbox account. Joshua Ferguson and David Curlee frequently made public record requests in the course of covering city government for a local blog, Friends for Fullerton’s Future. The city used Dropbox to fulfill large file requests, and in response to a June 6, 2019, request for records related to police misconduct, Ferguson and Curlee were sent a link to a Dropbox folder containing a password-protected zip file. But a city employee also sent them a link to a more general “Outbox” shared folder that contained potential records request documents that had not yet been reviewed by the city attorney. The folder wasn’t password protected or access restricted. At the time, there were 19 zip files in the outbox, five of which were not password protected.


Despite Warnings, Cloud Misconfiguration Problem Remains Disturbing

Permalink - Posted on 2021-05-17 17:00

Cloud Security Posture Management (CSPM) firm Aqua Security has analyzed the anonymized cloud configuration data of hundreds of its clients over a period of 12 months. The intent was to discover the size of the cloud misconfiguration problem, and the response from industry to known issues. For its analysis, Aqua separated the group into SMBs (who used Aqua to scan up to just a few hundred cloud resources), and enterprises (who scanned anything from a few hundred to a few hundred thousand cloud resources. In general, and probably as a reflection of resources, it found that smaller companies fixed fewer of the known issues over the 12 month period, but did so at a faster rate than enterprises. Less than 1% of enterprises fixed all misconfiguration issues, while 8% of SMBs did so. The size of the problem remains disturbing, despite all the warnings over the last few years. In January 2020, the NSA called misconfiguration the most common cloud vulnerability; which it described as having high prevalence but requiring low attacker sophistication.


140,000 SEIU 775 Benefits Group Members' PHI Potentially Compromised

Permalink - Posted on 2021-05-17 17:00

SEIU 775 Benefits Group in Washington has notified approximately 140,000 of its members that some of their protected health information has been exposed. Around April 4, 2020, SEIU 775 Benefits Group’s IT team detected anomalous activity within the group’s data systems, including the apparent deletion of certain data files.


85% of Breaches Involve the Human Element

Permalink - Posted on 2021-05-17 17:00

The Verizon report examines more breaches than ever before, and sheds light on how the most common forms of cyber attacks affected the international security landscape during the global pandemic. This year’s report saw 5,258 breaches from 83 contributors across the globe, a third more breaches analyzed than last year.


New York: Student Names, Vendor Bank Account Info. Exposed in BPS Cyber Attack

Permalink - Posted on 2021-05-17 17:00

When ransomware hit the Buffalo Public Schools in March, the district told students and families that investigators had not determined that any personal information had been exposed. Two months later, investigators have found that such information was exposed. Personal information about an unknown number of students, parents and employees has been exposed, along with bank account information for an unknown number of vendors, the district revealed in letters recently. Student names, district ID numbers, birthdates, grade levels, schools, addresses, phone numbers and parent names were among the information exposed in the attack, according to a letter sent May 7 to families by Kroll, a security consulting firm, on behalf of the district.


Herff Jones Credit Card Breach Impacts College Students Across the U.S.

Permalink - Posted on 2021-05-17 17:00

Graduating students from several universities in the U.S. have been reporting fraudulent transactions after using payment cards at popular cap and gown maker Herff Jones. In the wake of the reports that started last Sunday, the company started an investigation to determine the extent of the data breach.


Insurer AXA hit by Ransomware After Dropping Support for Ransom Payments

Permalink - Posted on 2021-05-17 17:00

Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen 3 TB of sensitive data from AXA's Asian operations. Additionally, BleepingComputer observed an ongoing Distributed Denial of Service (DDoS) against AXA's global websites making them inaccessible for some time yesterday.


Apex America Hit by Sodinokibi Ransomware

Permalink - Posted on 2021-05-14 17:00

DataBreaches.net was able to see some of REvil’s attempts to persuade Apex America to pay what was originally set as a $7 million ransom. After a number of days, someone presumably from Apex America (although that has not been confirmed) showed up in the chat to ask REvil what their lowest price would be. REvil answered “6kk” ($6 million). That was 5 days ago, and Apex America or whoever it was in that chat has not responded since.


Brazil: Rede Bahia Suffers a Cyber Attack and Reported Data Breach

Permalink - Posted on 2021-05-14 17:00

Rede Bahia, a Brazilian business conglomerate with16 multimedia vehicles focused on Bahia and Bahian people, was hit with a ransomware attack that impacted its functioning. As of today, the firm is still working to restore all functioning.


Toshiba Hacked with DarkSide Ransomware

Permalink - Posted on 2021-05-14 17:00

A Toshiba Corp unit said it was hacked by the DarkSide ransomware group, overshadowing an announcement of a strategic review for the Japanese conglomerate under pressure from activist shareholders to seek out suitors.


SMBs Increasingly Face Same Cyber Threats as Large Enterprises

Permalink - Posted on 2021-05-14 17:00

For the first time since the Verizon Data Breach Investigations Report began tracking cyberattack techniques, threat patterns affecting small and medium businesses began to closely align with the patterns affecting large firms. This year, 80% of breaches in SMBs and 74% of breaches in large businesses were born of system intrusion, basic web application attacks, and miscellaneous errors (like distributing a file unintentionally), according to the 2020 Verizon DBIR released Thursday. External hackers comprised 57% of SMB and 64% of large business incidents. For both SMBs and large firms, hackers acted with financial motives around 90% of the time, espionage motives around 5% of the time.


Chemical Distributor Pays $4.4 Million to DarkSide Ransomware

Permalink - Posted on 2021-05-14 17:00

Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.


Ireland: HSE Computer Systems Infected with Ransomware

Permalink - Posted on 2021-05-14 17:00

Taoiseach Micheál Martin has insisted Ireland will not pay any ransom to hackers who attacked the state’s health service. Earlier, Minister of State for Communications Ossian Smyth has said a bitcoin ransom was demanded following a cyber attack on Health Service Executive (HSE) computer systems.


Georgia’s HB 156, Requiring State Notice for Utility Cyber Security Incidents, Is Now in Effect

Permalink - Posted on 2021-05-13 16:00

Georgia’s governor has signed into law House Bill 156, creating specific notice requirements for state agencies and utilities that experience cybersecurity attacks, data breaches or malware and requiring notice to the state director of emergency management in Georgia within two hours of notifying the federal emergency management agencies. In addition, the law requires the Georgia state director of emergency management and homeland security to develop additional rules and regulations related to the notice requirements.


Gary, Indiana Targeted by Ransomware Attack

Permalink - Posted on 2021-05-13 16:00

The city of Gary is trying to recover from a ransomware attack. All of its servers are now being restored and rebuilt. The FBI and the Department of Homeland Security were both alerted and a city spokesperson says they’re still investigating if anyone’s personal information was stolen.


Cyber Attacks Cost Small U.S. Businesses $25k Annually

Permalink - Posted on 2021-05-13 16:00

Cyber-attacks are leaving small businesses in the United States with big dents in their annual budgets, according to new research by international insurance company Hiscox. Data analyzed in the creation of the "Hiscox Cyber Readiness Report 2021" revealed that the average financial cost of a cyber-attack to a small business in the US over 12 months is "high at $25,612." The annual report, which was first published five years ago, surveys over 6,000 professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain, and Ireland who are responsible for their company’s cybersecurity. Respondents completed the online survey between November 5, 2020, and January 8, 2021. Responses revealed that 23% of small businesses in the United States had suffered at least one cyber-attack during the past 12 months. More than a third of US small businesses (35%) said that they do not fully disclose to all relevant internal and external stakeholders when a cybersecurity incident happens.


Trailer Maker Utility Targeted in Ransomware Attack

Permalink - Posted on 2021-05-13 16:00

Utility Trailer Manufacturing, one of the largest U.S. producers of trailers for the trucking industry, was targeted in an apparent ransomware attack that exposed personal information of numerous employees. The California-based company told FreightWaves that it had “suffered a cyber event” that disrupted some systems temporarily. The company disclosed the incident after the Clop ransomware gang leaked over 5 gigabytes of data to the dark web this week.


Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

Permalink - Posted on 2021-05-13 16:00

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.


Green Energy Company Volue Hit by Ransomware

Permalink - Posted on 2021-05-13 16:00

The attack was discovered on May 5, when Volue said some of its operations had been impacted. Volue’s investigation is ongoing.


Manchester Coucil Exposed Thousands of Plate Numbers

Permalink - Posted on 2021-05-13 16:00

Manchester City Council exposed online the number plates of more than 60,000 cars slapped with parking tickets, breaking data protection laws as it did so. In what appears to be a sincere if misguided attempt to provide public accountability over parking wardens, the council publishes income from parking tickets online in the open data section of its website.


Firms Struggle to Secure Multicloud Misconfigurations

Permalink - Posted on 2021-05-13 16:00

Companies continue to struggle to correctly configure their cloud infrastructure, with small and midsize businesses (SMBs) fixing only an average of 40% of misconfiguration issues and enterprises fixing 70% of such issues, according to a new report from cloud security firm Aqua Security.


Half of Government Security Incidents Caused by Missing Patches

Permalink - Posted on 2021-05-12 16:00

Cybersecurity is both a driver and a major barrier to public sector IT modernization, according to new research from BAE Systems Applied Intelligence. The cyber consultancy polled 250 managers with IT responsibility in UK central governmental organizations, to better understand the interplay between security and digital transformation. The research revealed that most (60%) UK government departments have digital transformation plans in place and that these have been accelerated in the majority of cases by the pandemic. Mitigating the risk of vulnerabilities was cited by three-quarters (75%) of respondents as the main reason for driving these legacy upgrades.


Colonial Pipeline Attack Leads to Calls for Cyber Regs

Permalink - Posted on 2021-05-12 16:00

Several lawmakers have called for national breach notification laws that would require businesses and government agencies to report when they are victims of an attack. Lawmakers have also started to pose questions to regulatory agencies that oversee cybersecurity in the gas and oil industry.


Cyber Attack Steals Info. of One Million in Turkey's Konya

Permalink - Posted on 2021-05-12 16:00

A municipality official confirmed the attack but did not disclose its scale. The Sözcü newspaper claims the ID numbers and other personal information of about 1 million people were stolen in the cyberattack, predominantly those who had sent emails to the municipality. A suspect using the user name Maxim Gorki put a database containing the information on a hacker forum.


Texas: Herff Jones Data Breach Leaves Students' Bank Information Compromised

Permalink - Posted on 2021-05-12 16:00

A data breach at UH [University of Houston] graduation cap and gown vendor, Herff Jones, has some students’ bank information compromised. No notice appears on Herff Jones’s web site at this time.


Washington D.C. Police Allegedly Offered $100,000 to Hackers to Stop Leak

Permalink - Posted on 2021-05-12 16:00

The cybercriminals who hacked and attempted to extort the Washington D.C. Metropolitan Police Department have now published what they claim are screenshots of their conversation with the police. Motherboard has not independently verified the specific conversation but the materials released by the hacking group thus far have proven to be legitimate. In the screenshots, hackers with the Babuk ransomware group attempt to convince the police to pay up, or else they will leak all the data they stole. The negotiations broke when the person on the police side of the conversation offered $100,000, instead of the $4 million the hackers asked for.


Data from Indiana and Oregon School Districts Dumped by Ransomware Threat Actors

Permalink - Posted on 2021-05-11 17:00

his week, two sets of threat actors dumped data from K-12 school districts in Indiana and Oregon. Both districts had disclosed ransomware incidents in April. There does not yet seem to be any notice on the school district’s web site about this newest development.


Norway: Volue ASA Hit by Ryuk Ransomware

Permalink - Posted on 2021-05-11 17:00

Volue is Norwegian software company. On May 5, they reportedly became a victim of a ransomware attack. The attack impacted some of Volue Technology’s front-end customer platforms.


Ransomware Attack on New York Medical Group Impacts 330K Patients

Permalink - Posted on 2021-05-11 17:00

The New York medical group practice, Orthopedic Associates of Dutchess County, has announced the protected health information of certain patients was potentially stolen in a recent cyberattack. The security incident was detected on March 5, 2021 when suspicious activity was identified in its systems. An investigation into the incident confirmed its systems had been accessed by unauthorized individuals on or around March 1, 2021. The attackers gained access to certain systems and encrypted files and issued a ransom demand for the keys to unlock the encrypted files.


Germany Bans Facebook from Processing WhatsApp Data

Permalink - Posted on 2021-05-11 17:00

A German privacy watchdog has banned social media company Facebook from harvesting data on WhatsApp users. Hamburg’s data protection commissioner said that WhatsApp's privacy policy was in breach of European data protection rules following a recent change.


200K Veterans' Medical Records May Have Been Stolen by Ransomware Gang

Permalink - Posted on 2021-05-11 17:00

A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers.


Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet

Permalink - Posted on 2021-05-11 17:00

Emails from the Epic Games lawsuit show Apple brass discussing how to handle a 2015 iOS hack. The company never directly notified affected users.


University of California Confirms Personal Information Stolen in Cyber Attack

Permalink - Posted on 2021-05-11 17:00

The University of California (UC) this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance (FTA) service. The incident, which took place in late December 2020, after a critical vulnerability was identified in the decades-old file sharing service, impacted tens of companies, government agencies, and universities. UC initially confirmed impact from the incident in early April, after the operators of Clop ransomware, which orchestrated the attack on Accellion’s service, published on their Tor-based leaks website information allegedly stolen from the university and other entities.


Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage

Permalink - Posted on 2021-05-11 17:00

On April 28, the Three Affiliated Tribes—the Mandan, Hidatsa & Arikara Nation—announced to its staff and employees that its server was hacked and believe it was by malicious software called ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information.


Ransomware Gang Leaks Data from Metropolitan Police Department

Permalink - Posted on 2021-05-11 17:00

Babuk Locker ransomware operators have leaked personal files belonging to police officers from the Metropolitan Police Department (also known as MPD or DC Police) after negotiations went stale. The documents published on Babuk Locker's dark web leak portal include 150 MB worth of data from DC Police officers' personal files.


Application Attacks Spike as Criminals Target Remote Workers

Permalink - Posted on 2021-05-11 17:00

Cybercriminals' change in strategy during the COVID-19 pandemic caused application-specific and Web application attacks to spike, according to a new report that finds these threats made up 67% of all attacks last year, a number that has more than doubled in the past two years.


Massive Amazon Fake Review Scam Exposed in Data Breach

Permalink - Posted on 2021-05-10 16:00

Amazon has spent years rooting out fake reviews and other seller scams from its e-commerce platform. But the latest discovery from security researchers at SafetyDetectives found what appears to be a sophisticated scheme by Amazon vendors to procure fake reviews for their products. SafetyDetectives's cybersecurity team found a China-based Elasticsearch server of direct messages between Amazon vendors and customers running fake review schemes in exchange for free products. In total, the 7GB treasure trove contained over 13 million records, including the email addresses and WhatsApp/Telegram phone numbers of vendor contacts, plus email addresses, names, PayPal account details, and Amazon account profiles of reviewers, impacting approximately 200,000 people.


Twilio, HashiCorp Among Codecov Supply Chain Hack Victims

Permalink - Posted on 2021-05-10 16:00

The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the breach but a handful of victims are starting to publicly acknowledge possible exposure of sensitive developer secrets.


City of Chicago Hit by Data Breach at Law Firm Jones Day

Permalink - Posted on 2021-05-10 16:00

The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion’s FTA file sharing service. The cyber-attack started in December 2020, when a critical vulnerability was identified in the 20-year-old large file transfer service that reached end-of-life on April 30, 2021.


City of Tulsa Hit by Ransomware Over the Weekend

Permalink - Posted on 2021-05-10 16:00

The city of Tulsa, Oklahoma, one of the 50 largest cities in the US, has been hit by a ransomware attack over the weekend that affected the city government’s network and brought down official websites. The attack, which took place on the night between Friday and Saturday, is currently being handled by the city’s IT team, which have managed to restore the city’s websites, a spokesperson told The Record. IT teams are still working to recover impacted systems from backups.


7 May 2021 News Lawsuit Filed Over Contact Tracing Data Breach

Permalink - Posted on 2021-05-07 17:00

A federal lawsuit has been filed against Pennsylvania and a vendor contracted by the state's Department of Health (DOH) over a data breach that exposed the personal health information (PHI) of thousands of Pennsylvanians. The plaintiffs allege that the data breach was a “direct result of Defendants’ failure to implement adequate and reasonable cybersecurity procedures and protocols." In the suit, Insight Global is accused of maintaining “unsecure spreadsheets, databases and or documents containing the PHI (public health information).”


Insurer AXA Halts Ransomware Crime Reimbursement in France

Permalink - Posted on 2021-05-07 17:00

In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. AXA, among Europe’s top five insurers, said it was suspending the option in response to concerns aired by French justice and cybersecurity officials during a Senate roundtable in Paris last month about the devastating global epidemic of ransomware.


South Africa: NCape Municipality Battles Devastating Ransomware Attack

Permalink - Posted on 2021-05-07 17:00

The Nama Khoi Municipality in the Northern Cape Province is struggling to restore IT systems that were hit by a ransomware attack last year. What’s a bit bizarre about this report is that they report that the Pysa threat actors have not even yet demanded any ransom. DataBreaches.net checked the threat actors’ leak site. They listed the attack as occurring on November 29, 2020. And then they started dumping data as proof.


Edinburgh Mental Health Clinic in Probe After Client Information Accessed in Scam

Permalink - Posted on 2021-05-07 17:00

An Edinburgh mental health clinic is at the centre of a probe into a data breach resulting in hundreds of client contact details being accessed as part of a phishing scam. Bosses at The Edinburgh Practice, which offers a range of psychological and psychiatric counselling, were accused of failing to properly notify patients of the attack, despite a host of complaints. It comes after dozens of service users at the private clinic raised concerns with the Information Commissioner’s Office (ICO) when they received emails from scammers seeking to harvest their personal information through a virus disguised as an important document from the clinic.


NHS Vaccination Website Leaks People's Medical Data

Permalink - Posted on 2021-05-07 17:00

A gaping security hole has been discovered in the NHS vaccination booking website, which can be easily exploited to find out whether someone has received a jab. The problem relates to the way the website treats different users, depending on how far along they are in the vaccination process.


Wolfe Eye Clinic Victim of Lorenz Threat Actors

Permalink - Posted on 2021-05-07 17:00

There is no notice of any cyberattack on the web site of Wolfe Eye Clinic in Iowa, but the clinic has been investigating and addressing an alleged attack for more than one month now while patient care continues at their multiple locations. On April 1, threat actors known as Lorenz added the clinic to its relatively new dedicated leak site. Unlike some other dedicated leak sites that appear to just dump data to pressure victims into paying extortion demands, Lorenz has offered downloads for which interested parties — or the victim — can buy the key to open. The threat actors also seem to be offering to sell access to the clinic’s internal network.


U.S. Physics Laboratory Exposed Documents, Credentials

Permalink - Posted on 2021-05-07 17:00

The Fermilab physics laboratory in the U.S. has tidied up its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details and credentials. Fermilab, which is part of the U.S. Department of Energy, is a world-famous particle accelerator and physics laboratory in Batavia, Illinois. One database the researchers discovered allowed unauthenticated access to 5,795 documents and 53,685 file entries.


19 Petabytes of Data Exposed Across 29,000+ Unprotected Databases

Permalink - Posted on 2021-05-07 17:00

CyberNews researchers found that more than 29,000 databases worldwide are still completely unprotected and publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors.


U.S. Defense Contractor BlueForce Apparently Hit by Ransomware

Permalink - Posted on 2021-05-07 17:00

The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site.


Most Organizations Feel More Vulnerable to Breaches Amid Pandemic

Permalink - Posted on 2021-05-07 17:00

More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds. Assessing Cybersecurity Risk in Today's Enterprises, finds 38% of respondents describe their data as being at "significantly higher" or "imminent" risk because of COVID-19-related threats. The research also found 51% expect their organizations to make significant long-term changes to IT and business operations as a result of the pandemic. Cloud security is top of mind for IT and security teams as 41% express concern about exploits targeting cloud service providers. When asked about which aspects of cloud services were most concerning from a security perspective, 45% cited a lack of visibility into their organization's data as it is transmitted or stored via cloud services.


Half of U.K. Manufacturers Suffered a Cyber Attack Last Year

Permalink - Posted on 2021-05-06 17:00

Half of British manufacturers and even more in the automotive sector suffered a successful cyber-attack last year, but cost remains a major barrier to improvements, according to an industry body. Make UK, which represents the sector, claimed that the 47% figure overall rose to 62% for carmakers.


Financial Services Experience 125% Rise in Exposure to Mobile Phishing

Permalink - Posted on 2021-05-06 17:00

Financial services and insurance organizations experienced a 125% rise in exposure to mobile phishing attacks in 2020 compared to 2019, according to Lookout’s Financial Services Threat Report. The cloud security firm also found that malware and app risk exposure went up by more than 400% on average per quarter last year among the industry’s employees and customers. This was despite a 50% growth in mobile device management deployment during this period.


Network Intrusions and Ransomware Attacks Overtake Phishing as Main Breach Cause

Permalink - Posted on 2021-05-06 17:00

Network intrusion incidents have overtaken phishing as the leading cause of healthcare data security incidents, which has been the main cause of data breaches for the past 5 years. In 2020, 58% of the security incidents dealt with by BakerHostetler’s Digitial Assets and Data Management (DADM) Practice Group were network intrusions, most commonly involving the use of ransomware.


France: Ransomware Attack on Environmental Center Resulted in Data Loss

Permalink - Posted on 2021-05-06 17:00

La Nouvelle Republique reports that the Permanent Center for Environmental Initiatives of Gâtine (CPIE) experienced a cyberattack on April 18 that resulted in irretrievable data loss.. “We had a cryptographic virus that got into our computer server. When we opened the system, all our files had the same name. And if we wanted to decrypt them, we had to pay a ransom to do that,” says Adèle Gamache, director of CPIE, adding: We have lost everything in terms of files since April 2020: educational tools, booklets, action sheets.


Orthopedic Associates of Dutchess County Notifies More Than 330,000 Patients of Breach

Permalink - Posted on 2021-05-06 17:00

On March 5, Orthopedic Associates of Dutchess County in New York (“OADC”) became aware of suspicious activity involving its systems. Their investigation determined that an unauthorized actor gained access to certain OADC systems on or about March 1, 2021, encrypted files, and then claimed to have removed and/or viewed certain files.


Malware Group Leaks Millions of Stolen Authentication Cookies

Permalink - Posted on 2021-05-06 17:00

To add insult to injury, after users were infected by a malware strain that stole their passwords and personal data, the malware operators forgot to secure their backend servers, which leaked sensitive user information for hundreds of thousands of victims for more than a month.


CaptureRx Data Breach Impacts Healthcare Providers

Permalink - Posted on 2021-05-06 17:00

At least a few American healthcare suppliers have suffered a facts breach following a cyber-attack on an administrative expert services company in Texas. CaptureRx, which is based mostly in San Antonio, fell sufferer to a ransomware attack on February 6. On February 19, an investigation into the attack identified that specified documents experienced been accessed without authorization. During the attack, cyber-criminals exfiltrated information containing the particular overall health details (PHI) of much more than 24,000 persons.


Faxton St. Luke's Healthcare Vendor Faces Data Breach

Permalink - Posted on 2021-05-06 17:00

Faxton St. Luke’s Healthcare (FSLH), an affiliate of the Mohawk Valley Health System (MVHS), was notified on March 30, 2021, that Capture RX, a third party business associate, experienced a data breach on Feb. 6, 2021. The breach included limited data on 17,655 patients of FSLH.


Shoppers Choose Guest Checkouts Over Security Fears

Permalink - Posted on 2021-05-05 16:00

A quarter (22%) of shoppers use guest checkouts because they’re concerned about handing more personal data over to e-commerce providers, according to a new study. E-commerce search specialist Empathy.co commissioned Censuswide to poll a representative sample of 4000 British consumers to better understand their online preferences. It revealed widespread mistrust of online stores and a desire to gain more control over personal data. Only 13% said they’re not concerned about how their data is used at all, while over two-fifths (42%) claimed that they’re extra careful when providing personal data and accepting legal notices. A further two-fifths (40%) agreed that they don’t like being asked for unnecessary or sensitive data.


Peloton's Leaky API Spilled Riders' Private Data

Permalink - Posted on 2021-05-05 16:00

Peloton has hit a pothole. Its API was leaking riders’ private data, it ignored a vulnerability disclosure from a penetration testing company, and it partially fixed the hole but didn’t get around to telling the researcher until he reached out to a cybersecurity journalist for some help.


Lawmakers Call for Investigation into Breach of the Contact Tracing Data of 72,000 Pennsylvanians

Permalink - Posted on 2021-05-05 16:00

Lawmakers in the Commonwealth of Pennsylvania are calling for an investigation into a data breach involving the contact tracing information of 72,000 Pennsylvanians after it was discovered that sensitive information was being shared via unauthorized channels without the necessary security protections. An investigation conducted by Target 11 found employees had been recording contact tracing information in the free versions of Google Sheets and were sharing those spreadsheets and other documents with colleagues via personal email accounts for contact tracing purposes. The free versions of these Google services are not HIPAA compliant and should not have been used.


Florida Girl, 18, Faces 16-Year Jail for Hacking 'Homecoming Queen' Contest with Mom's Help

Permalink - Posted on 2021-05-05 16:00

Emily and her assistant principal mother Laura Rose Carroll are accused of hacking student school accounts to cast fake votes and make her win the contest.


Canada's Boutin Transport Company Victim of a Cyber Attack

Permalink - Posted on 2021-05-05 16:00

Groupe Boutin Inc. is a firm in Quebec providing logistics, transportation, and warehousing services, as well as private fleets. The attack has been claimed by CL0P threat actors, who have listed the company on their leak site and have dumped a number of files allegedly from Boutin’s server(s).


Americans Turn to VPNs to Prevent Online Fraud and Hacking

Permalink - Posted on 2021-05-05 16:00

New York, NY-based coupon engine CouponFollow, part of NextGen Shopping surveyed 1,666 US adults before the pandemic and a further 1,834 US adults in February 2021 to understand how Americans view their internet security and data privacy. The report showed that almost seven in ten (69%) of Americans are concerned about the security of their data when using public Wi-fi, and nearly two in three (64%) are worried about it when using the internet at home. A similar percentage (65%) are concerned that their medical or financial data might be shared -- or sold on -- by their ISP. Online privacy worries almost half (47%) of Americans who are concerned about their privacy when using public Wi-Fi. Nearly a third (30%) worry about their privacy even when using the Internet at home.


SmileDirectClub Reveals Cyber Security Incident That Could Cost Millions

Permalink - Posted on 2021-05-04 16:00

SmileDirectClub was the victim of a cybersecurity threat last month that could cost the teledentistry firm as much as $15 million, the company announced in a filing made Monday with the U.S. Securities and Exchange Commission.


Gifford says Vendor Had Data Breach

Permalink - Posted on 2021-05-04 16:00

Gifford Health Care last month notified federal authorities of a data breach involving a vendor that helps administer one of the Randolph-based medical center’s drug-pricing programs. Gifford notified the U.S. Department of Health and Human Services on April 23 of a “hacking/IT incident” involving a network server, according to HHS records.


Hackers Break into Glovo, Europe's $2 Billion Amazon Rival

Permalink - Posted on 2021-05-04 16:00

A cybercriminal has managed to break into the $2 billion-valued Spanish delivery startup Glovo. The hacker was selling access to both customer and courier accounts, with the ability to change their passwords. It comes just a month after Glovo, which aims to become the Amazon of Europe, a rival also capable of delivering anything, announced a huge $530 million round, taking its overall funding to over $1 billion and boosting plans to take the company public in the next few years.


Health Aid of Ohio Security Incident Affects Up to 141,00 Individuals

Permalink - Posted on 2021-05-04 16:00

Health Aid of Ohio, a Parma, OH-based full-service home medical equipment provider, has discovered unauthorized individuals gained access to its systems and exfiltrated some files from its network. The breach was detected on February 19, 2021 when suspicious network activity was detected. Action was quickly taken to eject the attackers from the network and secure all patient data. An investigation into the breach confirmed that files were accessed and exfiltrated from Health Aid’s systems, but it was not possible to determine exactly which files had been removed from its systems. It is possible that some of the exfiltrated files contained the protected health information of VA plan members.


Third Parties Caused Data Breaches at 51% of Organizations

Permalink - Posted on 2021-05-04 16:00

Remote access is becoming an organization's weakest attack surface, according to new research published today by the Ponemon Institute and third-party remote access provider SecureLink. The new report, titled “A Crisis in Third-party Remote Access Security,” reveals a disparity between an organization's perceived third-party access security threat and the protective measures it puts in place. Researchers found that organizations are exposing their networks to non-compliance and security risks by not taking action to reduce third-party access risk. Nearly half (44%) of organizations were found to have experienced a security breach within the last 12 months. Of those organization, three-quarters (74%) said that the breach had occurred because too much privileged access had been given to third parties.


Telstra Service Provider Hit by Cyber Attack as Hackers Claim SIM Card Information Stolen

Permalink - Posted on 2021-05-04 16:00

Hackers have claimed they have gained access to “tens of thousands” of SIM cards after a cyber attack against an Australian telecom firm. The victim, Melbourne-based Schepisi Communications, describes itself as a “platinum partner” of Telstra that supplies phone numbers and cloud storage services on behalf of the telecommunications giant. The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web.


Over 40 Apps with More Than 100 Million Installs Found Leaking AWS Keys

Permalink - Posted on 2021-05-04 16:00

The AWS key leakage was spotted in some of the major apps such as Adobe Photoshop Fix, Adobe Comp, Hootsuite, IBM's Weather Channel, and online shopping services Club Factory and Wholee. The findings are the result of an analysis of over 10,000 apps submitted to CloudSEK's BeVigil, a mobile app security search engine.


Hackers Leak 150 Million User Records from Iranian Raychat App

Permalink - Posted on 2021-05-04 16:00

The hacker behind the data leak claims they downloaded the Raychat app data when the company exposed its entire database online between December 2020 to January 2021. The data leak which has been seen and analyzed by Hackread.com includes: Full names; IP addresses; Email addresses (The exact number leaked email address is yet unclear); Bcrypt passwords; Telegram messenger IDs, etc.


Twilio Discloses Impact from Codecov Supply-Chain Attack

Permalink - Posted on 2021-05-04 16:00

Cloud communications company Twilio has now disclosed that it was impacted by the recent Codecov supply-chain attack in a small capacity. As reported by BleepingComputer last month, popular code coverage tool Codecov had been a victim of a supply-chain attack that lasted for two months. During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers' CI/CD environments. Using the credentials harvested from the tampered Bash Uploader, Codecov attackers reportedly breached hundreds of customer networks.


Cyber Security Control Failures Listed as Top Emerging Risk

Permalink - Posted on 2021-05-03 16:00

Cybersecurity control failures was listed as the top emerging risk in 1Q21 in a global poll of 165 senior executives across function and geography, according to Gartner. Despite a myriad of risks resulting from the pandemic, such as the new work environment and environmental, social and governance (ESG) concerns, cybersecurity risk was singled out with notable consistency across all geographic regions and most industries, cited by 67% of respondents. The next highest cited risk, “the new working model” was cited by 43% of respondents. “Many organizations were forced to implement quick fixes to serious operational gaps as a result of their initial pandemic responses,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice.


58% of Orgs Predict Remote Workers Will Expose Them to Data Breach Risk

Permalink - Posted on 2021-05-03 16:00

35% of UK IT decision makers admitted that their remote workers have already knowingly put corporate data at risk of a breach in the last year according to an annual survey conducted by Apricorn. This is concerning given that over one in ten surveyed IT decision makers also noted that they either have no control over where company data goes or where it is stored (15%) and their technology does not support secure mobile/remote working (12%). Additionally, 58 percent still believe that remote workers will expose their organization to the risk of a data breach. This figure has risen steadily year on year from 44 percent in 2018, yet despite the pandemic, the number of organizations expecting their remote workers to put them at risk of a data breach in 2021 has remained level. Furthermore, 26% of organizations noted that their remote workers don’t care about security. Whilst this figure has dropped from 34 per cent last year, phishing (37%), employee negligence (27%), remote workers (15%) and third parties (13%) are still big avenues for attack and actionable cause of a breach.


eCommerce Fraud Losses to Surpass $20 Billion This Year

Permalink - Posted on 2021-05-03 16:00

The value of losses due to eCommerce fraud will rise this year, from $17.5 billion in 2020 to over $20 billion by 2021; a growth of 18% over a single year, according to a study from Juniper Research.


TurgenSec Finds 345,000 Files from Filipino Solicitor-General's Office Were Breached

Permalink - Posted on 2021-05-03 16:00

Sensitive documents from the solicitor-general of the Philippines, including information on ongoing legal cases and passwords, were breached and made publicly available online, the UK security firm has said.


Alaska Court System Briefly Forced Offline Amid Cyber Threat

Permalink - Posted on 2021-05-03 16:00

The Alaska Court System has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including its website and removing the ability to look up court records.


Scripps Health Hit by Cyber Attack

Permalink - Posted on 2021-05-03 16:00

Scripps Health confirmed Sunday their technology servers were hacked overnight, forcing the health care system to switch to offline chart systems and causing a disruption to their patient portals. Scripps did not provide any information on how the cyberattack occurred or state exactly what systems were affected by the breach.


Ransomware Attack On Midwest Transplant Network Affects More Than 17,000

Permalink - Posted on 2021-05-03 16:00

Families of organ, eye and tissue donors are receiving letters this week from the Midwest Transplant Network informing them of a data breach affecting more than 17,000 individuals. The attackers were able to obtain some personal health information about deceased donors and organ recipients, including names, dates of birth and types of organ donation or transplantation procedures.


France: Colis Privé Reports a Cyber Attack Is Causing Disruption in Operations

Permalink - Posted on 2021-05-03 16:00

Colis Privé specializes in home and relay delivery of packages to you, individuals, within 24 to 48 hours. It is a subsidiary of Hopps Group. The firm announced a breach on its web site.


Whistler Ransomware Attack Could Affect Thousands

Permalink - Posted on 2021-05-03 16:00

A ransomware attack on the Resort Municipality of Whistler (RMOW) could have far-reaching consequences, according to a cyber security expert, but there’s no way of knowing for sure until a full forensic investigation is completed.


Data Breach Alerts in Singapore Up on New Reporting Rules

Permalink - Posted on 2021-05-03 16:00

The number of data breach alerts Singapore's data protection watchdog received tripled in the February-March period compared with the previous two months. This comes amid a string of potential personal data leaks reported in recent months. Legal and information technology security experts said the increase could have been due to a new data breach notification requirement companies must follow from Feb 1, as well as rising cyber-security threats.


Canada: B.C. Student Loan Website Down After Being Taken Over by Hackers

Permalink - Posted on 2021-05-03 16:00

The website that B.C. students visit to manage their student loans appears to have been hacked. At around 9 p.m. Sunday people on Twitter reported the landing page for studentaidbc.ca was replaced with a black page with green writing and music playing in the background. The site remained down as of 7:30 a.m. Monday. The LearnLive BC website was also down. This apparent hacking comes just days before the summer semester starts for students in early May.


Virgin Active Goes Offline After Sophisticated Cyber Attack

Permalink - Posted on 2021-05-03 16:00

Virgin Active SA says it was forced to go offline after being targeted by sophisticated cybercriminals. Forensic experts are probing the extent of the attack to determine if any information was compromised.


Hackers Hit H&M Israel as Local Firms Fight New Wave of Cyber Attacks

Permalink - Posted on 2021-05-03 16:00

At least four Israeli companies, one NGO may have been targeted by what experts say could be a new attack by the Iranian group that was behind previous hacks.


TRB's Registration Database Hacked in Ransomware Attack

Permalink - Posted on 2021-05-03 16:00

The Transportation Research Board’s annual meeting registration services database was compromised in March by cybercriminals in a ransomware attack, the organization announced April 28. “As a result of the attack, personal information for those who registered for TRB annual meetings from 2015-2021, may have been exposed and obtained in the attack,” TRB said in an email to all conference registrants since 2015. The vendor, J. Spargo & Associates Inc., based in Fairfax, Va., alerted TRB to the hack on March 14, TRB said.


Californian Healthcare Provider Discovers Patient Data was Exposed on the Internet for Over a Year

Permalink - Posted on 2021-04-30 17:00

Doctors Medical Center of Modesto (DCM) in California has discovered a contractor used by a former vendor accidentally exposed patient data over the Internet. DCM had contracted with the SaaS platform provider Medifies to provide virtual waiting room services. On April 2, 2021, DCM discovered the data of some of its patients was accessible over the Internet. DCM contacted Medifies about the exposed data and the issue was corrected the same day and the data was secured. The investigation into the breach confirmed an error had been made when performing a software update which allowed the data to be accessed via the Internet. The error was made by a Medifies software development contractor.


Contract Tracing Breach Impacts Private Info. of 72K People

Permalink - Posted on 2021-04-30 17:00

Employees of a vendor paid to conduct COVID-19 contact tracing in Pennsylvania may have compromised the private information of at least 72,000 people, including their exposure status and their sexual orientation, the state Health Department said Thursday.


Toronto Hit by Data Breach from Accellion File Transfer Software

Permalink - Posted on 2021-04-30 17:00

The City of Toronto says it suffered a “potential cyber breach” from a hack of data from use of its Accellion FTA file transfer server in January that may have involved the health information of individuals. In its initial statement today, the city said it was notified of a potential cyber breach related to an unnamed third-party file transfer software vendor on Jan. 22. City staff later confirmed to IT World Canada that the incident involved Accellion.


France: Ardennes: Invicta Group at a Standstill Since Monday After a Cyber Attack

Permalink - Posted on 2021-04-30 17:00

According to the testimony of an employee, it would have occurred on Sunday, since it was at this time that the staff was alerted to the temporary stoppage of work by an SMS. “The cyber attack affects some of the servers and had the impact of temporarily stopping activity, at our initiative,” confirms the company in a press release sent to L’Ardennais. The Vivier-au-Court foundry, and probably the Donchery head office, have been paralyzed since Monday morning.


AmeriTrust Warns Customers of December Data Breach

Permalink - Posted on 2021-04-30 17:00

The personal loan information of certain #AmeriFirst Financial, Inc., customers have been compromised, according to the bank’s “data security incident” notification. AmeriFirst said it discovered the breach on April 12, 2021, which infiltrated the bank’s data storage from Dec. 2 to Dec. 10, 2020. A $79 million institution with branches in California, Arizona, and Utah, AmeriFirst said the information stolen includes: first and last names; dates of birth; Social Security numbers; bank account numbers; tax identification numbers; Internal Revenue Services numbers; driver’s licenses; passport numbers; and other government-issued identification cards and numbers.


Thrifty Drug Discloses Security Breach

Permalink - Posted on 2021-04-30 17:00

Thrifty Drug in a statement said it worked with a business associate, Capture Rx, that discovered certain files on its system were accessed without authorization in February. Some of those files contained Thrifty patient information, including names, dates of birth, prescription information, and for some patients, the medical record number.


Lack of Visibility into IT Assets Impacting Security Priorities

Permalink - Posted on 2021-04-30 17:00

Axonius released a report which reveals the extremes to which the pandemic escalated lack of visibility into IT assets and how that is impacting security priorities. According to the study conducted by ESG, organizations report widening visibility gaps in their cloud infrastructure (79%, which was a 10% increase over 2020), end-user devices (75%), and IoT device initiatives (75%), leading to increased risk and security incidents.


Brazil's Rio Grande do Sul Court System Hit by REvil Ransomware

Permalink - Posted on 2021-04-30 17:00

Brazil's Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee's files and forced the courts to shut down their network.


Middle Market Companies Facing a Record Number of Data Breaches

Permalink - Posted on 2021-04-30 17:00

Middle market companies possess a significant amount of valuable data but continue to lack appropriate levels of protective controls and staffing, according to a report from RSM US and the U.S. Chamber of Commerce. The results revealed that 28% of middle market leaders claimed that their company experienced data breaches in the last year, a sharp rise from 18% in last year’s survey and the highest level since 2015. Many leaders attributed this increase to challenges created by COVID-19. According to the survey, 33% of middle market executives said they experienced a ransomware attack or demand in 2020, the highest number since ransomware became a focus of the data four years ago, and a 10% increase from last year. Fifty-one percent said that outside parties attempted to manipulate employees by pretending to be trusted third parties or company executives, a 2% increase from 2019. Additionally, 45% of social engineering attacks were successful last year, a spike from 28% in the previous year. Attempts were much more successful at larger middle market companies, with 67% reporting that manipulation attempts worked and 43% reporting a ransomware attack, compared to 19% and 24% at smaller organizations, respectively. Of the organizations that experienced a ransomware or social engineering attack, 67% said their business experienced an attack as an indirect result of the COVID-19 pandemic, with the most common attack based on exploiting vulnerabilities from employees working remotely.


Five Federal Agencies Potentially Breached in Pulse Connect Secure Hack

Permalink - Posted on 2021-04-30 17:00

At least five federal civilian agencies appear to have been breached in the latest hack to hit the US government, a discovery that follows emergency measures to mitigate potential damage from the incident, according to a top official at the Cybersecurity and Infrastructure Security Agency. Hackers with suspected ties to China repeatedly took advantage of vulnerabilities in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to government agencies, defense companies and financial institutions in the US and Europe, a report released early this month showed.


Paleo Lifestyle Brand Exposes Customers to Fraud in Massive Data Breach

Permalink - Posted on 2021-04-30 17:00

The data breach originated from a cloud storage account Paleohacks was using to store the private data and personal details of over 70,000 customers and users. The company had failed to implement basic data security protocols. As a result, anyone whose data had been collected by Paleohacks was at risk of fraud, identity theft, hacking, and much more.


Broad Concern Over Third-Party App Providers Post-SolarWinds

Permalink - Posted on 2021-04-30 17:00

Recent breaches of third-party applications are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices. A recent Dark Reading poll of IT and cybersecurity professionals found 34% believe attackers with deep knowledge of application vulnerabilities present the greatest threat to app security – and 78% say security is important enough to delay deployment of applications.


First Horizon Bank Customers Have Account Funds Drained

Permalink - Posted on 2021-04-29 17:00

A leading US bank has revealed a data breach in which over 100 online customers had their funds accessed by an unauthorized intruder. First Horizon Bank claimed in a filing with the Securities and Exchange Commission (SEC) yesterday that less than $1 million was stolen in total from those accounts. The attack itself seems to have relied on stolen or brute forced customer credentials, plus the exploitation of a vulnerability inside the financial services company.


Cancer Patients Diverted After Cyber Attack on MedTech Firm

Permalink - Posted on 2021-04-29 17:00

Scores of US hospitals are thought to have been affected after a security breach at a specialist provider of equipment for cancer treatments last week. Swedish oncology and radiology system provider Elekta explained in a company update this week that a “data security incident” had affected its first-generation cloud-based storage system.


Einstein Healthcare Network Facing Class Action Lawsuit Over 2020 Phishing Attack

Permalink - Posted on 2021-04-29 17:00

The Philadelphia-based health system, Einstein Healthcare Network, is facing a class action lawsuit over an August 2020 phishing attack that resulted in multiple employee email accounts being accessed by an unauthorized individual. The lawsuit was filed by law firm Morgan & Morgan with Einstein Healthcare patient Nanette Katz of Blue Bell, PA named as lead plaintiff. The lawsuit alleges Einstein Healthcare failed to secure and safeguard the protected health information of patients and had not implemented or followed basic security procedures.


PHI of 31,000 Individuals Potentially Compromised in River Springs Health Plans Phishing Attack

Permalink - Posted on 2021-04-29 17:00

An unauthorized individual gained access to the email account of an employee of River Springs Health Plans and installed malware which potentially allowed the contents of the email account to be exfiltrated.


Breached Online Ordering Platforms Expose Hundreds of Restaurants

Permalink - Posted on 2021-04-29 17:00

The affected platforms take one of two forms. Three of the five affected platforms — Easy Ordering, MenuSifu, and E-Dining Express — operate as individual restaurants’ actual ordering infrastructure. Those three platforms exposed transactions from at least 70 different restaurants.


Italy: Banca di Credito Cooperativo Suffers Cyber Attack Impacting 188 Branches

Permalink - Posted on 2021-04-29 17:00

The report on La Repubblica contains a screencap of a ransom note reportedly seen on the PCs of the bank. The note indicates that the attackers are the threat actors known as DarkSide.


Italy: Hacker Attack on Pharmaceutical Company Zambon

Permalink - Posted on 2021-04-29 17:00

DataBreaches.net notes that the threat actors behind the attack are the group known as Babuk, and they claim to have exfiltrated about 10 GB of data from zambongroup.com (which redirects to zambon.com).


Ransomware Gang Leaks Court and Prisoner Files from Illinois Attorney General Office

Permalink - Posted on 2021-04-29 17:00

The operators of the DopplePaymer ransomware have leaked a large collection of files from the Illinois Office of the Attorney General after negotiations have broken down and officials refused to pay a ransom demand, The Record has learned. The leaked files include information from court cases orchestrated by the Illinois OAG, including some private documents that do not appear in public records.


Singapore: Organisation That Oversees Tafep Fined $29,000 Over Data Breach

Permalink - Posted on 2021-04-29 17:00

The Tripartite Alliance Limited (TAL) has been fined $29,000 after the data of about 20,000 people was accessed by hackers last year. The Personal Data Protection Commission (PDPC) said in a recent decision that TAL had failed to put in place "reasonable security arrangements" to prevent the unauthorised access of its customer relationship management system database. Hacked data included names, identification numbers, contact numbers, e-mail addresses, age, race, marital status, salaries and compensation amounts.


DigitalOcean Says Customer Billing Data Accessed in Data Breach

Permalink - Posted on 2021-04-29 17:00

The cloud infrastructure giant told customers in an email on Wednesday, obtained by TechCrunch, that it has “confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account.” The company said the person “gained access to some of your billing account details through a flaw that has been fixed” over a two-week window between April 9 and April 22. The email said customer billing names and addresses were accessed, as well as the last four digits of the payment card, its expiry date and the name of the card-issuing bank.


Chase Bank Phish Swims Past Exchange Email Protections

Permalink - Posted on 2021-04-28 17:00

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims — by spoofing real-life customer scenarios. Researchers from Armorblox recently discovered the attacks, one of which claims to contain a credit card statement, while the other informs users that their online account access has been restricted due to unusual login activity, according to a post on the Armorblox blog posted Tuesday.


Wyoming Department of Health Announces GitHub Data Breach Affecting 164,000 Individuals

Permalink - Posted on 2021-04-28 17:00

The Wyoming Department of Health (WDH) has discovered the protected health information of 164,021 individuals has been accidentally exposed online due to an error by a member of its workforce. On March 10, 2021, WDH discovered an employee had uploaded files containing medical test result data to private and public repositories on the software development platform GitHub. While security controls are in place to protect users’ privacy, an error by the employee meant the data could potentially have been accessed by individuals unauthorized to view the information from January 8, 2021.


Cancer Patients in the State of Washington Had Their Sensitive Records Hacked

Permalink - Posted on 2021-04-28 17:00

DataBreaches.net waited to see when some notification by Capital Medical Center would show up — either on their site, or in a press release or media notice, or on the state’s breach list, or on HHS’s public breach tool. But it didn’t show up anywhere. Avaddon likely gave up on trying to extort them as they dumped almost 30 GB of files and moved their name to the “Full Dumps” list from the “New Companies” (active) list. And still there was no notification posted anywhere, so DataBreaches.net started investigating. And the first thing this blogger learned was that Capital Medical Center had been absorbed by MultiCare. In response to my inquiries, Multicare responded on April 23rd with the following statement:


CZ: Olomouc Continues to Recover While Still Being Threatened by Threat Actors

Permalink - Posted on 2021-04-28 17:00

On April 9, DataBreaches.net noted a report that the municipality of Olomouc had suffered a cyber attack on April 7. There were almost no details other than the municipality estimated it might take two weeks to fully restore services. Since then, a few more details have emerged. We now know that it was the Avaddon threat actors who were responsible for the attack. They added Olomouc to their dedicated .onion leak site with a typical threatening message about what would happen if Olomouc did not pay their demand.


Maine Government Website Displayed Mental Health Patients' Confidential Information

Permalink - Posted on 2021-04-28 17:00

At least 20 documents on the Maine government website contained names and, in some cases, addresses, dates of birth and phone numbers, for those receiving mental health and substance use treatment. The website is a public database where anyone can review licensing information for health care agencies overseen by the Maine Department of Health and Human Services.


Only 8% of Businesses That Paid a Ransom Got All of Their Data Back

Permalink - Posted on 2021-04-28 17:00

The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021, a Sophos survey reveals. The average ransom paid is $170,404. 54% of respondents believe cyberattacks are now too advanced for their IT team to handle on their own.


Ransomware Crooks Threaten to ID Informants If Cops Don't Pay Up

Permalink - Posted on 2021-04-28 17:00

Babuk, as the group calls itself, said on Monday that it had obtained 250GB of sensitive data after hacking the MPD network. The group’s site on the dark web has posted dozens of images of what appear to be sensitive MPD documents. One screenshot shows a Windows directory titled "Disciplinary Files." Each of the 28 files shown lists a name. A check of four of the names shows they all belong to MPD officers.


Legal Convictions to Be Studied After Cellebrite Flaws Disclosed

Permalink - Posted on 2021-04-28 17:00

A Maryland defense attorney has decided to challenge the conviction of one of his clients after it was recently discovered that the phone cracking product used in the case, produced by digital forensics firm Cellebrite, has severe cybersecurity flaws that could make it vulnerable to hacking.


74% of Financial Institutions See Spike in COVID-Related Threats

Permalink - Posted on 2021-04-28 17:00

Financial losses have also increased among organizations in the last year, with the average cost reaching $720,000. Financial institutions are hit hard by COVID-related cybercrime, according to new research from BAE Systems Applied Intelligence. The index surveyed 902 organizations in the financial services sector and found 74% of respondents have experienced a rise in cybercrime since the pandemic began, with 42% of banks and insurers saying the remote working model has made them less secure.


U.K. Rail Network Merseyrail Likely Hit by Lockbit Ransomware

Permalink - Posted on 2021-04-28 17:00

While the cyberattack has not been publicly disclosed, BleepingComputer learned of the attack after receiving a strange email on April 18th from Heith's email account with the mail subject, "Lockbit Ransomware Attack and Data Theft." This email was sent to BleepingComputer, various UK newspapers, and the staff of Merseyrail in what appears to be a takeover of the Director's @merseyrail.org Office 365 email account by the Lockbit Ransomware gang. In this email, the threat actors pretended to be Merseyrail's Director telling employees that a previous weekend's outage was downplayed and that they suffered a ransomware attack where the hackers stole employee and customer data.


Phishing Attack on Home Medical Equipment Provider Affects 153,000 Individuals

Permalink - Posted on 2021-04-27 16:00

The protected health information of 153,013 individuals has potentially been compromised in an email security breach at HME Specialists LLC, dba Home Medical Equipment Holdco.


Fiji: Cyber Attack Disrupts Government Online Services

Permalink - Posted on 2021-04-27 16:00

A cyber attack resulted in disruptions to some of Government’s online services and networks, including GovNet, on Monday. Attorney-General and Minister for Communications Aiyaz Sayed-Khaiyum said as a measure of extreme precaution, advice had been disseminated across Government to protect network integrity resulting in a temporary disruption to the government network.


Oregon Centennial Schools to Cose for 2 Days After Hackers Breach School Systems

Permalink - Posted on 2021-04-27 16:00

A Portland-area school district has canceled Tuesday and Wednesday classes as staffers work to fix a ransomware attack that may have affected the district’s technology systems. Centennial School District staff discovered Monday that certain digital files had been “encrypted by an unknown actor,” the district said in a statement.


Nissan Securities Experiences Network Damage in Cyber Attack

Permalink - Posted on 2021-04-27 16:00

Since April 25, 2021, the online trading system (trading options / futures on stock indexes, click 365, click shares 365) has been damaged due to unauthorized access by a third party. Due to this failure, the network related to the online trading system is cut off and restoration work is in progress.


UnitingCare Queensland Security Incident Takes Some Systems Offline

Permalink - Posted on 2021-04-27 16:00

UnitingCare Queensland has confirmed it has fallen victim to a cyber incident, rendering some of its systems inaccessible. The organisation, which provides aged care, disability supports, health care, and crisis response services throughout the state, said the incident occurred on Sunday 25 April 2021.


New York Guilderland Central Schools Hit with Malware Attack

Permalink - Posted on 2021-04-27 16:00

Guilderland Central School District last week became the latest of many in New York to suffer a malware attack, forcing students back to remote learning today while the district works with specialists to investigate.


Ransomware Recovery Costs Near $2 Million

Permalink - Posted on 2021-04-27 16:00

The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021. The average ransom paid is $170,404.


MangaDex Discloses Data Breach After Stolen Database Shared Online

Permalink - Posted on 2021-04-27 16:00

Manga scanlation site MangaDex disclosed a data breach last week after learning that the site's user database was privately circulating among threat actors. In March, MangaDex was hacked, and a threat actor claimed to have stolen the site's source code and its database, which they said had not been published anywhere. After MangaDex took the site offline in response to the attack, the threat actor, known as 'holo-gfx,' continued to taunt the owners by claiming to have backdoored the site with further vulnerabilities and web shells.


Washington D.C. Police Force Confirms Data Breach

Permalink - Posted on 2021-04-27 16:00

Ransomware criminals have posted trophy pictures on their Tor blog after attacking the police force for US capital Washington DC. The Metropolitan Police Department said it was "aware of unauthorised access on our server" and had engaged the FBI to investigate, according to BleepingComputer. Babuk, a relatively new ransomware gang, claimed credit for the attack and claimed to have stolen 250GB of files from the force. The Register had a look at their blog and found screenshots of folder names suggesting personal data was available to the criminals, as well as details of ongoing investigations.


AirDrop Leaking Email Addresses and Phone Numbers

Permalink - Posted on 2021-04-27 16:00

AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.


Accellion Data Breaches Drive Up Average Ransom Price

Permalink - Posted on 2021-04-27 16:00

The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year. These attacks set to $220,298 the average ransom payment in the first quarter of 2021, which translates to a 43% increase compared to the last quarter of 2020, notes ransomware remediation firm Coveware. The median ransom payment is also up, by almost 60%, reaching $78,398 from $49,450.


Florida Public Defender Describes Malware Attack's Impact

Permalink - Posted on 2021-04-27 16:00

The Office of the Public Defender in southwestern Florida says malware attackers may have compromised the personally identifiable information of its staff and clients. The office, which was struck on April 1 by an unknown type of attack, maintains a database containing more than 500,000 records of current and former employees and clients.


Reverb Discloses Data Breach Exposing Musicians' Personal Info.

Permalink - Posted on 2021-04-27 16:00

Today, Reverb customers began receiving data breach notifications stating that customer information was exposed, including customers' names, addresses, phone numbers, and email addresses. While Reverb's notification does not explain how they exposed the data, security researcher Bob Diachenko sheds some light on what happened. Diachenko says he discovered an unsecured Elasticsearch server publicly exposed on the Internet that contained more than 5.6 million records. Each record contained information about a particular listing on Reverb.com, including the full name, email address, phone number, mailing address, PayPal email, and listing/order information.


16% of Mobile Devices in Developing Markets Now Infected with Malware

Permalink - Posted on 2021-04-27 16:00

Insights come from Secure-D processing 1 billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets covering nearly 840 million users. The report reveals the scale of the impact of the COVID-19 pandemic on mobile ad fraud and malware. 46,000 malicious apps were detected in circulation, with a global block rate of 95 percent. This translates as 16 percent of mobile devices carrying at least one infected app. Globally, only 2.6 percent of devices are reported to be harboring high-risk apps. It is estimated that end-users in 23 markets avoided $1.3 billion in losses owing to fraudulent sign ups being blocked in 2020.


61% of Organizations Impacted by Ransomware in 2020

Permalink - Posted on 2021-04-26 16:00

While ransomware was a big problem for organizations in 2020, it wasn’t the only one. Mimecast’s “The State of Email Security” report also revealed additional threat trends, including: A 64% year-over-year increase in threat volume. An increase in email usage in eight out of 10 companies. 47% of survey respondents noted they saw an increase in email spoofing activity. 71% said they are concerned about the risks posed by archived conversations from collaboration tools.


Germany: Grocer Tegut Is the Target of a Cyber Attack

Permalink - Posted on 2021-04-26 16:00

Osthessen reports that the supermarket chain Tegut has suffered a cyberattack by unknown persons. Tegut operates more than 280 supermarkets in six areas of Germany.


Norway: Ransomware Attack on Nordlo Knocked Out Vakt og Alarm's Medical Alert Systems

Permalink - Posted on 2021-04-26 16:00

According to Vakt og Alarm’s web site, they provide “welfare technology” that enables individuals with disabilities to live at home. Because Vakt og Alarm was affected by the Nordlo attack, the medical signal systems in several care institutions failed.


Milan, the Pharmaceutical Company Mipharm SPA Victim of a Hacker Attack

Permalink - Posted on 2021-04-26 16:00

The group of cybercriminals Sodinokibi (REvil) has published some screenshots of the data stolen during the cyber attack on the servers of the Milanese pharmaceutical company.


Outages Blamed on Malware Still Plaguing Budget Airlines

Permalink - Posted on 2021-04-26 16:00

A technology provider says a malware attack triggered a dayslong outage that has caused reservations systems to crash at about 20 low-cost airlines around the world. The company, Radixx, said it noticed “unusual activity” around its reservations program on Tuesday. It did not describe the malware or say how it got into the program. A spokeswoman for Radixx’s parent, Southlake, Texas-based Sabre Corp., said Friday that the company was beginning to restore service to airline customers. Kristin Hays said the company reported the incident to the FBI.


Manquen Vance Email Breach Impacts 7,018 Patients

Permalink - Posted on 2021-04-26 16:00

The Michigan-based group health plan broker and consultancy firm Manquen Vance – formerly Cornerstone Municipal Advisory Group – is alerting 7,018 individuals about a potential breach of their personal and health information.


U.S. Drilling Giant Gyrodata Reveals Employee Data Breach

Permalink - Posted on 2021-04-26 16:00

A major oil drilling specialist has admitted it suffered a ransomware attack which may have led to the compromise of data belonging to current and former employees. There’s no information on whether the ransomware itself caused any disruption to the firm, but it did admit the potential impact on employees’ personal and financial data.


Open Apache SOLR Server Exposes Data of 250M Americans

Permalink - Posted on 2021-04-26 16:00

On April 22nd, 2021, a hacker going by the online handle of Pompompurin leaked a database containing personal and sensitive household data of over 250 million (250,807,711) American citizens and residents. As seen by Hackread.com, the database was leaked on a prominent hacker forum and comprises 263 GB worth of records including 1,255 CSV subfiles each with 200,000 listings.


3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails

Permalink - Posted on 2021-04-26 16:00

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the U.K (205,099), Australia (136,025), Brazil (68,535), and Canada (50,726).


Targeted Ransomware Attacks Grow 767%, India Among Top Targets

Permalink - Posted on 2021-04-26 16:00

The ransomware attacks on high-profile targets such as corporations, government agencies and municipal organisations globally increased by a whopping 767 per cent in one year (from 2019 to 2020), according to a new report. Targeted ransomware attacks have become a major concern globally in the past few years, especially for organisations and businesses in the APAC region, especially India.


Hacker Leaks 20 Million Alleged BigBasket User Records

Permalink - Posted on 2021-04-26 16:00

A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum. BigBasket is a popular Indian online grocery delivery service that allows people to shop online for food and deliver it to their homes. This morning, a well-known seller of data breaches known as ShinyHunters posted a database for free on a hacker forum that he claims was stolen from BigBasket.


Northern Light Sued After Breach Exposing 650,000 People

Permalink - Posted on 2021-04-23 17:00

Two brothers from Holden have sued Northern Light Health over a data breach last May that left them vulnerable to identity theft and affected more than 650,000 people. The complaint, filed Tuesday in Penobscot County Superior Court, claims that Northern Light violated Maine law by sharing personal health care information with Blackbaud Inc. for fundraising purposes without patients’ prior permission. Northern Light also allegedly failed to encrypt the information it shared with Blackbaud.


Illinois Attorney General’'s Office Hit by Ransomware

Permalink - Posted on 2021-04-23 17:00

Threat actors known as DoppelPaymer claim to have attacked the Illinois Attorney General’s Office. And on April 13, the AG’s office acknowledged that they were investigating a network compromise.


VTA Targeted in Apparent Ransomware Attack

Permalink - Posted on 2021-04-23 17:00

A group of hackers claims to have stolen a trove of data from the Santa Clara Valley Transportation Authority in an apparent ransomware attack that has paralyzed many of the agency’s computer systems for days. VTA officials initially said they believed they had contained the attack, which began over the weekend. But in a post on the dark web Thursday, a hacker group calling itself “Astro” wrote that it stole 150 gigabytes of data from the transit authority and is threatening to post it publicly if VTA does not “cooperate.”


Malware Operators Leverage TLS in 46% of Detected Communications

Permalink - Posted on 2021-04-23 17:00

Researchers have found that as Transport Layer Security (TLS) has grown to account for some 98% of all web page visits, use of TLS among malware operators increased from 23% of all malware detected in 2020 to nearly 46% today.


Passwordstate Password Manager Hacked in Supply Chain Attack

Permalink - Posted on 2021-04-23 17:00

ClickStudios, the company behind the Passwordstate password manager, notified customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks.


TikTok Sued Over Use of Minors' Data

Permalink - Posted on 2021-04-22 16:00

Video-sharing social networking service TikTok is being sued for billions of dollars over its alleged mishandling of children's data. TikTok, which is owned by Chinese company ByteDance, has more than 800 million users worldwide. Internal company data from July 2020 reported by the New York Times showed 18 million TikTok users were aged 14 years or younger. The claim against the company has been filed by Anne Longfield, children's commissioner for England, on behalf of the millions of minors in the UK and the EU who have used TikTok since May 25, 2018, whether they have a TikTok account or not. In the legal challenge, TikTok is accused of harvesting children's personal information without sufficient notice, transparency, or the consent required under British and European Union law. Children's data that the company allegedly mishandles includes biometric information, location data, videos, and phone numbers.


Massive Android Botnet Hits Smart TV Ad Ecosystem

Permalink - Posted on 2021-04-22 16:00

Security researchers at Human Security (formerly White Ops) have discovered a massive botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem. The sophisticated mobile botnet, dubbed Pareto, is made up on nearly a million infected mobile Android devices pretending to be millions of people watching ads on smart TVs and other devices. Human Security said the botnet used dozens of mobile apps to impersonate or spoof more than 6,000 CTV apps, accounting for an average of 650 million ad requests every day.


Student Accesses School Database After Teacher Leaves Password Written on Note

Permalink - Posted on 2021-04-22 16:00

A pupil hacked into their teacher's computer to change grades after finding the password on a note stuck to a laptop. The same password was used for access to multiple accounts and the pupil's hack is among the incidents which prompted GCHQ to offer cyber security training to school staff. After obtaining the password, the pupil was able to access more than 20,000 records and change their grades, GCHQ's National Cyber Security Centre says. The incident, which resulted in disciplinary action for the school by the Information Commissioner's Office, is used as one of four real-life case studies given as part of the Government's new training programme.


Elliman's Property Management Arm Suffers Data Breach

Permalink - Posted on 2021-04-22 16:00

Thousands of New York residents who live in buildings run by Douglas Elliman’s property management arm may have had their personal information compromised this month. Douglas Elliman Property Management’s three managing directors emailed hundreds of co-operative and condominium boards Monday to advise them that the company’s IT network — which contains data for its buildings’ residents and employees — was breached and their personal information may have been compromised.


Court Approves Data Breach Settlements with BMO, CIBC

Permalink - Posted on 2021-04-22 16:00

An Ontario court has approved proposed class action settlements with Bank of Montreal (BMO) and CIBC over cybersecurity breaches involving thousands of clients. The Superior Court of Justice endorsed settlements and distribution plans designed to resolve lawsuits against the banks stemming from a data theft that affected more than 10,000 clients of CIBC’s Simplii Financial unit and more than 113,000 BMO clients in 2018. The parties reached agreements last fall to settle the action against BMO for $21.2 million, and against CIBC for $1.8 million.


Services Australia Penalized for Breaching Privacy of a Vulnerable Customer

Permalink - Posted on 2021-04-22 16:00

The Australian Information Commissioner has issued Services Australia with a notice to pay a customer AU$19,890 as atonement for breaching her privacy. The agency's process for updating personal information in a domestic violence situation was not only alarming, but was found to be a breach of privacy by the Information Commissioner, too.


SolarWinds Hack Analysis Reveals 56% Boost in Command Server Footprint

Permalink - Posted on 2021-04-22 16:00

A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed. RiskIQ's Team Atlas has identified an additional 18 servers linked to the SolarWinds espionage campaign, a number the firm says represents a "56% increase in the size of the adversary's known command-and-control footprint." The new C2s were discovered by mapping the second stage of deployment; in particular, modified beacons associated with Cobalt Strike. While this pattern itself is not uncommon, the team correlated this online data -- containing over 3,000 results -- with SSL certificates recorded as in use by the SolarWinds hackers.


67% of IT Pros Concerned with Teleworking Eendpoint Misuse

Permalink - Posted on 2021-04-22 16:00

43.13% of workers will stay remote after the pandemic ends and two out of three IT professionals are concerned with teleworking endpoint misuse, a new Prey study reveals.


Logins for 1.3 Million Windows RDP Servers Collected from Hacker Market

Permalink - Posted on 2021-04-22 16:00

​The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. With this massive leak of compromised remote access credentials, researchers, for the first time, get a glimpse into a bustling cybercrime economy and can use the data to tie up loose ends on previous cyberattacks.


Bugs Allowed Hackers to Dox John Deere Tractor Owners

Permalink - Posted on 2021-04-22 16:00

A pair of bugs in John Deere's apps and website could have allowed hackers to find and download the personal data of all owners of the company's farming vehicles and equipment, according to a security researcher who found the vulnerabilities.


Over 580 WordPress Vulnerabilities Disclosed in 2020

Permalink - Posted on 2021-04-21 17:00

More than 580 WordPress vulnerabilities were disclosed in 2020, but a vast majority of them impact third-party plugins and themes rather than the WordPress core, according to a new report from website security company Patchstack (formerly WebARX). Patchstack has analyzed 50,000 WordPress websites and found that they use, on average, 23 third-party plugins, four of which were not updated to the latest version.


Three Zero-Day Flaws in SonicWall Email Security Product Exploited in Attacks

Permalink - Posted on 2021-04-21 17:00

SonicWall’s Email Security product is affected by three vulnerabilities that have been exploited in attacks. It took the vendor roughly two weeks to start releasing patches, but a public warning about active exploitation came only 25 days after it learned about the attacks.


Cyber Attack on Bavarian City of Kammeltal

Permalink - Posted on 2021-04-21 17:00

BR24 reports that a municipality in Bavaria has been hit by a trojan with a ransom demand. How the malware was injected is not yet confirmed but an email attachment is suspected.


University of Castilla-La Mancha (UCLM) Suffers a Ransomware Attack

Permalink - Posted on 2021-04-21 17:00

A tweet yesterday informed people that the target of the attack was the university’s technological infrastructure.


National Australia Bank Repays Customers $687k for 2019 Data Breach

Permalink - Posted on 2021-04-21 17:00

National Australia Bank has revealed it paid $686,878 in compensation to customers exposed in a 2019 data breach after the personal account details of more than 10,000 customers were uploaded to a website similar to Google Sheets. The bank said it provided thousands of customers with a one-off payment while a smaller cohort were reimbursed for new passports and driver’s licences, in answers to questions on notice received by Parliament last week.


Internal Facebook Memo Reveals Plan to "Normalize" News of Data Leaks After 500 Million User Breach

Permalink - Posted on 2021-04-21 17:00

A leaked internal Facebook memo has inadvertently revealed the social media giant’s tactics after its recent data scraping controversy. Approximately 535 million accounts, one of which belonged to chief executive Mark Zuckerberg, had their personal information exposed. Online tools allowed anyone to check if their information, which included phone numbers, was revealed. Facebook said it would not notify more than half a billion users about the incident, claiming that it had full visibility on which users would need to be notified. It also said that users’ inability to fix the issue, as well as the data being publicly available, factored into the decision.


Hackers Target Iconic Japan's Toshiba Rival Hoya with Ransomware

Permalink - Posted on 2021-04-21 17:00

The hacker group called Astro Team said on its blog last week that it targeted Hoya servers and stole about 300 gigabytes of confidential corporate data including finance, production, email messages, passwords and safety reports. In 2019, Hoya suffered a major cyberattack, infectong over 100 computers and forcing the company to shut down its factories for three days.


Data Breaches Reported by VEP Healthcare and the American College of Emergency Physician

Permalink - Posted on 2021-04-21 17:00

The American College of Emergency Physicians (ACEP) has started alerting certain members that some of their personal information was stored on a server that was accessed by unauthorized individuals. In addition to providing professional organizational services to its members, management services are provided by ACEP to organizations such as the Emergency Medicine Foundation (EMF), Society for Emergency Medicine Physician Assistants (SEMPA), and the Emergency Medicine Residents’ Association (EMRA). The breach concerns data related to those organizations. Affected individuals had made a purchase from or donated to EMF, SEMPA, or EMRA.


QR Codes Offer Easy Cyber Attack Avenues as Usage Spikes

Permalink - Posted on 2021-04-21 17:00

In terms of how real-world attacks are carried out, hackers have been known to create adhesive labels with malicious QR codes and paste them over legitimate QR codes, allowing them to intercept or sit in the middle of transactions and capture payment information.


Data Breach at New England's Largest Energy Provider

Permalink - Posted on 2021-04-21 17:00

A misconfiguration error has exposed personal data belonging to customers of New England's largest energy provider. On March 16, Eversource discovered that one of its cloud data storage folders had erroneously been set to open access rather than to restricted access. The company serves more than 3.6 million electric and natural gas customers in Connecticut, Massachusetts, and New Hampshire.


Apple Supplier Quanta Hit with $50 Million Ransomware Attack from REvil

Permalink - Posted on 2021-04-21 17:00

Hackers claim to have infiltrated the networks of Quanta Computer Inc., which makes Macbooks and hardware for HP, Facebook and Google.


School District's Files Leaked in $40m Ransomware Attack

Permalink - Posted on 2021-04-20 17:00

On March 31, the office of Broward's chief communications officer, Kathy Koch, released a statement declaring that although the district "is aware of the recent actions taken by the criminals who breached our system,” it had no intention of paying those criminals a ransom. On April 19, Conti published nearly 26,000 files that had been exfiltrated from the school district. Reporters at the South Florida Sun Sentinel who reviewed the data found "a few isolated incidents where confidential student or employee information was released." The 25,971 files date from 2012 to March 2021 and chiefly contain financial records, including purchase orders, invoices, and travel expenses claim forms.


Auto Insurance Giant GEICO Discloses Data Breach

Permalink - Posted on 2021-04-20 17:00

American auto insurance provider GEICO has disclosed a cyber-incident that resulted in driver’s license numbers being compromised. A wholly owned subsidiary of Berkshire Hathaway, the Government Employees Insurance Company (GEICO) is the second largest car insurer in the United States, but also offers property insurance. In a data breach notification to impacted individuals, the company reveals that, between January 21 and March 1, 2021, using customer information acquired elsewhere, fraudsters managed to gain unauthorized access to driver’s license numbers by abusing the online sales system on Geico’s website.


Service NSW Kept Victims in Dark After Hackers Stole Personal Data

Permalink - Posted on 2021-04-20 17:00

The NSW government has deliberately failed to inform tens of thousands of people that their ­personal information was stolen in a cyber security attack on Service NSW employee emails, as the agency says it has no obligation to notify affected customers. Documents obtained by The Australian show Service NSW ­decided not to inform many ­vic­tims whose data was stolen by criminals during a phishing attack on the department in April 2020, despite acknowledging the theft of their personal information could cause them serious harm.


School System Mistakenly Releases Names of Students, Staff with COVID

Permalink - Posted on 2021-04-20 17:00

The local school system failed to properly redact personal information from a document requested through the Virginia Freedom of Information Act, inadvertently releasing to a parent last week the names of all Chesterfield County Public Schools students and employees who have reported testing positive for COVID-19. Chesterfield resident Grace Olsen, the mother of a CCPS student, had asked for the number of students who have been required to quarantine as a result of exposure to the coronavirus in Chesterfield schools. Olsen received the responsive document in PDF format last Thursday afternoon. Because the font size was so small, she copied and pasted the data into a spreadsheet for easier readability. She was shocked to discover that first and last names of nearly 1,000 students and staff – which had been obscured by a black bar in the original PDF – and the dates of their positive tests were clearly visible in her newly created Excel file.


University of Hertfordshire Still Hobbled by Ransomware Attack

Permalink - Posted on 2021-04-20 17:00

Slightly more than one year after it managed to avoid an investigation by the ICO over its data protection practices, the University of Hertfordshire joined the ranks of the many educational institutions crippled by a ransomware attack. The attack reportedly occurred on April 14, and was reported on April 15. As of today, the university has yet to fully restore functioning, with their most recent status updates available on their web site. Most live teaching resumed yesterday (April 19) and Canvas, Teams and Zoom were accessible as normal, but sessions that require remote access to specialist applications might still require rescheduling.


China-Linked Hackers Used Pulse Secure Flaw to Target U.S. Defense Industry

Permalink - Posted on 2021-04-20 17:00

At least two groups of China-linked hackers have spent months using a previously undisclosed vulnerability in American networking devices to spy on the U.S. defense industry, researchers and the devices' manufacturer said Tuesday. Utah-based IT company Ivanti said in a statement that the hackers took advantage of the flaw in its Pulse Connect Secure suite of virtual private networking devices to break into the systems of "a very limited number of customers." Ivanti said that while there were mitigations in place a fix for the issue would not be available until early May.


Eversource Energy Data Breach Caused by Unsecured Cloud Storage

Permalink - Posted on 2021-04-20 17:00

Eversource, the largest energy supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server. Eversource Energy is the latest energy delivery company in New England, powering 4.3 million electric and natural gas customers throughout Connecticut, Massachusetts, and New Hampshire. In a data breach notification shared with BleepingComputer, Eversource Energy is warning customers that the unsecured cloud storage server exposed their name, address, phone number, social security number, service address, and account number.


Ransomware "Bull's Eye' Grows, Clouding Telehealth's Rise in Long-term Care

Permalink - Posted on 2021-04-19 16:00

Insurers are issuing 25% to 50% premium increases this year, reflecting a large number of ransomware payouts over the last year and a half, according to David Basham, an Atlanta-based broker for Willis Towers Watson.


March 2021 Healthcare Data Breach Report Shows Almost a 40% Incrase in Breaches

Permalink - Posted on 2021-04-19 16:00

here was a 38.8% increase in reported healthcare data breaches in March. 62 breaches of 500 or more records reported to the HHS’ Office for Civil Rights, with hacking incidents dominating the breach reports. The high number of reported breaches is largely due to an increase in data breaches at business associates.


ICO Issued Over £42 Million in Fines Last Year

Permalink - Posted on 2021-04-19 16:00

The UK’s privacy regulator issued over £42 million in fines last year, although the vast majority of the money relates to two major GDPR penalties, according to new data. Flagged by think tank Parliament Street, the Information Commissioner’s Office (ICO) “work to recover fines” report revealed that 17 financial penalties had been levied in 2020, amounting to more than £42.4 million. Most can be attributed to the vastly reduced and much-delayed fines finally imposed on Marriott International (£18.4 million) and British Airways (£20 million) for major data breaches. Ticketmaster’s (£1.25 million) was the next-biggest fine, with the remaining 14 standing at £500,000 or less.


Codecov Was a Victim of a Supply Chain Attack

Permalink - Posted on 2021-04-19 16:00

A new supply chain attack made the headlines, the software company Codecov recently disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools named Bash Uploader. Code coverage is one of the major metrics companies, it provides code testing solutions to a broad range of organizations, including Atlassian, P&G, GoDaddy, and the Washington Post. The security breach took place on January 31, but it was discovered on April 1st by one of its customers.


Drinks Giant C&C Group Subsidiary Shuts Down IT Systems Following Security Incident

Permalink - Posted on 2021-04-19 16:00

Matthew Clark Bibendum (MCB), a distributor of alcoholic beverages and soft drinks in the UK and Ireland, says it’s working to restore IT systems following a cybersecurity incident. MCB is owned by C&C Group, which manufactures and distributes two of its most well-known brands – Irish cider Bulmers and Scottish beer Tennent’s – to more than 40 countries.


England: Latest on Ransomware Attack on 24 Schools Near Bristol

Permalink - Posted on 2021-04-19 16:00

The full extent of a “disruptive and distressing” ransomware attack that has affected 24 schools near Bristol can today be revealed. More than 1,000 devices are having to be rebuilt and many teachers could start the new term on Monday (April 19) without laptops, whiteboards and other vital equipment and resources.


Millions of Indian Credit Card Numbers Stolen in Domino's Pizza Hack

Permalink - Posted on 2021-04-19 16:00

In what could add to latest string of cyber breaches at India-based entities, a cyber security researcher on Sunday claimed that credit card details of nearly 10 lakh people who purchased online on Domino's Pizza India is allegedly being sold for over Rs 4 crore on the Dark Web.


Major Data Breach at Cleaning and Catering Company Spotless

Permalink - Posted on 2021-04-19 16:00

Trans-Tasman catering and cleaning firm Spotless has admitted to a huge data breach in which hackers may have obtained past and present staff members’ passport and IRD numbers, amongst other personal information. Internet experts said the breach was very serious and there was enough personal information in the potential leak that meant a “very high risk” of identity theft.


Codecov Was a Victim of a Supply Chain Attack

Permalink - Posted on 2021-04-19 16:00

A new supply chain attack made the headlines, the software company Codecov recently disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools named Bash Uploader. Code coverage is one of the major metrics companies, it provides code testing solutions to a broad range of organizations, including Atlassian, P&G, GoDaddy, and the Washington Post. The security breach took place on January 31, but it was discovered on April 1st by one of its customers.


NYDFS Settles with National Securities Corp. for $3M for Violations of DFS Cyber Security Regulations

Permalink - Posted on 2021-04-19 16:00

The New York Department of Financial Services (NYDFS) has settled alleged violations of the Department’s strict cybersecurity regulations with National Securities Corp. (NSC) for $3 million, over four separate cybersecurity events suffered by it and its affiliate National Asset Management, Inc. (NAM) between April 3, 2018 and April 30, 2020.


Privacy Breach at Algoma Public Health

Permalink - Posted on 2021-04-16 17:00

In a copy of the letter obtained by Saultonline staff, APH admits to having a staff member inadvertently send a compromising e-mail “to another health care service provider.” The incident occurred June 10, 2020 and a manager was immediately notified of the error according to the letter. An attempt to recall the e-mail failed, but contact with the recipient was made. They assured APH the e-mail was removed from their inbox and never opened. The e-mail in question contained first and last names, health card numbers, addresses, date of COVID testing and COVID test results.


Maine and North Dakota Are Latest States to Adopt the NAIC Data Security Model Law

Permalink - Posted on 2021-04-16 17:00

Two more state governors, those of Maine and North Dakota, have signed bills into law that adopt the National Association of Insurance Commissioners (NAIC) data security model law (Model Law). Maine and North Dakota join several other states that have already passed similar laws. Hawaii, Idaho, Illinois, Iowa, Minnesota, Rhode Island, and Wisconsin have similar bills pending.


France: The Bourbon Group Hit by a Cyber Attack

Permalink - Posted on 2021-04-16 17:00

The maritime services group for the Bourbon oil industry has been hit by a cyber attack that locks up its computer system, it said Tuesday. Christelle Loisel, vice president of communication said, stating that it was the subject of a cyberattack on the night of April 8 and April 9, as a security measure the applications have been closed, no customer operation was stopped.


In a Game of Data Breach Hot Potato, Companies Deny Being Source of Data for Sale Online

Permalink - Posted on 2021-04-16 17:00

After Facebook and Mobikwik, hackers have claimed to got access to another major tech giant in India. As per two posts by hackers on a hackers’ forum, they have gained access to Tata Communications servers. In the posts, the hackers are offering backdoor entry to anyone who is willing to pay $9000 for the servers.


IT: Asti DOCG Consortium Targeted by Hackers

Permalink - Posted on 2021-04-16 17:00

The attack, which affected the servers of an external company, resulted in the temporary suspension of the deliveries of cable ties.


Cyber ​​Attacks on the Municipalities of Brescia, Caselle Torinese and Rho: First Stolen Data Published

Permalink - Posted on 2021-04-16 17:00

The three municipalities decide not to pay the ransom requested by the cybercriminals. For two municipalities involved in the data theft, the news was leaked that DoppelPaymer had initially asked for a ransom equal to 1.3 million euros for the Municipality of Brescia and about 400 thousand euros for the Municipality of Rho for the server decryption key However, this all happened before the hacker group put the first stolen data online.


Data Breach of Thousands of Chattanooga Library Card Owners Revealed

Permalink - Posted on 2021-04-16 17:00

The Chattanooga Library revealed the private information of around 5,000 library cardholders had been exposed online since October 2020, an IT team they work with catching this mistake only last week.


Presidio Employee Files Class Action Over Data Breach

Permalink - Posted on 2021-04-16 17:00

North American IT company Presidio faces a proposed data breach class action by an employee for an incident involving employee data. Eric LaPrairie, a former Presidio employee, received a notice of a data breach from Presidio, and about a month later found out that he was the victim of a SIM swap (a technique in which a hacker uses personal information to swap someone’s telephone number onto a new phone). After the SIM swap, LaPrairie claims the hacker was able to reset some of LaPrairie’s online passwords and attempted to gain access to his bank accounts and other accounts storing personal documents.


Gay Dating Site Manhunt Hacked, Thousands of Accounts Stolen

Permalink - Posted on 2021-04-16 17:00

Manhunt, a gay dating app that claims to have 6 million male members, has confirmed it was hit by a data breach in February after a hacker gained access to the company’s accounts database. In a notice filed with the Washington attorney general’s office, Manhunt said the hacker “gained access to a database that stored account credentials for Manhunt users,” and “downloaded the usernames, email addresses and passwords for a subset of our users in early February 2021.”


Swinburne University Confirms Over 5,000 Individuals Affected in Data Breach

Permalink - Posted on 2021-04-16 17:00

University confirms the personal information included in the breach contained names, email addresses, and phone numbers of some staff, students, and external parties


Codecov Discloses 2.5-Month-Long Supply Chain Attack

Permalink - Posted on 2021-04-16 17:00

Codecov, a software company that provides code testing and code statistics solutions, disclosed on Thursday a major security breach after a threat actor managed to breach its platform and add a credentials harvester to one of its tools. The impacted product is named Bash Uploader and allows Codecov customers to submit code coverage reports to the company’s platform for analysis. Codecov said the breach occurred “because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.”


Consumers Worry About the Cyber Security of Connected Vehicles

Permalink - Posted on 2021-04-16 17:00

U.S. motorists worry about the cybersecurity of their connected vehicles, according to a survey by HSB, part of Munich Re. Some even believe a hacker could confront them over their car audio systems or disable automotive safety features.


Domain Name Security Neglected by U.S. Energy Companies

Permalink - Posted on 2021-04-15 17:00

A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets. The Biden administration is concerned about potentially damaging cyberattacks aimed at the country’s critical infrastructure, and it’s taking steps to help electric utilities, water treatment plants and other industries protect their systems. Data collected by CSC last week shows that nearly 80 percent of the top U.S. energy organizations are at risk of cyberattacks targeting their DNS and internet domain names. The data covers the 30 biggest U.S. companies (by market capitalization) that produce and deliver energy. Specifically, CSC found that nearly 80% of energy firms don’t use registry locks, which can prevent domain name hijacking and unauthorized changes to DNS. More than two-thirds of the analyzed domains are registered with consumer-grade registrars instead of enterprise-grade registrars, which typically provide better security.


Houston Rockets Hit by the Babuk Ransomware Gang

Permalink - Posted on 2021-04-15 17:00

The ransomware group known as “Babuk” has added Houston Rockets to its victim list, warning about the imminent leak of 500GB of stolen data if their payment demands aren’t met. The threat actors present screenshots of the exfiltrated files as proof of possession, showing what appears to be contracts, non-disclosure agreements, customer information, employee information, financial data, and others. With the help of KELA, we were able to source the following screenshot from Babuk’s leak portal.


Brokerage Firm Agrees to $3 mln Deal for New York Cyber Security Rule Violations

Permalink - Posted on 2021-04-15 17:00

Brokerage firm National Securities Corp has agreed to pay $3 million in a settlement with New York’s financial services regulator over shortfalls that resulted in four cybersecurity breaches involving unauthorized access to email accounts.


Two Somerset, NJ County School Districts Report Cyber Attacks

Permalink - Posted on 2021-04-15 17:00

wo Somerset County school districts were the targets of suspected cyber attacks in the past week. Schools in both Hillsborough and Bernards were closed for a day after cyber attacks were suspected. Hillsborough schools were closed on Monday and Bernards schools were closed April 7. Schools in both districts were open the following day.


Switzerland: Griesser AG Victim of Ransomware Attack

Permalink - Posted on 2021-04-15 17:00

A Swiss firm that manufactures sun protection window treatments such as blinds, shutters, and awnings has fallen prey to a ransomware attack.


LinkedIn Data Leak: Hundreds of Thousands of Spam Emails Flood Users' Inboxes

Permalink - Posted on 2021-04-15 16:00

Users of the employment-oriented online service are being targeted with an assortment of phishing emails and scams in an attempt to hijack their LinkedIn accounts or promote fake LinkedIn email leads. According to Bitdefender Antispam Lab telemetry, ramifications of the LinkedIn data leak incident seem to have already manifested through new spam campaigns targeting inboxes of hundreds of thousands of users. Although the recent uptick in LinkedIn-themed spam can’t be directly associated with the leaked information of 500 million platform users, the overwhelming number of deceptive and fraudulent emails suggests otherwise.


University of Hertfordshire Hit by Cyber Attack

Permalink - Posted on 2021-04-15 16:00

University of Hertfordshire was targeted by a cyberattack which resulted in the universities entire IT network being taken down, as well as all access to cloud-based services being blocked. The attack started on Wednesday night at 22:00, when the universities Wi-Fi network was taken down alongside the email system and the universities student portal. Since the attack students have also reported that they have not been able to access Office 365 services, such as Teams, as well as other university paid for services such as Canvas and Zoom.


ParkMobile Breach Leaves 21M User Data Exposed

Permalink - Posted on 2021-04-15 16:00

The account information of 21 million customers of ParkMobile, a very popular mobile parking app from North America, is now being sold online due to a data breach. The information includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords, and mailing addresses.


Indian Logistics Company Bizongo Exposed 643GB of Data

Permalink - Posted on 2021-04-15 16:00

Bizongo, an online packaging marketplace has suffered a data leak in which the company left highly sensitive customer information unsecured and potentially exposed to hackers and other malicious individuals. The reason behind the incident is the company’s misconfigured AWS S3 data bucket. The data leak was discovered by researchers at Website Planet security as of late December 2020, but the details of it have also been shared now. According to researchers, they immediately contacted Bizongo regarding the incident but received no response. However, on 8th January 2021, the team checked the bucket again and the breach was found to be closed. During this time period, approximately 2,532,610 files were exposed, equating to 643GB of data.


Wells Fargo and Chase Now Among Most Imitated Brands in Phishing Attacks

Permalink - Posted on 2021-04-15 16:00

For the first time, Wells Fargo and Chase joined Check Point's list of the top 10 most exploited brands in phishing attacks, according to a Thursday report. Wells Fargo made the No. 6 spot, used in 4% of all phishing attacks analyzed in the first quarter of 2021. Fellow bank Chase was right behind in seventh place, accounting for 2% of all phishing campaigns last quarter.


IT: Threat Actors Attack ATC Website, Demand Ransom

Permalink - Posted on 2021-04-14 17:00

The Turin Territorial Housing Agency (ATC) website has been hacked. The criminals demanded a ransom of $700,000. The agency claims that it has no intention of paying the ransom and has reported the matter to the postal service police. The type of ransomware or name of ransomware group was not reported.


BCPS Takes Responsibility for Data Breach That Affected Teachers

Permalink - Posted on 2021-04-14 17:00

More than 2,500 of Baltimore County Public School system employees have had their personal information compromised and the district said it's their fault. It follows a number of technology issues the school system has been dealing with since November. School officials said they learned about the technology failure in January, but letters to those who may have been affected didn't go out until April 9, almost three months later.


330 Million People Across 10 Countries Were Victims of Cyber Crime in 2020

Permalink - Posted on 2021-04-14 17:00

Over the past year, 65% of people around the world report spending more time online than ever before, likely a result of the COVID-19 pandemic. As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams.


Lawsuit Accuses Berks-Based Drug Treatment Program of Failing to Protect Patient Information

Permalink - Posted on 2021-04-14 17:00

A class-action suit has been launched against a Berks County-based drug treatment program, accusing it of failing to protect the personal information of more than 7,700 current and former patients who were victims of a data hack. Pennsylvania Adult & Teen Challenge, based near Rehrersburg in Tulpehocken Township, was named in the suit filed April 2 in Philadelphia County Court.


Experts See Unprecedented Increase in Hackers Targeting Eectric Grid

Permalink - Posted on 2021-04-14 16:00

The leader of a key information sharing group said Tuesday that organizations involved in the electricity sector had seen an "unprecedented" increase in cyber threats during the COVID-19 pandemic.


SolarWinds says Dealing with Hack Fallout Cost at Least $18 Million

Permalink - Posted on 2021-04-14 16:00

Texas-based SolarWinds Corp said the sprawling breach stemming from the compromise of its flagship software product has cost the company at least $18 million in the first three months of 2021. In preliminary results made public on Tuesday, the company said it spent between $18 million and $19 million in the first quarter of 2021 to investigate and remediate what it described as “the Cyber Incident.”


Facebook Will NOT Notify More Than 530m Users Exposed in 2019 Breach

Permalink - Posted on 2021-04-14 16:00

Company spokesperson said Facebook was not confident it had full visibility on which users would need to be alerted.


DDoS Attacks Increased by 20% in 2020

Permalink - Posted on 2021-04-14 16:00

There were more than 10 million DDoS attacks in 2020, driven by new attack vectors and new threat actors; most of the industries targeted were vital to life during the COVID-19 pandemic.


Cyber Attack Shutters Half of Tasmania's Casinos

Permalink - Posted on 2021-04-13 16:00

Threat actors struck the Australian island state's sole casino operator Federal Group with ransomware on April 3. The attack affected hotel booking systems in the company's Wrest Point and Country Club venues, sited in Sandy Bay and Launceston, respectively. The venues' slot machines, known as pokies in Tasmania, were also impacted and have been out of service since the attack.


221,000 Total Health Care Members Impacted by Email Account Breach

Permalink - Posted on 2021-04-13 16:00

Total Health Care Inc., a Detroit, MI-based health plan, has discovered unauthorized individuals have gained access to several employee email accounts that contained sensitive personal information of health plan members and physician partners.


PHI of More than 200,000 Washington D.C. Health Plan Members Stolen by Hackers

Permalink - Posted on 2021-04-13 16:00

CrowdStrike confirmed that protected health information was exfiltrated by the attackers, who were most likely a foreign cybercriminal group. CHPDC said anyone who has been an enrollee of CHPDC has been affected, as well as current and former employees.


Brave Browser Disables Google's FLoC Tracking System

Permalink - Posted on 2021-04-13 16:00

FLoC has been been widely criticised by privacy advocates, even though it is an improvement to third-party cookies. The Electronic Frontiers Foundation (EFF) calls it a "terrible idea" because now Chrome shares a summary of each user's recent browsing activity with marketers.


ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Permalink - Posted on 2021-04-13 16:00

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.


How Big Tech Gaslights the World on Data Leaks

Permalink - Posted on 2021-04-13 16:00

First Facebook. Then LinkedIn. Now Clubhouse. After data on a combined billion Facebook and LinkedIn users appeared online last week, reports surfaced over the weekend that upstart social network Clubhouse had also leaked reams of user information. But if you think any of the above is a problem, Big Tech has a message for you: You're the crazy one. The audio platform called the reports “misleading and false” and maintained it had not been breached or hacked. But not everyone is buying the companies’ attempts to get themselves off the hook for leaking the data in their custody.


Kansas Water Utility System Hacking Highlights Risks

Permalink - Posted on 2021-04-13 16:00

A former Kansas utility worker has been charged with remotely tampering with a public water system’s cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers.


61% of Employees Fail Basic Cyber Security Quiz

Permalink - Posted on 2021-04-13 16:00

Nearly 70% of employees polled in a new survey said they recently received cybersecurity training from their employers, yet 61% nevertheless failed when asked to take a basic quiz on the topic.


Estate Agent's Hi-Tech House Tour Exposes Personal Data

Permalink - Posted on 2021-04-13 16:00

An estate agent has apologised after a 3D tour of a house for sale in Devon was published with a substantial amount of personal information visible. Financial paperwork in the study could be read by zooming in on the image. It included a shares dividend cheque, an insurance policy document and an invoice for a stairlift. Some family photos had also been left unblurred. Fowlers estate agent said the private data in the virtual tour had "slipped past" its staff and the home owner. The house was available on the property platform Rightmove, and appears to have been live since October 2020. Additional stills photographs of the property showed empty rooms. The firm's owner Philip Fowler told the BBC that his company had withdrawn the 3D tour along with all of its others for further review and said the estate agent "takes our clients' privacy very seriously". The owner of the home had given "verbal permission" for the video to be used, he added.


Iran Nuclear Facility Suffers Cyber Attack

Permalink - Posted on 2021-04-12 16:00

An Iranian nuclear facility south of Tehran has been hit by cyber-attackers, according to the country's chief nuclear official. Ali Akbar Salehi said that the attack on the Natanz complex took place the day after Iran unveiled new equipment to enrich uranium. In a ceremony broadcast live on television on April 10, the country's president, Hassan Rouhani, inaugurated new centrifuges at the Natanz site.


Adventist Health Physicians Network Fined $40,000 for Privacy Breach

Permalink - Posted on 2021-04-12 16:00

Adventist Health Physicians Network in Simi Valley, California has been ordered to pay $40,000 in civil momentary penalties by the Ventura County District Attorney as part of a civil privacy settlement to resolve a patient privacy case that affected 3,797 patients.


FR: Morières-lès-Avignon, Douai, Würth France Suffer Cyber Attacks

Permalink - Posted on 2021-04-12 16:00

Like Isle-sur-la-Sorgue, this Friday, hackers also targeted the computer system of the City of Morières-lès-Avignon. A complaint has not yet been filed but the gendarmes of the Avignon company are aware of this malicious act. In the other case, unnamed threat actors had demanded 500,000 euros for the decryption key — the same amount demanded by DoppelPaymer in yet another case, although it’s not clear who is involved in these two cases.


IT: USL Umbria2, a Healthcare Facility, Attacked with Ransomware

Permalink - Posted on 2021-04-12 16:00

IT attack on the IT systems of the USU Umbria 2 whose malfunctions have been detected since Sunday morning. Investigations by the Terni postal police are underway. In particular, the presence of viruses was found which, in addition to the corporate network, also affected part of the servers and PCs that guarantee the functioning of digital services. The analysis – reports the health company itself – highlighted a ransomware-type attack that had “significant” repercussions on the operation of both administrative and health services.


CareFirst BlueCross BlueShield Community Health Plan District of Columbia Discloses Breach

Permalink - Posted on 2021-04-12 16:00

CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) suffered a data breach carried out by what it described as a “foreign cybercriminal” group in January that potentially impacted sensitive data, the company told customers this week.


IT: Gino Group Car Dealership Notifies Customers of Ransomware Attack

Permalink - Posted on 2021-04-12 16:00

The notification letter, via e-mail, was sent to thousands of customers throughout Italy. The sign was given by the Gino spa Group of Cuneo, the main dealer in the car sector of Granda, one of the most important nationally, which every year delivers over 10 thousand cars of prestigious brands (Mercedes Benz, Bmw, Mini, Aston Martin), 8 branches and 340 employees in Piedmont, Liguria and Tuscany, with a turnover of 250 million euros.


Over 90% of Organizations Hit by a Mobile Malware Attack in 2020

Permalink - Posted on 2021-04-12 16:00

Of the near-total number that faced a mobile attack last year, 93% of incidents originated in a device network, and were either phishing attempts (52%), C&C communication with malware already on the device (25%) or involved infected websites/URLs (23%).


Leading Cosmetics Group Pierre Fabre Hit with $25 Million Ransomware Attack

Permalink - Posted on 2021-04-12 16:00

Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom, BleepingComputer learned today.


There's Another Facebook Phone Number Database Online

Permalink - Posted on 2021-04-12 16:00

An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines this week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard has found.


Dutch Supermarkets Run Out of Cheese After Ransomware Attack

Permalink - Posted on 2021-04-12 16:00

A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets. This disruption led to a shortage of certain food products, especially cheese, at the Netherland's largest supermarket chain, Albert Heijn.


PHI of More Than 420,000 Individuals Potentially Compromised in Ransomware Attack on Ohio Law Firm

Permalink - Posted on 2021-04-09 17:00

Bricker & Eckler, one of the leading law firms in Ohio, suffered a ransomware attack in January in which client information was potentially compromised. The ransomware infection was detected by the law firm on January 31, 2021 and a third-party cybersecurity firm was engaged to assist with the investigation. The investigation revealed the attackers first gained access to its systems on January 14, 2021, and access remained possible until January 31, 2021. During that time the attackers gained access to files containing client information and exfiltrated some data from the law firm’s systems.


CZ: Olomouc Paralyzed by a Cyber Attack. All Municipal Services Remain Unavailable

Permalink - Posted on 2021-04-09 17:00

It appears that the municipality of was paralyzed by a cyber attack on April 7. The municipality estimated that it would take about 14 days to fully restore services. They do not indicate what kind of ransomware was involved or what demands were made.


Dutch Transport company Bakker Logistiek Impacted by ransomware Attack

Permalink - Posted on 2021-04-09 17:00

Transport company Bakker Logistiek from Zeewolde was hacked last weekend, as a result of which the company can drive fewer loads than normal. The automation system in the warehouse section is not working, but according to director Toon Verhoeven does not lead to problems. “We can deliver less, but it does not lead to empty shelves in the store.”


310,000 Records Compromised in University of Colorado Data Breach

Permalink - Posted on 2021-04-09 17:00

The University of Colorado released new information on Friday about the Accellion data breach that compromised more than 310,000 university records. Officials say data accessed in the breach includes grades and transcript data, visa and disability status, medical and prescription information and in limited cases, Social Security numbers and university financial account information.


CH: General Trade School (Allgemeine Gewerbeschule) Hit by Ryuk Ransomware

Permalink - Posted on 2021-04-09 17:00

The attack was carried out with what is known as ransomware, also known as an extortion trojan. Initial studies show that this is the RYUK software. This approach suggests professional circles that RYUK attacks are currently primarily affecting hospitals and educational institutions. The servers were probably infected by accidentally opening an email attachment.


ProctorU to Undergo Security Audit After Senate Cyber Security Concerns

Permalink - Posted on 2021-04-09 17:00

A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU’s web-browser extension software has allowed people across the U.S. to take the LSAT exam from home during the pandemic. But Sen. Ron Wyden, D-Ore., worried that that same accessibility, if left unsecured, could give cybercriminals a foothold onto test-takers’ devices.


Major DC Insurance Provider Hacked

Permalink - Posted on 2021-04-09 17:00

CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) suffered a data breach carried out by what it described as a “foreign cybercriminal” group in January that potentially impacted sensitive data, the company told customers this week.


Leading Cosmetics Group Pierre Fabre Hit with $25 Million Ransomware Attack

Permalink - Posted on 2021-04-09 17:00

Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom, BleepingComputer learned today.


France: Saint-Gaudens Hospital Hit by Cyber Attack

Permalink - Posted on 2021-04-08 17:00

The phone no longer answers at the Saint-Gaudens hospital (Haute-Garonne). According to information from France Bleu Occitanie, the Comminges-Pyrénées hospital center has been the victim of a computer attack since around 4 a.m. , this Thursday, April 8, which greatly disrupts its operation. A ransom demand has been presented, explains the director of the hospital, Jean-Marc Viguier. The administration explains having ” blocked all computer servers to protect data and contamination” and thus prevent the aspiration of patient data.


City of Lawrence, MA Hit with Significant Ransomware Attack

Permalink - Posted on 2021-04-08 16:00

A source has told Boston 25 News that major city services have been impacted and the FBI is now involved. Boston 25 reached out to the mayor’s office, but they have not responded.


Axios Italia Hit; Thousands of Schools Potentially Impacted

Permalink - Posted on 2021-04-08 16:00

One of the most used electronic register applications by Italian schools, Axios RE, is offline from the night of Friday 2 to Saturday 3 April due to a ransomware attack. A xios is among the Software as a Service platforms most used to manage attendance, judgments and communications with the families of Italian students and the problem therefore affects millions of students.


Education Non-Profit Edraak Ignored a Student Data Leak for Two Months

Permalink - Posted on 2021-04-08 16:00

Edraak, an online education nonprofit, exposed the private information of thousands of students after uploading student data to an unprotected cloud storage server, apparently by mistake. It’s not clear why Edraak ignored the researchers’ initial email, which disclosed the location of the unprotected server, or why the organization’s response was not to ask for more details.


68% of Construction Executives Have No Cyber Security Measures in Place

Permalink - Posted on 2021-04-08 16:00

The construction industry may not appear to be an obvious target for cybercrime, but it garners unwanted online attention just like other sectors. According to a report by IBM, the average cost of a data breach in the industrial sector was $4.99 million. The industry’s vulnerabilities were exposed on both digital and operational levels recently, as cybercriminals attempted to compromise water treatment plant networks and poison the water supply in Florida. Most devices had a basic network connection, meaning heavy machinery could’ve been commandeered, leading to disastrous consequences.


Belden says Health Benefits Data Stolen in 2020 Cyber Attack

Permalink - Posted on 2021-04-08 16:00

Belden has disclosed that additional data was accessed and copied during their November 2020 cyberattack related to employees' healthcare benefits and family members covered under their plan. Belden states that the health-related information includes individuals' names, gender, benefits information, group numbers, coverages, and their relationship to the employee.


Over 600,000 Stolen Credit Cards Leaked After Swarmshop Hack

Permalink - Posted on 2021-04-08 16:00

The hacking spree targeting underground marketplaces has claimed another victim as a database from card shop Swarmshop emerged on another forum. By the looks of it, the leak contains the records of the entire Swarmshop community along with all the stolen card data traded on the forum.


Consulting Firm Data Breach Impacts MSU

Permalink - Posted on 2021-04-07 17:00

Michigan State University (MSU) has been impacted by a data breach stemming from a cyber-attack on an Ohio law firm. Bricker & Eckler LLP, which is associated with MSU Title IX contractor INCompliance Consulting, was hit with ransomware in January 2021. An investigation into the incident determined that an unauthorized party gained access to certain Bricker internal systems at various times between approximately January 14 and January 31. Data that may have been exposed in the attack includes names, addresses, and in certain instances medical-related and/or education-related information, driver’s license numbers, and/or Social Security numbers.


Office Depot Configuration Error Exposes 1 Million Records

Permalink - Posted on 2021-04-07 17:00

A misconfigured Elasticsearch server belonging to a popular office supplies store chain was found leaking nearly one million records including customers’ personal information, it has emerged. The non-password protected database was discovered by a Website Planet team led by Jeremiah Fowler on March 3. They quickly traced it back to Office Depot Europe, which operates across the region with bricks-and-mortar stores and online under the Office Depot and Viking brands. Among the 974,000 unencrypted records found in the database were customer names, phone numbers, home and office addresses, @members.ebay addresses, marketplace logs, order histories and hashed passwords.


Third Party Data Breaches Reported by Apple Valley Clinic & BioTel Heart

Permalink - Posted on 2021-04-07 17:00

Apple Valley Clinic in Minnesota has started notifying 157,939 patients that some of their protected health information was compromised in a ransomware attack on one of its information technology vendors.


Orthopedics Practice Discovers Year-Long Email Breach Affecting 125,000 Patients

Permalink - Posted on 2021-04-07 17:00

The Centers for Advanced Orthopaedics has discovered multiple employee email accounts have been accessed by unauthorized individuals. The orthopedics practice, which serves patients in Virginia, Maryland, and Washington DC, identified suspicious activity in its email system on September 17, 2020. Third party cybersecurity experts were engaged to assist with the investigation and determined several email accounts had been accessed by unauthorized individuals between October 2019 and September 2020. A review of the affected email accounts was conducted to determine the types of information that had been exposed and it was confirmed on January 25, 2021 that protected health information may have been viewed or acquired by cybercriminals.


City of La Ville de Vallauris Golfe-Juanf Impacted by Cyber Attack

Permalink - Posted on 2021-04-07 17:00

The city of Vallauris Golfe-Juan was the victim, last night, of a cyber attack on the town hall’s mail servers. As a precaution and security measure, all servers have been shut down to prevent any spread of the crypto virus. The IT services department called on its service provider PASSI (Information Systems Security Audit Service Provider) by ANSSI (National Information Systems Security Agency) to restore the situation to the faster. The town lodged a complaint.


Servers at El Monte City Hall Being Replaced After Unauthorized Access

Permalink - Posted on 2021-04-07 17:00

El Monte officials were working to replace City Hall computer servers Tuesday, April 6, in response to an “unauthorized access” to its system that caused the cancellation of Tuesday’s City Council meeting and has left the city without email access. Mayor Jessica Ancona said she expected the email system, which the city took offline in “an abundance of caution,” to be back online within a week. City officials would not say what caused the cyber problems Tuesday. Officials said Monday that the incident was being investigated by the El Monte Police Department and the Los Angeles County Sheriff’s Department.


Malware and Cryptominer Attacks Grow 900% in Past Year

Permalink - Posted on 2021-04-07 17:00

Fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019, according to WatchGuard. Q4 2020 also brought a 41% increase in encrypted malware detections over the previous quarter and network attacks hit their highest levels since 2018.


Ransomware Attacks Grew by 485% in 2020

Permalink - Posted on 2021-04-06 17:00

Ransomware attacks increased by an astonishing 485% in 2020 compared to 2019, according to Bitdefender’s 2020 Consumer Threat Landscape Report, which highlighted the ways cyber-criminals targeted the COVID-19 pandemic. Interestingly, nearly two-thirds (64%) of the ransomware attacks took place in the first two quarters of 2020.


Roper St. Francis Healthcare Faces Class Action Lawsuit Over Data Breach

Permalink - Posted on 2021-04-06 17:00

Roper St Francis Healthcare is facing a class action lawsuit over an October 2020 data breach in which patient data was allegedly stolen. The lawsuit alleges negligence for the failure to protect the private data of its patients.


More Than 1.2 Million Health Net Members Affected by Accellion Cyber Attack

Permalink - Posted on 2021-04-06 17:00

Several healthcare organizations have recently confirmed they have been affected by the December 2020 Accellion cyberattack. The attack has been linked to the Clop ransomware gang, as its leak site was used to publish samples of data stolen in the attack. Health Net has reported the breach as affecting 1,236,902 individuals across Health Net Community Solutions (686,556 individuals), Health Net of California (523,709 individuals), and Health Net Life Insurance Company (26,637 individuals).


330k Payment Cards and $38m in Gift Cards Stolen in Online Gift Shop Incident

Permalink - Posted on 2021-04-06 17:00

In February 2021, a threat actor sold 895,000 stolen gift cards on a top-tier Russian-language forum. The gift cards had an approximate value of $38 million, and allegedly came from more than 3,000 top name brand companies such as AirBnB, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target, and Walmart. The auction opened with a starting price of $10,000 and a buy-now price of $20,000. The gift cards were bought by another actor soon after they were posted for sale. The next day, the same seller listed 330,000 credit and debit payment cards. The card information did not include CVV or cardholder name. The auction opened the bidding at $5,000 with a buy-now price of $15,000. The payment cards also sold within days of being offered for sale. Gemini Advisory analysts determined the source of the stolen payment cards was a breach of the online discount gift card shop Cardpool.com. They also assess with moderate confidence that Cardpool.com was also the source of the stolen gift cards.


Scraped Data of 500 Million LinkedIn Users Being Sold Online

Permalink - Posted on 2021-04-06 17:00

Days after a massive Facebook data leak made the headlines, it seems like we’re in for another one, this time involving LinkedIn. An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author. The four leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more.


Industries Critical to COVID-19 Response Suffer Surge in Cloud Cyber Attacks

Permalink - Posted on 2021-04-06 17:00

Enterprise cloud spending is estimated to have increased by 28% in Q2 2020 alone, year-over-year. However, according to Palo Alto Networks' latest cloud threat report, published on Tuesday, shifting workloads so quickly to the cloud has also meant that businesses are struggling, months later, to manage and automate cloud security -- and have created chasms in company security that can be exploited.


Singapore Job Portal Compromised by Third-Party Breach

Permalink - Posted on 2021-04-06 17:00

Job-matching institute e2i says the personal details of 30,000 individuals may have been illegally accessed due to a malware breach that targeted an "appointed third-party vendor", adding that it was notified of the incident three weeks ago on March 12.


Adult Content from Hundreds of OnlyFans Creators Leaked Online

Permalink - Posted on 2021-04-06 17:00

After a shared Google Drive was posted online containing the private videos and images from hundreds of OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak. It is common for people to share OnlyFans content they subscribe to but what stands out about this leak is the large amount of creators whose private content has been shared at once.


Furniture Retailer Vhive's Data Breach, Customer Information Leaked Online

Permalink - Posted on 2021-04-06 17:00

Singapore furniture retailer Vhive has certainly learnt that the hard way when they found themselves infiltrated by the hacker group Altdos. The data breach led to the leakage of numerous customers’ personal information, such as phone numbers and physical addresses. In total, the records of over 300,000 customers were seized in the illegal operation. If Vhive does not meet the group’s demands, the latter will proceed to leak 20,000 more records daily.


33.4% of ICS Computers Hit by a Cyber Attack in H2 2020

Permalink - Posted on 2021-04-06 17:00

Cybersecurity firm Kaspersky has published the Industrial Control System Threat Landscape report for H2 2020 which is based on statistical data collected by the distributed antivirus Kaspersky Security Network (KSN). The percentage of ICS computers hit by a cyber attack in the second half of the year on a global scale was 33.4%, (+0.85% than H1 2020). In H2 2020, the percentage of ICS computers hit by hackers increased, compared to H1, in 62% of countries. The same percentage was 7% in 2019, and H1 2020 compared to H2 2019.


Ransomware Hits TU Dublin and National College of Ireland

Permalink - Posted on 2021-04-06 17:00

The National College of Ireland (NCI) and the Technological University of Dublin have announced that ransomware attacks hit their IT systems. NCI is currently working on restoring IT services after being hit by a ransomware attack over the weekend that forced the college to take IT systems offline.


Data of Half a Billion Facebook Users Leaked

Permalink - Posted on 2021-04-05 16:00

The personal information of half a billion Facebook users has been leaked online, according to experts at cyber-intelligence firm Hudson Rock. The data set, which includes phone numbers, locations, birthdates, Facebook IDs, full names, and email addresses, was discovered on a website used by hackers. Hudson Rock CTO Alon Gal said the records appear to be a few years old and relate to users in 106 countries. Among the impacted users are over 32 million residing in the United States, 11 million UK residents, and 6 million Facebook users in India. Speaking to CNN on April 4, Facebook spokesperson Andy Stone said: "This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019." Gal said that the age of the data did not preclude it from being effectively exploited by cyber-criminals and identity thieves.


Ransomware Attack on Home Healthcare Service Provider Affects 753,000 Individuals

Permalink - Posted on 2021-04-02 16:00

Personal Touch Holding Corp operates around 30 Personal Touch Home Care subsidiaries in more than half a dozen U.S. states. On January 27, 2021, Personal Touch discovered it was the victim of a cyberattack involving its private cloud hosted by its managed service providers. The attackers encrypted the cloud-stored business records of Personal Touch and 29 of its direct and indirect subsidiaries. The investigation into the ransomware attack is ongoing. At this stage it is unclear to what extent individual’s protected health information was compromised; however, it is possible that the attackers obtained data stored in its private cloud prior to the use of ransomware.


MO: Affton School District Discloses Ransomware Attack; Current and Former Employees Impacted

Permalink - Posted on 2021-04-02 16:00

On February 25, Affton School District notified its community about a ransomware attack. As part of their notification, they wrote: "We do not believe any sensitive information has been accessed and no personal data, financial information, or grades have been found to be compromised. As a routine layer of protection, this information is stored on offsite servers." The threat actors responded on March 3 by quoting that statement and then dumping more than 400 files with personnel information on former and current employees that included their SSN. The compressed archive was more than 23 MB in size and contained mostly .doc files with some .pdfs and spreadsheets. Inspection of the dump reveals that this was more than 400 employees’ data, as one file alone contained the names and SSN of hundreds of people who were employed in the 2010-2011 school year. On March 4, the district discovered that they had been wrong about the scope of the attack.


Asteelflash Electronics Maker Hit by REvil Ransomware Attack

Permalink - Posted on 2021-04-02 16:00

Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom.


Capital One Notifies More Clients of SSNs Exposed in 2019 Data Breach

Permalink - Posted on 2021-04-02 16:00

US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. Capital One said that the incident is expected to generate costs of $100 to $150 million due to customer notifications, free credit monitoring services, security improvement costs, and legal fees.


Brown University Hit by Cyber Aattack, Some Systems Still Offline

Permalink - Posted on 2021-04-02 16:00

Brown University, a private US research university, had to disable systems and cut connections to the data center after suffering a cyberattack on Tuesday. The Ivy League school's IT staff said the attack focused on the university's Windows-based devices and asked faculty and staff to switch to computers running other operating systems, smartphones, or tablets.


Hackers Demand $40M in Ransom from Florida School District

Permalink - Posted on 2021-04-02 16:00

Hackers left district leaders stunned when they broke into systems belonging to Broward County Public Schools and encrypted district data in a recent ransomware attack. The district says it is working with experts to investigate the incident and remediate affected systems. Officials have no plans to pay the ransom now.


Ragnarok Ransomware Hits Boggi Milano Menswear

Permalink - Posted on 2021-04-01 16:00

The ransomware gang exfiltrated 40 gigabytes of data from the fashion house, including HR and salary details.


Ubiquiti Shares Dive After Reportedly Downplaying Catastrophic Data Breach

Permalink - Posted on 2021-04-01 16:00

Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed.


Molson Coors Cyberattack, Storms Could Cost Company $140 Million

Permalink - Posted on 2021-04-01 16:00

The cybersecurity incident and the February winter storms in Texas will shift between 1.8 and 2.0 million hectoliters of production and shipments from the first quarter 2021 to the balance of fiscal year 2021 and will also shift between $120 million to $140 million of underlying EBITDA from the first quarter 2021 to the balance of fiscal year 2021.


Allied Press Hit by Data Breach

Permalink - Posted on 2021-04-01 16:00

On Thursday afternoon Allied Press was contacted by Government cyber security organisation Cert NZ about a data breach affecting its ODT Archive service. Those affected by the breach have been sent an email containing more information.


Half of Global Retailers See Account Takeovers Surge

Permalink - Posted on 2021-04-01 16:00

Most global retailers are predicting an increase in fraud budgets next year, with nearly half seeing an increase in attacks, according to new data from Ravelin. The fraud prevention software vendor polled over 1000 merchants globally to understand their current challenges. It revealed that 45% are seeing an increase in account takeover (ATO) attacks. These efforts aim to hijack consumer accounts to tap them for any stored personal information which could be monetized on the dark web. Attackers may also try to use stored cards to purchase goods fraudulently, or to sell access to the accounts on underground sites.


3/4 of Legal Breaches Caused by Insider

Permalink - Posted on 2021-04-01 16:00

The vast majority (75%) of security incidents in the legal sector reported to the data protection regulator last year were caused by insiders, according to new Freedom of Information (FOI) data. Half of breaches reported to the Information Commissioner's Office (ICO) during the period happened after data was shared with the wrong person, via email, verbally or in the post. A further 17% of incidents were marked as “data loss,” that is, loss or theft of a device containing personal data, or of paperwork or data left in an insecure location. In total, nearly three-fifths (57%) of data breaches in the legal sector over the period came from human error, which includes verbal disclosure, failure to redact or use bcc, alteration of data, hardware misconfiguration or documents emailed or posted to the wrong recipient.


Nearly 40% of New Ransomware Families Use Both Data Encryption and Data Theft in Attacks

Permalink - Posted on 2021-03-31 15:00

This evolution, referred to as Ransomware 2.0 in the report, was a significant development in 2020. Only one ransomware group was observed using this type of extortion in 2019. By the end of 2020, 15 different ransomware families had adopted this approach. Furthermore, nearly 40% of ransomware families discovered in 2020, as well as several older families, were known to also steal data from victims by the end of last year.


Child Tweets on Behalf of Nuke, Space Mission Agency U.S. Strategic Command

Permalink - Posted on 2021-03-31 15:00

There is now an end to the mystery of a nonsensical tweet issued by US Strategic Command. The military agency, also known as USSTRATCOM, is responsible for nuclear operations, global strike management and missile defense, among other duties, sent out a strange message via its Twitter account on March 28. The tweet, simply ";l;;gmlxzssaw," was liked and retweeted thousands of times and prompted over 1,500 comments in query. US Strategic Command's Twitter manager, while working from home, left his post for a moment and the account was, unfortunately, open. What happened next would make any parent currently working from home due to the coronavirus pandemic groan: his "very young" child "took advantage of the situation and started playing with the keys, and unfortunately, and unknowingly, posted the tweet," according to the FOIA response.


Print Group Hit by Cyber Attack

Permalink - Posted on 2021-03-31 15:00

It is believed that cyber criminals may be specifically targeting firms that provide support services to financial institutions. Operations at MBA Group, which has sites in London and Warrington, have been affected after the business was subjected to an attack.


Hackers Threaten Shipping Firm ECU Worldwide with Data Leak

Permalink - Posted on 2021-03-31 15:00

A ransomware gang is threatening to release a massive trove of data stolen from shipping firm ECU Worldwide more than a month after a cyberattack caused serious disruptions to its online platforms. The Mount Locker ransomware gang claimed in a post to its leak site on Sunday that it had taken 2 terabytes of data from ECU. The hackers have yet to release any data and did not respond to a message sent by FreightWaves.


Lexington Medical Center and CalViva Health Affected by Third-Party Data Breaches

Permalink - Posted on 2021-03-31 15:00

The types of PHI potentially accessed includes names, addresses, dates of birth, contact information, demographic information, medical treatment information, and Social Security numbers. The files contained PHI dated from mid-2010 to mid-2011.


Most Global Chip Companies Show Signs of Compromise

Permalink - Posted on 2021-03-31 15:00

Nearly all (94%) of the companies studied had open, at-risk ports, while a quarter (24%) had open RDP ports, one of the top vectors for ransomware. A similar number had open authentication ports (24%) and open datastore ports (18%) were also commonplace. What’s more, 88% of the companies demonstrated evidence of high-severity vulnerabilities which could allow attackers to gain a foothold into systems.


New York Charity Leaves Sensitive Patients' Data Unsecured

Permalink - Posted on 2021-03-31 15:00

The unsecured database contained more than 2,000 CSV and TXT files, each with hundreds or thousands of entries related to patients’ medical records, children’s legal guardians, case workers, doctors, and other child welfare specialists. Some documents even contained social security numbers.


India: Mumbai Affected by Multiple Ransomware Targets

Permalink - Posted on 2021-03-31 15:00

Cyber criminals hacked into Maharashtra Industrial Development Corporation (MIDC) server and demanded Rs 500 crore on Tuesday afternoon. Senior MIDC officials approached the cyber cell of Mumbai Police, which is registering an FIR. The attack came within weeks of reports claiming some Chinese had shut down power systems in the financial capital in September 2020.


1/5 of Ransomware Victims Who Pay Fail to Get Their Data Back

Permalink - Posted on 2021-03-31 15:00

Many consumer victims of ransomware scams fail to get access to their data even after they pay off extortionists, according to a survey by Kaspersky. The poll found that close to half (46%) of UK ransomware victims paid the ransom to restore access to their data last year, yet an unfortunate 11% of victims who shelled out did not have their stolen data returned. Whether they paid or not, only 18% of 1,006 UK victims surveyed were able to restore all their encrypted or blocked files following an attack. Internationally the picture is still worse with more than half (56%) paying off extortionists and nearly one in five of whom (17%) failing to get their data back even after paying out. In a multi-national poll (PDF) of 15,000 consumers commissioned by Kaspersky, only 29% of users who experienced ransomware attacks were able to restore all their encrypted or blocked files after an attack. Half lost at least some files, 32% lost a significant amount, and 18% lost a small number of files. Meanwhile, 13% who did experience such an incident lost almost all their data.


Dutch Data Protection Authority Fines Booking.com Over Incident Notification

Permalink - Posted on 2021-03-31 15:00

The Dutch Data Protection Authority announced on Wednesday that it has issued a fine of €475,000 (roughly $550,000) to online travel agency Booking.com for failing to report a data security incident within the required timeframe.


Microsoft Exchange Attacks Increase While WannaCry Gets a Restart

Permalink - Posted on 2021-03-31 15:00

Telemetry data from Check Point last week showed more than 50,000 attack attempts globally, most of them aimed at organizations in the government/military, manufacturing, and banking/finance sectors. Almost half of the exploit attempts occurred in the U.S. (49%), by far the most appealing region compared to other countries where Check Point recorded far fewer incidents (UK - 5%, Netherlands and Germany - both 4%). The company saw a 57% rise in ransomware attacks over the past six months at a global level. More worrisome is a constant monthly increase of 9% since the beginning of the year.


52% of Indian Firms Report Successful Cyber Attack in Last 12 Months

Permalink - Posted on 2021-03-30 16:00

Of these successful breaches, 71 per cent of organisations admitted it was a serious or very serious attack, and 65 per cent said it took longer than a week to remediate, showed the survey by global cybersecurity firm Sophos.


Cyber Criminals Publish Data Allegedly Stolen from Shell, Multiple Universities

Permalink - Posted on 2021-03-30 16:00

The FIN11 hacking group has published on their leaks website files that were allegedly stolen from oil and gas giant Shell, likely during a cyber-security incident involving Accellion’s File Transfer Appliance (FTA) file sharing service.


Akamai Sees Largest DDoS Extortion Attack Known to Date

Permalink - Posted on 2021-03-30 17:00

The recently observed assaults haven’t reached the magnitude of the largest DDoS attacks the company has mitigated to date, which have peaked at 1.35 Tbps in 2018 and at 1.44 Tbps in 2020, but three of them are among the six biggest volumetric DDoS attacks Akamai has ever encountered.


Home Health Firm Reports Second Cloud Vendor Incident with Ransomware

Permalink - Posted on 2021-03-30 16:00

A home healthcare company says a data breach affecting more than 753,000 patients, employees and former workers stems from a ransomware attack on its private cloud hosted by managed service providers. The company reported a similar incident 15 months ago.


Ubiquiti Cyber Attack Details Depict a Far More Disastrous Scenario Than Let On

Permalink - Posted on 2021-03-30 16:00

New whistleblower details surrounding the December 2020 attack on the cloud-enabled IoT device manufacturer paints a far worse picture than what was disclosed. Cyberattacks almost seem like a daily occurrence, such that we’ve seen organizations notify customers with a “we’ve got everything under control”-sounding email with little to no repercussions. Such an attack on Ubiquiti occurred back in December of last year, and a notice was sent in January of this year notifying customers of the breach (link is to KrebsOnSecurity) while minimizing its impact, suggesting password changes and enabling 2FA.


93% of Consumers Concerned About Data Security When Filling Out Online Forms

Permalink - Posted on 2021-03-30 16:00

New research findings from Source Defense shows that 91% said that brands requiring consumers to complete web forms are solely responsible for protecting consumers’ information – regardless of whether a third-party service technically runs the forms or entire site, itself. 49% said they would cut ties with an organization if a website attack or other breach exposed their private data.


Austin ISD Warns of Possible Data Breach Due to Third-Party Vendor

Permalink - Posted on 2021-03-30 16:00

Austin ISD notified parents last week after it was made aware of a possible data breach involving a former third-party vendor. Austin ISD has recently been made aware of a letter sent to families regarding a potential data breach through a previous third-party vendor. The letter from PCS Revenue Control Systems, Inc., states that the name of the noted student, their identification number, and date of birth were potentially exposed to unauthorized access during a data breach in December 2019.


APAC Firms Face Growing Cyber Attacks, Take More Than a Week to Remediate

Permalink - Posted on 2021-03-30 16:00

More organisations across six Asia-Pacific markets have been breached this past year, with an average 60.83% needing more than a week to remediate these cybersecurity attacks. They cite lack of budget and skills as key challenges, and express frustration over an apparent lack of understanding about how tough it is to manage cybersecurity risks. Some 68% of respondents in a Sophos study said they had been successfully breached this past year, up from 32% in 2019. Amongst those that were breached, 55% said they suffered "very serious" or "serious" data loss, revealed the survey, which was conducted by Tech Research Asia and polled 900 businesses -- with at least 150 employees -- in Singapore, India, Japan, Malaysia, Australia, and the Philippines. In addition, 17% faced more than 50 cyber attacks each week. In Singapore, for instance, almost 15% had to deal with at least 50 attempted security attacks or mistakes per week. Some 28% in the city-state eventually were successfully breached in the past year, with 33% describing the resulting data loss as very serious or serious.


MN: Apple Valley Clinic Notifies 157,939 Patients About Netgain Technology Breach

Permalink - Posted on 2021-03-30 16:00

In November, 2020, cloud IT services provider Netgain Technology LLC experienced a ransomware attack that resulted in them taking some of their data centers offline. In December and January, they began notifying some of their clients. In January, Ramsey County notified 8,700 clients of its Family Health Division about the breach. In February, Woodcreek Provider Services notified 207,000 patients, and in March, Sandhills Medical Foundation notified 39,602 patients. And now Apple Valley Clinic is notifying 157,939 patients.


U. of Miami Health and Mott Community College Data Compromised in Ransomware Attacks

Permalink - Posted on 2021-03-30 16:00

The protected health information of patients of University of Miami Health has been obtained by unauthorized individuals in a ransomware attack on the file transfer service provider Accellion. The gang behind the attack demanded a $10 million ransom for the keys to decrypt data and avoid having data published online or sold on dark web marketplaces. Some of the data stolen in the attack has already been posted on the gang’s leak site, including some data relating to patients of University of Miami Health.


Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website

Permalink - Posted on 2021-03-30 16:00

Intel is being sued under a Florida state wiretapping law for using software on its website to capture keystrokes and mouse movements of people that visit it. The case is one of many that private citizens have brought against companies to dispute their use of session-replay technology.


Fileless Malware Detections Soar 900% in 2020

Permalink - Posted on 2021-03-30 16:00

Detections of fileless malware soared by nearly 900% year-on-year in 2020 as threat actors worked hard to stay hidden from traditional security controls, according to Watchguard Technologies. The network security vendor compiled its latest Internet Security Report based on data from its Firebox Feed, internal and partner threat intelligence including endpoint data from recently acquired Panda Security, and a research honeynet. Fileless malware rates surged by 888% over the year as attackers sought to fly under the radar of many endpoint protection products, by conducting attacks without installing malicious code.


NJ Plastic Surgery Practice Pays $30K to OCR to Settle HIPAA Right of Access Case

Permalink - Posted on 2021-03-29 17:00

The HHS’ Office for Civil Rights has announced a settlement has been reached with Ridgewood, NJ-based Village Plastic Surgery to resolve potential violations of the HIPAA Right of Access. Under the terms of the settlement, Village Plastic Surgery will pay a $30,000 penalty and will adopt a corrective action plan that requires policies and procedures to be implemented related to access to protected health information (PHI). OCR will also monitor Village Plastic Surgery for compliance for 2 years.


SG: Vhive Alerts Consumers to Cyber Attack

Permalink - Posted on 2021-03-29 17:00

Based on information provided to DataBreaches.net by the threat actors, this appear to have been a double extortion attack by ALTDOS threat actors that involves more than 300,000 customer records as well as other types of documents including transactions records and payment records. According to Vhive, the attack did not involve NRIC numbers (national registration identity card numbers required for every Singapore resident over age 15).


Hackers Demand Ransom from Town of Didsbury in Cyber Attack

Permalink - Posted on 2021-03-29 17:00

The Town of Didsbury was the victim of a cyber-attack on Sunday, March 21 when fraudsters encrypted the town’s information systems with ransomware and made a ransom demand to decrypt the system, town officials said Friday. Mayor Rhonda Hunter declined to say whether the Town of Didsbury has paid a ransom to the hackers.


TR: Cyber ​​Attack Statement from Yemeksepeti

Permalink - Posted on 2021-03-29 17:00

Yemeksepeti is an online food delivery chain in Turkey and Cyprus. he type of information involved reportedly includes: Name, Date of birth, Phone numbers registered with Yemeksepeti, E-mail addresses registered in Yemeksepet, Address information registered to Yemeksepeti, Login passwords that cannot be seen clearly, masked with SHA-256 algorithm.


Call Center 200 Networks, LLC Leaks Database

Permalink - Posted on 2021-03-29 17:00

The exposed database was being updated in realtime with new logs while 1.48 million robocall logs were accessed by researchers initially. The WebsitePlanet research team alongside Jeremiah Fowler, an IT security researcher, discovered an insecure database that had no password protection and contained a large number of phone call records as well as VOIP (Voice Over Internet Protocol) related data. The dataset was exposed for almost 24 hours and the database kept growing in real-time with thousands of calls per hour being added to the records. From the time when it was exposed till when it was secured again, the database logged 1.48 million robocalls altogether and the majority of the calls were outgoing but some call-backs were also logged.


CompuCom MSP Expects Over $20M in Losses After Ransomware Attack

Permalink - Posted on 2021-03-29 17:00

The Company estimates the loss of revenue to be between $5.0 million and $8.0 million as a result of the incident. In addition, the Company expects to incur expenses of up to $20 million, of which the Company assumes approximately $10 million will be accrued through the first quarter of 2021.


Harris Federation Hit by Ransomware Attack Affecting 50 Schools

Permalink - Posted on 2021-03-29 17:00

The attack hit the school trust's systems over the weekend on Saturday, March 27, and led to the compromise and encryption of Harris Federation's IT systems. After detecting the attack, the nonprofit also disabled both the email and landline phone systems, with all phone calls being redirected to mobile phones. Students' devices provided by Harris Federation have also been disabled to block the ransomware from spreading.


ERCA to Address $300K Loss to Phishing Scam at Windsor City Council

Permalink - Posted on 2021-03-29 17:00

Windsor's city council is looking for more information on a phishing scam that cost The Essex Region Conservation Authority (ERCA) nearly $300,000 in August of last year. Board Chair Tania Jobin and CAO Tim Byrne will be addressing councillors Monday morning and have already submitted a letter outlining the incident.


SalusCare Takes Legal Action Against Amazon to Obtain AWS Audit Logs to Investigate Data Breach

Permalink - Posted on 2021-03-26 23:00

SalusCare, a provider of behavioral healthcare services in Southwest Florida, experienced a cyberattack in March that saw patient and employee data exfiltrated from its systems. The exact method used to gain access to its servers has not been confirmed, although the cyberattack is believed to have started with a phishing email that was used to deliver malware. The malware was used to exfiltrated its entire database to an Amazon AWS storage account.


Cancer Treatment Centers of America Announces 105,000-Record Data Breach

Permalink - Posted on 2021-03-26 23:00

Cancer Treatment Centers of America is alerting 104,808 patients of its Midwestern Regional Medical Center that some of their protected health information was contained in an email account that was accessed by an unauthorized individual. A review of the compromised account revealed it contained patient names, health insurance information, medical record numbers, CTCA account numbers, and limited medical information. No financial information or Social Security numbers were compromised.


Personal Touch Holding Corp. Hit by Ransomware Attack at MSP, More Than 750,000 Affected

Permalink - Posted on 2021-03-26 23:00

PTHC is the parent company of subsidiaries that operate Medicare-certified home health agencies, licensed home care service agencies, hospice at home services and Early Intervention Programs, as well as a managed care plan in New York. Patient’s information may include medical treatment information, insurance card and health plan benefit numbers, medical record numbers, first and last name, address, telephone numbers, date of birth, Social Security number, and financial information, including check copies, credit card numbers, and bank account information. Member information may include Medicaid ID number, ID number, provider name, clinical/medical information, first and last name, address, telephone number, date of birth, Social Security numbers, and credit card numbers and/or banking information, if members paid their Medicaid surplus through credit card or check.


Boards Still Aren't Taking Cyber Security Seriously, Warns New NCSC Boss

Permalink - Posted on 2021-03-26 23:00

Cybersecurity still isn't taken as seriously as it should be by boardroom executives – and that's leaving organisations open to cyber attacks, data breaches and ransomware, the new boss of the National Cyber Security Centre (NCSC) has warned.


Attack Volume Surged by 48% During the First Year of the Pandemic

Permalink - Posted on 2021-03-26 23:00

A Mimecast report details how threat actors targeted remote workers during the first year of the pandemic, March 2020 – February 2021. The report describes how attack volume surged by 48% during the first year of the pandemic, with sudden increases in volume corresponding to spikes in COVID-19 infection rates in April and October 2020.


Massachusetts Mental Health Clinic Settles HIPAA Right of Access Case for $65,000

Permalink - Posted on 2021-03-25 17:00

Arbour Hospital, a mental health clinic in Boston, MA, has settled a HIPAA Right of Action investigation with the HHS’ Office for Civil Rights (OCR) and has agreed to pay a $65,000 penalty. OCR determined the failure to respond to a written, signed medical record request from a patient in a timely manner was in violation of the HIPAA Right of Access – 45 C.F.R. § 164.524(b). In addition to the financial penalty, Arbour Hospital is required to adopt a corrective action plan that involves implementing policies and procedures for patient record access and providing training to the workforce. Arbour Hospital will also be monitored by OCR for compliance for 1 year.


Misconfiguration Resulted in Exposure of the PHI of 65,000 Mobile Anesthesiologists Patients

Permalink - Posted on 2021-03-25 17:00

Mobile Anesthesiologists has recently discovered a limited amount of patients’ protected health information (PHI) has been exposed due to a technical misconfiguration. The error was determined to have occurred prior to December 14, 2020, and made PHI such as names, health insurance information, date of service, medical procedure, and dates of birth publicly accessible.


France: MND Victim of a Cyber Attack

Permalink - Posted on 2021-03-25 17:00

The MND group was the victim, on the night of March 22 to 23, 2021, of a malicious software intrusion on some of its servers in France and Austria. For security reasons, all the group’s servers have been disconnected and stopped in order to avoid any propagation to the rest of the information system. However, the group’s production units, based in France, will have to slow down or stop their activity for a few days.


Holland: Millions of Dutch People At Risk After Car Garage Vendor Breached

Permalink - Posted on 2021-03-25 17:00

The private addresses and telephone numbers of potentially millions of Dutch people have fallen into the hands of criminals. They have been stolen from a company that provides car garages with ICT services. In addition to name and address details, it also concerns e-mail addresses, license plates, telephone numbers and dates of birth, according to research by the NOS. The data is offered for sale on a popular hacker forum. The exact number of people affected by the leak is not known. According to the hacker who offers the data for sale, it concerns traceable data of 7.3 million people, but the same people can appear in the data breach several times. The e-mail address would be present in 2.5 million cases.


Half of U.K. Firms Suffer Cyber-Skills Gaps

Permalink - Posted on 2021-03-25 17:00

The DCMS-sponsored Cybersecurity skills in the UK labour market 2021 report was compiled from representative surveys of security sector and wider organizations, as well as analysis of job postings and research with recruitment agencies. It revealed that around 680,000 businesses in the country have staff in charge of cybersecurity that lack the confidence to carry out basic tasks laid out in the government’s best practice Cyber Essentials framework. This includes storing or transferring personal data, setting up configured firewalls and detecting and removing malware. A third (33%) reported more advanced skills gaps such as in penetration testing, forensic analysis and security architecture, while a similar number (32%) have gaps in incident response and are not outsourcing the function. Even within the cybersecurity sector there were problems, with nearly half (47%) saying they’d experienced challenges with current staff or job applicants not having the required technical skills. Over a third (37%) said vacancies since the beginning of 2019 have been hard to fill.


Two-Thirds of Large Firms Attacked as #COVID19 Hampers Security

Permalink - Posted on 2021-03-25 17:00

Nearly two-thirds of medium and large-sized businesses suffered a cyber-attack or breach last year, with security efforts suffering during the pandemic, according to the latest government figures. The Cyber Security Breaches Survey 2021 on the face of it showed a slight improvement over last year’s: 39% of UK businesses of all sizes said they were breached or attacked over the previous 12 months versus 46% last year.


Forex Broker Leaks Billions of Customer Records Online

Permalink - Posted on 2021-03-25 17:00

Over 20TB of sensitive customer data has been accidentally leaked online by a popular online trading broker, after it misconfigured a cloud database. Researchers at reviews site WizCase spotted the Elasticsearch server left wide open without any encryption or password protection. They quickly traced it back to FBS, one of the world’s busiest online brokers for foreign exchange (forex) trading, which boasts as many as 16 million global traders. According to the report, the database contained over 16 billion records, exposing millions of customers’ personally identifiable information (PII).


Brazil Leads in Phishing Attacks

Permalink - Posted on 2021-03-25 17:00

According to the report on phishing by cybersecurity firm Kaspersky, Brazil tops a list of five countries with the highest rate of users targeted for data theft throughout last year. The other nations cited are Portugal, France, Tunisia and French Guiana. The number of phishing attacks against mobile devices increased by more than 120% between February and March 2020 alone, according to the study. Factors behind the increase in scams include the boost in internet usage and access to services online such as internet and mobile banking and online shopping as a result of social distancing measures, as well as large-scale adoption of remote work and the anxiety around information about the pandemic.


40% of SaaS Application Users Have Lost Data

Permalink - Posted on 2021-03-25 17:00

Forty percent of people have lost data stored in their online tools, according to the findings from a recent survey of Software-as-a-Service (SaaS) users across a mix of industries by cloud backup provider Rewind. Rewind found that while more than half (53%) of respondents cited using SaaS tools on the job, and some (43%) even used four or more, many users (45%) still were not aware of the Shared Responsibility Model. Therefore, they do not realize that while SaaS providers actively back up their own cloud infrastructure, they do not make the account-level, business-critical information stored in their apps available to users, the company said.


Nearly Half of Popular Android Apps Built with High-Risk Components

Permalink - Posted on 2021-03-25 17:00

Almost all of the most popular Android applications use open source components, but many of those components are outdated and have at least one high-risk vulnerability, according to an analysis of 3,335 mobile applications published on Thursday by Synopsys.


KY: City of Frankfort Has IT Network Hacked

Permalink - Posted on 2021-03-24 18:00

The City of Frankfort says it learned of a hack to its servers on Sunday. Two separate sources with knowledge of the situation — including one city employee — told The State Journal that the city is being held ransom. Both spoke on condition of anonymity. After an inquiry from the newspaper, the city sent out a news release Tuesday evening saying that it had suffered an “intrusion into the IT network that disrupted access to some computer servers” and that several “internal systems are temporarily unavailable." The release did not mention a potential ransom, and Frankfort Mayor Layne Wilkerson did not comment on whether the city was being held ransom.


Fatface Clothing Retailer Allows Theft of Customer Data

Permalink - Posted on 2021-03-24 17:00

British clothes retailer Fatface has infuriated some customers by telling them "an unauthorised third party" gained access to systems holding their data earlier this year, and then asking them to keep news of the blunder to themselves. Several people wrote into The Register to let us know about the personal data leak, with reader Terry saying: "You will notice the Fatface email is marked as confidential. This annoyed me." Quite reasonably, customers quickly took to social media to ask where they could find "a public statement on your data breach," why it had waited so long to inform customers, why the mail was marked "confidential" and whether it was genuine. All were directed to kindly "DM" the firm's social media handler.


Utah Becomes the Second U.S. State to Establish Affirmative Defenses for Data Breach

Permalink - Posted on 2021-03-24 17:00

The Act provides protection to persons that create, maintain, and reasonably comply with industry-recognized cybersecurity regulations, like the NIST, ISO 2700, and the HIPAA Security Rule, among others identified in the Act. The written cybersecurity program must provide administrative, technical, and physical safeguards to protect personal information.


Polk County Schools says Student Information May Have Been Exposed in Data Breach

Permalink - Posted on 2021-03-24 17:00

A notification letter says the child's name, student identification number and date of birth were potentially exposed in a data breach in December 2019.


Life Sciences Industry Becomes Latest Arena in Hackers' Digital Warfare

Permalink - Posted on 2021-03-24 17:00

Many hospitals running COVID-19 antibody trials have seen at least triple the attempts to access servers compared to previous years. Intelligence agencies have warned health care systems repeatedly about vaccine-related research thefts by nation-state-backed hackers.


Total Combined Fraud Losses Climbed to $56 Billion in 2020

Permalink - Posted on 2021-03-24 17:00

While total combined fraud losses climbed to $56 billion in 2020, identity fraud scams accounted for $43 billion of that cost. Traditional identity fraud losses totaled $13 billion, Javelin Strategy & Research reveals.


Honeywell says Malware Disrupted IT Systems

Permalink - Posted on 2021-03-24 17:00

An investigation into the incident is ongoing, but Honeywell says it has found no evidence to date that the attacker managed to exfiltrate data from systems that store customer information. However, based on its statement, it cannot completely rule out that some customer data may have been compromised.


Air Charter Firm Solairus Aviation Suffers Data Breach

Permalink - Posted on 2021-03-24 17:00

Private aviation services provider Solairus Aviation on Tuesday announced that some employee and customer data was compromised in a security incident at third-party vendor Avianis. An investigation into the incident has revealed that some of Solairus’ data that was hosted on that environment was indeed accessed by an unknown party. Solairus data stored in that environment possibly includes employee and client names, along with information such as dates of birth, Social Security numbers, driver's license numbers, passport numbers, and financial account numbers, the company says.


Drug Maker FKOL to Pay $50m for Destroying Data

Permalink - Posted on 2021-03-24 17:00

A drug manufacturer in India has been fined $50m for hiding and erasing records ahead of an inspection by the United States Food and Drug Administration (FDA). The deception occurred at a drug manufacturing plant in Kalyani, West Bengal, that makes active pharmaceutical ingredients (APIs) used in several different cancer drugs distributed to terminally ill patients in the US. The concealment and erasure of records was carried out by employees at the behest of FKOL management.


High-Availability Server Maker Stratus Hit by Ransomware

Permalink - Posted on 2021-03-24 17:00

Stratus Technologies disclosed that they suffered a ransomware attack, which led them to shut down portions of their network and services to isolate the attack.


Ransomware Gang Leaks Data Stolen from Colorado, Miami Universities

Permalink - Posted on 2021-03-24 17:00

Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group. Starting in December, threat actors affiliated with the Clop ransomware operation began targeting Accellion FTA servers and stealing the data stored on them. Companies use these servers to share sensitive files and information with people outside of their organization. The ransomware gang then contacted the organizations and demanded $10 million in bitcoin or they would publish the stolen data.


Data of 6.5 Million Israeli Citizens Leaks Online

Permalink - Posted on 2021-03-24 17:00

The voter registration and personal details of millions of Israeli citizens were leaked online on Monday, just two days before the country held general elections for its unicameral parliament, known as the Knesset. Exposed information included the voter registration details of 6,528,565 Israelis and the personal details of 3,179,313 of Israel’s estimated 9.3 million total population. For the latter, details like full names, phone numbers, ID card numbers, home addresses, gender, age, and political preferences were included.


Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Permalink - Posted on 2021-03-24 17:00

The data was as recent as 2020, impacted more than 300,000 users, and totaled at around 138GB in size, the independent and pseudonymous security researcher known as "boogeyman" who discovered the leak, told Motherboard in an online chat.


British Clothing Retailer Fat Face Discloses Data Breach

Permalink - Posted on 2021-03-24 17:00

The organization says that some employee and customer information was exposed, including names, addresses, email addresses and the last four digits of credit card numbers, plus the expiration dates.


CNA Insurance Firm Hit by a Cyber Attack, Operations Impacted

Permalink - Posted on 2021-03-24 17:00

CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website. Sources have told BleepingComputer that the company suffered a cyberattack that has disrupted business operations and forced them to shut down specific systems. BleepingComputer has not been able to verify if the outage is caused by a ransomware attack, though it appears likely according to a source familiar with the attack.


Over 15.5 Million Cyber Attack Recorded in India from 2019 to 2020

Permalink - Posted on 2021-03-24 17:00

According to the information reported to and tracked by the CERT-In, 3,94,499 and 11,58,208 cyber security incidents were observed during 2019 and 2020, respectively.


UPMC and Charles Hilton and Associates Facing Class Action Lawsuit Over 36,000-Record Breach

Permalink - Posted on 2021-03-23 18:00

University of Pittsburgh Medical Center (UPMC) and the law firm Charles Hilton and Associates are facing a class action lawsuit over a breach of the protected health information of 36,000 UPMC patients. Charles Hilton and Associates, which handles collections for UPMC, announced that hackers had gained access to the email accounts of some of its employees between April and June 2020. The investigation revealed the compromised accounts contained the protected health information of UPMC patients, some of which was potentially viewed or obtained by the attackers.


CZ: Railway Administration Under Sustained Cyber Attack

Permalink - Posted on 2021-03-23 18:00

The railway administration has been facing a cyber attack since last week, Deník N reported . The state organization, which provides traffic on the railways. The attack followed other previous incidents that targeted state organizations or ministries.


Japan Halts Use of Line App for Government Officials Over Chinese Data Breach

Permalink - Posted on 2021-03-23 18:00

Japanese Prime Minister Yoshihide Suga on Thursday said that his administration has halted the use of the Line messaging app among the government officials as the probe is ongoing into the alleged data breach by the Chinese engineer. Earlier, reports emerged that the Japanese app provider Line Corp’s Chinese affiliate had access to the personal information such as the phone numbers, email, and home addresses of nearly 86 million Japanese Line app users. The Prime Minister of Japan Suga vowed efforts to step up the information and digital security following the data breach as he spoke at a House of Councillors Budget Committee meeting.


Texas: Sewell Family of Companies Discloses Breach

Permalink - Posted on 2021-03-23 18:00

The Sewell Family of Companies has concluded an investigation into a data security incident that occurred August 1, 2020, when officials learned of an unauthorized attempt to access its network. It is possible that the personal information of a portion of its community could have been exposed to individuals not authorized to view it.


Production Halted at Sierra Wireless Factories Following Ransomware Attack

Permalink - Posted on 2021-03-23 18:00

Canadian multinational Sierra Wireless has halted production at its manufacturing sites across the world after a ransomware attack has crippled its IT systems. The attack hit the company over the weekend, on Saturday, March 20, 2021, it said in SEC documents filed earlier today. The ransomware encrypted Sierra’s internal IT network, preventing staff from accessing internal documents and systems related to manufacturing and planning, which resulted in the company shutting down its manufacturing sites, most of which rely on up-to-date access to customer orders and product specifications.


Ransomwared Bank Flagstar Tells Customers It Lost Their SSNs

Permalink - Posted on 2021-03-23 18:00

Flagstar, a bank based in Michigan, reached out to customers—and even people who never had an account with the bank or had one years ago—in the last few days with the bad news, according to several victims who spoke to Motherboard, as well several public tweets. In the emails and letters, Flagstar admits that hackers accessed SSNs, a detail the bank did not publicly admit two weeks ago, when it published a disclosure about the late January hack. In other words, what was already a disastrous hack—given that the bank also lost its own employees' SSNs—just got much worse.


Only 14% of Domains Worldwide Truly Protected from Spoofing with DMARC Enforcement

Permalink - Posted on 2021-03-23 18:00

Domains without DMARC enforcement are 4.75x more likely to be the target of spoofing versus domains with DMARC enforcement. Global media companies and U.S. healthcare companies have the lowest rates of DMARC deployment and protection.


Phish Leads to Breach at Calif. State Controller

Permalink - Posted on 2021-03-23 18:00

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.


Energy Giant Shell Discloses Data Breach After Accellion Hack

Permalink - Posted on 2021-03-22 17:00

Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA). According to the company, some of the data accessed during the attack belongs to stakeholders and Shell subsidiaries.


FBI: State and Local Governments Losing Millions to BEC

Permalink - Posted on 2021-03-22 17:00

The FBI has warned state and local government organizations to be on the lookout for business email compromise (BEC) scams after revealing that millions have already been lost during the past two years. Losses from BEC campaigns ranged from $10,000 to $4m between November 2018 and September 2020, according to a new Private Industry Notification.


MangaDex Website Taken Offline Following Cyber Attack, Data Breach

Permalink - Posted on 2021-03-22 17:00

The website that hosts free manga comics has been taken offline after malicious hackers allegedly gained access to a database that housed user data. The MangaDex site was taken down for maintenance last week (March 20) after an unknown actor gained access to an administrator account. The site’s maintainers said the attacker was able to access the account through "the reuse of a session token found in an old database leak through faulty configuration of session management."


Cyber Criminals Capitalizing on Reliance on the Cloud

Permalink - Posted on 2021-03-22 17:00

90% of cyberattacks on cloud environments in the last 12 months involved compromised privileged credentials.


Eyemart Express Notice of Data Security Incident

Permalink - Posted on 2021-03-22 17:00

Once the incident was discovered on December 11, 2020, Eyemart Express immediately took steps to stop the attack and conducted a thorough investigation of the incident. The investigation revealed that the unauthorized actor accessed limited personal information for a small number of Eyemart Express customers. The information included names, e-mail addresses, and the subject lines of email communications between Eyemart Express and those customers, such as email subject lines regarding eye exam appointments and eyeglass order status updates.


AZ: Maricopa Community Colleges Cancel Classes Amid Cyber Security Issue

Permalink - Posted on 2021-03-22 17:00

The Maricopa County Community College District announced Friday it has canceled classes until March 29 after a cybersecurity issue forced its network system offline. In a statement on its website, the district said the network outage was due to suspicious activity that appears to be related to a potential cyber attack.


MO: Park Hill Schools Closed Due to Malware Attack

Permalink - Posted on 2021-03-22 17:00

The Park Hill School District was forced to cancel classes Monday due to a malware attack on the district. Classes were canceled for both in-person and online students. Officials could not comment on exactly what was targeted by the malware attack as an investigation is ongoing and now involves national experts, including the FBI. They also could not say whether student data was accessed but hope that the safety systems they have in place prevented that.


Lawsuits Being Filed After Against Providers After Accellion Breach

Permalink - Posted on 2021-03-19 17:00

The number of healthcare organizations to announced they have been affected by the ransomware attack on Accellion has been increasing, with two of the latest victims including Trillium Community Health Plan and Arizona Complete Health. Multiple lawsuits have now been filed against Accellion and its customers over the breach. Centene Corp. has filed a lawsuit against Accellion alleging it refused to comply with several provisions of its business associate agreement (BAA).


WA: Douglas County Targeted as Part of International Cyber Attack

Permalink - Posted on 2021-03-19 17:00

The attacks came from a Chinese-sponsored actor called Hafnium, according to a Microsoft news release. The group usually targets groups in the United States, such as research labs, law firms, higher education institutes, defense contractors and others.


Germany: Cyber Attack on Paint Manufacturer Remmers Being Investigated

Permalink - Posted on 2021-03-19 17:00

So far unknown perpetrators have carried out a cyber attack on the Löningen chemical company Remmers. This is reported by NDR 1 Lower Saxony. The lacquer and paint manufacturer from the district of Cloppenburg therefore had to stop large parts of its production. A company spokesman said at noon that some areas have now been started up again


NZ: Lumino Dental Firm Email Hack Sees Patient Information Accessed

Permalink - Posted on 2021-03-19 17:00

Wellington Oral Surgery, which is owned by Lumino, discovered on Monday a staff member's email account had been hacked and patients' personal information had been accessed.


Acer Data Breach, Sodinokibi Ransomware Group Publishes First Stolen Data

Permalink - Posted on 2021-03-19 17:00

The Sodinokibi (REvil) ransomware group publishes on its website, within the Tor networks, the first documents stolen from Acer during a recent cyber attack.


3 in 4 Companies Have Experienced Account Takeover Attacks in the Last Year

Permalink - Posted on 2021-03-19 17:00

The COVID-19 pandemic has accelerated cloud migration and digital transformation amongst 88% of companies and that 71% of Microsoft Office 365 deployments have suffered an account takeover of a legitimate user’s account, not once, but on average seven times in the last year, Vectra reveals.


Mom Charged in Deepfake Cheerleading Plot

Permalink - Posted on 2021-03-18 18:00

A 50-year-old mom from Pennsylvania has been arrested after allegedly using deepfake technology to tarnish the reputations her daughter's cheerleading rivals. Raffaela Marie Spone, of Chalfont, Bucks County, is accused of using technological trickery to make videos that appear to show members of a cheerleading group naked, smoking, or drinking. The deepfake videos were sent to the cheerleaders' coach in an alleged attempt to get the girls kicked off the squad. Hilltown Township Police Department launched an investigation in July last year after a minor reported that she was being harassed via text message.


Ulysses Surveillance Firm Gathering Private Consumer Automobile Data

Permalink - Posted on 2021-03-18 18:00

A surveillance contractor that has previously sold services to the U.S. military is advertising a product that it says can locate the real-time locations of specific cars in nearly any country on Earth. It says it does this by using data collected and sent by the cars and their components themselves, according to a document obtained by Motherboard.


DDoS Attacks Surge as Cyber Criminals Take Advantage of the Pandemic

Permalink - Posted on 2021-03-18 18:00

From February to September 2020, the number of DDoS attacks nearly doubled and was on average 98% higher than in the same period last year. It Is estimated that there were 50 million DDoS attacks worldwide over twelve months.


Data Breach Reported at Atascadero State Hospital

Permalink - Posted on 2021-03-18 18:00

The California Department of State Hospitals (DSH) today announced that a DSH employee with access to Atascadero State Hospital data servers as part of their information technology (IT) job duties improperly accessed approximately 1,415 patient and former patient, and 617 employee names, COVID-19 test results, and health information necessary for tracking COVID-19. The breach was identified on Feb. 25, 2021, as part of DSH’s annual review of employees’ access rights to data folders pursuant to its information and systems access rights policy and procedure. DSH is investigating the breach and has placed the principal subject of the investigation on administrative leave pending completion of the investigation.


Britian: Journalists' Personal and Bank Details Made Public After Publisher Data Breach

Permalink - Posted on 2021-03-18 18:00

The Midlands News Association has confirmed the “data security incident”, which led to the names, addresses, bank account details, National Insurance numbers and dates of birth of a number of former employees being published online. The publication of the information was made by an “unauthorised third party” and the MNA has told those affected the published details are “difficult to download and access”. The company has declined to reveal exactly how many people are affected by the breach, but HTFP understands the breach affects employees from as long ago as 2011.


AU: Eatern Health Cancels Surgeries After Cyber Attack

Permalink - Posted on 2021-03-18 18:00

Some surgeries have been cancelled at Eastern Health facilities in Victoria, following a "cyber incident" experienced late Tuesday. Eastern Health operates the Angliss, Box Hill, Healesville, and Maroondah hospitals, and has many more facilities under management. In a statement, Eastern Health said it took many of its systems offline in response to the incident.


Nikkei's Hong Kong Affiliate Hit by Unauthorized Access

Permalink - Posted on 2021-03-18 18:00

Nikkei on Wednesday said incidents of unauthorized access to some email accounts used by Nikkei China (Hong Kong), an overseas group company, and Nikkei's Hong Kong bureau have been discovered, raising concerns that personal information, including the names of customers, may have been leaked.


FBI: Over $4.2 Billion Officially Lost to Cyber Crime in 2020

Permalink - Posted on 2021-03-18 18:00

The Internet Crime Complaint Center (IC3) received last year 791,790 complaints - up by 69% from 2019 - of suspected internet crime causing more than $4 billion in losses.


Ransom Payments Have Nearly Tripled

Permalink - Posted on 2021-03-18 18:00

In 2020, ransomware targeted the manufacturing sector, healthcare organizations, and construction companies, with the average ransom reaching $312,000.


Largest Ransomware Demand Now Stands at $30 Million

Permalink - Posted on 2021-03-17 17:00

Cybersecurity researchers at Palo Alto Networks analysed ransomware attacks targeting organisations across North America and Europe and found that the average ransom paid in exchange for a decryption key to unlock encrypted networks rose from $115,123 in 2019 to $312,493 in 2020. That represents a 171 per cent year-over-year increase, allowing cyber criminals to make more money than ever before from ransomware attacks.


Coleman Group Experiences Cyber Attack

Permalink - Posted on 2021-03-17 17:00

The Coleman Group of Companies says it was the target of a cyberattack in late February and has reason to believe some of its human resources and payroll files were accessed. According to the company, those files contain names, addresses, social insurance numbers and banking information of employees both past and present.


French Data Watchdog CNIL Opens Probe Into Clubhouse App

Permalink - Posted on 2021-03-17 17:00

France’s data-protection watchdog said it’s opened a probe into private social media app Clubhouse following a complaint. French regulator CNIL said on Wednesday it questioned Alpha Exploration Co. Inc., the U.S. company behind the invite-only app, about the measures taken for the app to comply with EU rules on March 12. CNIL said the probe aims to confirm whether the EU’s General Data Protection Regulation applies to Clubhouse, even though it has no establishment in Europe. If so, the watchdog could make use of its sanctioning powers, it said.


Britian: South Gloucestershire Schools Hit by Ransomware Attack

Permalink - Posted on 2021-03-17 17:00

A number of schools in South Gloucestershire have been left without access to their IT systems after being subjected to a targeted ransomware attack. All schools in the Castle School Education Trust are affected, including Castle School and Marlwood School.


Arizona Complete Health Notifies Plan Members of Accellion Breach

Permalink - Posted on 2021-03-17 17:00

On February 26, Arizona Complete Health notified plan members of the Accellion breach. According to the notification (see below), the threat actors (who have since self-identified as CLOP) were able to “view or save” member information between January 7 and January 25, 2021.


NY: Tri County Sheriff Dispatch Hit with Ransomware Attack

Permalink - Posted on 2021-03-17 17:00

The Albany County Sheriff’s Office says on Tuesday around 9:30 p.m. the Tri County Public Safety network which includes Albany, Saratoga, and Rensselaer Counties, was hit with a ransomware attack. Their office reportedly worked throughout the night with their vendors, as well as NYDHSES Office of Counter Terrorism Cyber Incident Response Team to mitigate the attack.


More Than a Quarter of Threats Never Seen Before

Permalink - Posted on 2021-03-17 17:00

Over a quarter (29%) of threats spotted in Q4 2020 had never before been detected in-the-wild, giving attackers an advantage over their victims, according to HP Inc.


PHI of 26,600 Individuals Potentially Copied in Colorado Retina Associates Phishing Attack

Permalink - Posted on 2021-03-17 17:00

That investigation concluded on February 24, 2021 and revealed other email accounts had also been compromised, two of which contained patients’ protected health information. The nature of the attack meant that between January 6, 2021 and January 17, 2021, synching may have occurred. That means the contents of the email accounts may have been copied to the attacker’s device.


Mimecast Update: SolarWinds Hackers Stole Source Code

Permalink - Posted on 2021-03-17 17:00

Mimecast reports that the hackers used the backdoor installed in SolarWinds' Orion network monitoring tool to gain partial access to its production environment. The Tuesday update also notes: "The threat actor accessed certain Mimecast-issued certificates and related customer server connection information. The threat actor also accessed a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials."


Misconfigurd AWS S3 Bucket Exposes 103 GB of Data from Descartes Aljex Software

Permalink - Posted on 2021-03-17 17:00

The data, which belonged to New Jersy based Descartes Aljex Software, was exposed by a misconfigured AWS S3 Bucket which left it unsecured and vulnerable to intrusion. This meant that even users with no authorization could potentially gain access to the Bucket only by entering the correct URL.


Microsoft Hack Fallout Substantial for Dutch Servers

Permalink - Posted on 2021-03-17 17:00

Dutch authorities on Tuesday said that the fallout for the Netherlands from a hack on Microsoft Corp’s Exchange was substantial, with at least 1,200 Dutch servers likely to have been affected.


India: Ransomware Attack on Pimpri Chinchwad Smart City Confirmed

Permalink - Posted on 2021-03-17 17:00

Following the attack, Tech Mahindra—which manages the Pimpri Chinchwad Smart City project—filed a complaint estimating loss of Rs 5 crore, Indian Express reported. Last year, IT services provider Cognizant suffered a Maze ransomware attack, causing disruptions to clients and an estimated business impact of $50-$70 million. India is the second most impacted by cyberattacks in the Asia Pacific region after Japan, according to a recent study by IBM. About 40% of these were ransomware attacks.


More Than 16 Million COVID-Themed Cyber Attacks Launched in 2020

Permalink - Posted on 2021-03-17 17:00

In Trend Micro's "2020 Annual Cybersecurity Report," researchers wrote that they dealt with 16,393,564 threats that had a COVID-19-related tint to them, with 88% of the threats coming in spam emails and another 11% coming in the form of URLs. Malware accounted for 0.2%, or nearly 33,000, of the threats.


Chile's Bank Regulator Targeted with MS Exchange Exploit Compromise

Permalink - Posted on 2021-03-17 17:00

Chile's Comisión para el Mercado Financiero (CMF) has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities. The CMF operates under the Ministry of Finance and is the regulator and inspector for banks and financial institutions in Chile. This week, CMF disclosed that they suffered a cyberattack after threat actors exploited the recently disclosed ProxyLogon vulnerabilities in their Microsoft Exchange servers to install web shells and attempt to steal credentials.


Enterprises Wrestle with Executive Social Media Risk Management

Permalink - Posted on 2021-03-17 17:00

Executives are targets — much bigger targets than standard employees. They have access to sensitive and valuable information, control over critical systems and operations, and a major influence on brand value. Bad actors know this, which is why 84% of execs have been the target of at least one cyber campaign. In addition, 78% of IT experts believe that bad actors will likely intensify their campaigns against corporate executives in the coming months and years.


Security Threats Increasing with 70% Using Personal Devices for Work

Permalink - Posted on 2021-03-16 20:00

Samsung has revealed the results of a multi-industry research study, which identifies the main technology challenges UK businesses have faced over the last year – and the key solution they’re turning to – as the nation prepares for a future of hybrid working. Researchers surveyed decision-makers and employees in the Finance and Professional Services sectors – aimed to identify where businesses experienced the most troubling tech challenges when forced into the sudden reality of remote working. Most notably, 29% of respondents experienced increased security threats and 30% of businesses admitting to not having enough mobile devices to offer to their remote workers.


Flaw in SMS Allows Hackers to Intercept Text Messages

Permalink - Posted on 2021-03-16 20:00

A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages. Hackers can use a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to them. This overlooked attack vector shows not only how unregulated commercial SMS tools are but also how there are gaping holes in our telecommunications infrastructure, with a hacker sometimes just having to pinky swear they have the consent of the target.


British MoD Contractor Security Incidents Double in a Year

Permalink - Posted on 2021-03-16 20:00

Cybersecurity incidents at Ministry of Defence (MoD) contractors appear to have doubled over the past year, with email data leaks a particular cause for concern, according to a new report. Sky News was able to piece together some of the puzzle from Freedom of Information (FoI) requests sent to the ministry for 2020 and 2019. The report claimed that 2020 saw a record 151 such incidents reported, versus just 75 the year before. Although much of the detail in the FOI report was redacted, there were apparently “numerous” incidents when sensitive data was emailed to personal inboxes, where it could have been exposed to state-sponsored attackers. Other incidents included a physical breach to a perimeter fence at an unknown location, misconfigured IT systems and “data sent to unauthorized domain.”


The Metropolitan Area of ​​Barcelona Hit by Ransomware

Permalink - Posted on 2021-03-16 20:00

The Metropolitan Area of ​​Barcelona, ​​AMB, has suspended its digital services after suffering a computer attack that is suspected of being a Ransomware like the recent one from SEPE.


Ransomware and IoT Malware Detections Surge by Over 60%

Permalink - Posted on 2021-03-16 20:00

Ransomware threats spiked 62% globally and 158% in North America as more sophisticated variants like Ryuk targeted larger organizations with multi-staged attacks. The retail (365%), healthcare (123%) and government (21%) sectors were particularly badly hit during the pandemic. Elsewhere, there were nearly 82 million cryptojacking detections, a 28% increase from 2019 figures, driven by the rising value of digital currency. IoT malware detections surged 66% as attackers targeted home networks and remote workers, and overall there was a 74% increase in previously undetected malware variants. The shift to remote work may also be behind the 67% increase in malicious Office files, which overtook malicious PDFs to claim top spot.


99.2% of U.S. Government Android Users Are Running Outdated OS Versions

Permalink - Posted on 2021-03-16 20:00

Mobile security firm Lookout is behind the report, which looked at over 200 million mobile devices being used by U.S. federal and state government workers between January 2019 and December 2020. It found that the COVID-19 pandemic triggered a massive shift to mobile device use for government employees, which makes the security statistics it uncovered even more concerning. In contrast to Android devices, iOS users in the government sector show a high rate of adoption of the latest iOS version, with 67.8% on iOS 14. "Government agencies or departments may choose to delay updates until their proprietary apps have been tested. This delay creates a vulnerability window during which a threat actor could use a mobile device to gain access to the organization's infrastructure and steal data," the report notes.


Guns.com Experiences Data Breach

Permalink - Posted on 2021-03-16 20:00

As seen by Hackread.com, among other sensitive data, the database includes Guns.com administrator, WordPress, and Cloud log in credentials in plain-text format. As the domain name indicates, Guns.com is a major Minnesota, US-based platform to buy and sell guns online. It is also home to news and updates for gun owners and enthusiasts around the world. However, on March 9th, 2021, a database apparently belonging to Guns.com was dumped on an infamous hacker forum.


Hackers Hide Credit Card Data from Compromised Stores in JPG File

Permalink - Posted on 2021-03-16 20:00

Researchers at website security company Sucuri found the new exfiltration technique when investigating a compromised online shop running version 2 of the open-source Magento e-commerce platform. These incidents are also known as Magecart attacks and have started years ago. Cybercriminals gaining access to an online store through a vulnerability or weakness plant malicious code designed to steal customer card data at checkout. Sucuri found a PHP file on the compromised website that the hackers had modified to load additional malicious code by creating and calling the getAuthenticates function.


Almost Half of U.S. Consumer Affected by Idenity Theft from 2019-2020

Permalink - Posted on 2021-03-15 17:00

From 2019 to 2020, 47% of U.S. consumers surveyed experienced identity theft; 37% experienced application fraud (i.e., the unauthorized use of one’s identity to apply for an account)., and 38% of consumers experienced account takeover over (i.e., unauthorized access to a consumer’s existing account) over the past two years.


DE: EDAG Engineering Group AG Affected by Cyber Attack

Permalink - Posted on 2021-03-15 17:00

On March 13, 2021, EDAG became the target of an organized cyber-attack, which affected the IT-Network. Several subsidiaries of EDAG Engineering Group AG were targeted in a focused cyber-attack in the night of March 13, 2021. The existing EDAG-system landscape was partially affected.


Over 80,000 Exchange Servers Still Affected by Actively Exploited Vulnerabilities

Permalink - Posted on 2021-03-15 17:00

With the latest set of released updates, more than 95% of the Exchange Server versions that are exposed to the Internet are covered, yet tens of thousands of machines remain vulnerable. Microsoft revealed that, as of March 12, more than 82,000 Exchange servers were still left to be updated (out of 400,000 identified on March 1).


25% of U.K. Workers Let Their Children Use Their Work Device

Permalink - Posted on 2021-03-15 17:00

The survey of more than 2000 UK employees highlighted that insecure practices among home workers are prevalent, which is leaving organizations vulnerable to cyber-attacks. The findings come amid ongoing social distancing restrictions in the UK, meaning a large proportion of workers are continuing to operate remotely. As well as homeschooling, other reasons listed for allowing their children to access their work devices included homework and socializing with friends, including gaming. The authors noted that this kind of device sharing puts workers at higher risk of hacking and it is also harder for businesses to ensure key security elements such as managed network access, gateway firewalls and a secure cloud environment are used. A further blurring between professional and personal use of devices was highlighted by the fact that a substantial majority of respondents (70%) admitted they can access social media on their work devices. Poor password management was found to be another area of concern among workers. Almost three-quarters (74%) revealed they did not use different passwords for every account, with just a fifth (20%) stating that all their passwords are different, as is recommended. Additionally, nearly half (48%) of UK workers said they are able to access their work emails on their non-work devices, potentially expanding the endpoints which can be targeted by cyber-criminals.


Buffalo Public Schools Cancels Classes After Cyber Attack

Permalink - Posted on 2021-03-15 17:00

The attackers, who encrypted the school’s computers, have not made any ransom demands yet, The Buffalo News reported. But the FBI has determined that the hackers’ demand is likely between $100,000 and $300,000, according to the The Buffalo News.


Hackers Hit 32 Indian Firms via Microsoft Email Servers

Permalink - Posted on 2021-03-15 17:00

New Delhi, At least 32 Indian organisations have been attacked by hackers who exploited vulnerabilities in unpatched Microsoft business email servers, a new report warned on Monday, adding that the finance and banking institutions have been hit the most in the country. The finance and banking institutions (28 per cent) in India are followed by government\military organisations (16 per cent), manufacturing (12.5 per cent), insurance\legal (9.5 per cent) and others (34 per cent), according to Check Point Research. Overall, the hacking attempts on organisations using the services of those unpatched on-premises servers have multiplied by more than six times (or tripled) in the past 72 hours. The country most attacked was the US (21 per cent of all exploit attempts), followed by The Netherlands (12 per cent) and Turkey (12 per cent), along with India. Most targeted industry sector has been government/military (27 per cent of all exploit attempts), followed by manufacturing (22 per cent), and then software vendors (9 per cent), the researchers noted.


New London Hospital Data Breach Affects Almost 35,000 Patients

Permalink - Posted on 2021-03-12 19:00

New London Hospital in central New Hampshire has discovered an unauthorized individual gained access to a file on its network in July 2020 and may have obtained the protected health information of 34,878 patients. A third-party cybersecurity firm was engaged to assist with the investigation and determined on February 16, 2021 that the file was accessed for a short period and may have been copied. The file contained patient names, limited demographic information, and Social Security numbers; however, no diagnosis, treatment, or hospitalization information was compromised. New London Hospital is unaware of any misuse of information contained in the file. The network system on which the file was stored is no longer used by the hospital.


Unsecured Amazon S3 Buckets Contained ID Card Scans of 52,000 Individuals

Permalink - Posted on 2021-03-12 19:00

Premier Diagnostics, a Utah-based COVID-19 testing service, has inadvertently exposed the protected health information of tens of thousands of individuals. Two Exposed Amazon S3 buckets were discovered by Bob Diachenko of Comparitech on February 22, 2021. It was not initially clear who owned the data, which related to patients from Utah, Nevada, and Colorado. The S3 buckets were eventually traced to Premier Diagnostics. The S3 buckets contained two databases, one of which included around 200,000 images of scans of ID cards such as driver’s licenses, passports, state ID cards, medical insurance cards, and other IDs documents. The databases had been indexed by search engines and could be accessed over the Internet without a password.


Multistate Settlement Reached with AMCA Over Data Breach

Permalink - Posted on 2021-03-12 19:00

A coalition of 41 state Attorneys General has agreed to settle an investigation into Retrieval-Masters Creditors Bureau dba American Medical Collection Agency (AMCA) over a 2019 data breach that resulted in the exposure/theft of the protected health information of 21 million Americans.


NY: Home Care Agency Notifies More Than 92,000 After Ransomware Attack

Permalink - Posted on 2021-03-12 18:00

The type of information accessed varied depending on the individual, but may have included your name, contact and demographic information such as address, email, phone number, and date of birth; financial information such as bank account number; and Social Security number; and medical information related to health assessments, physicals, drug screens, vaccinations and TB tests, as well as FMLA and worker’s compensation claims.


Germany: Ebeleben City Victim of Cyber Attack

Permalink - Posted on 2021-03-12 18:00

The city administration of Ebeleben was the victim of a massive hacker attack on Wednesday. All servers are out of order, it says from the town hall. For this reason, the city administration will remain closed until Tuesday, March 16, inclusive.


Hackers Attack City of Covington, LA Computer Systems

Permalink - Posted on 2021-03-12 18:00

The City of Covington has become the victim of a cyberattack. “Currently we are locked out of all computer and phone systems including Police, Fire, Public Works, Finance, and access to all e-mail,” officials said Thursday. The cyberattack did not impact Covington’s 911 service. Its not clear at this time what other services are impacted or how long it will be before the computer systems are recovered.


Microsoft Exchange Servers Targeted by DearCry Ransomware Abusing ProxyLogon Bugs

Permalink - Posted on 2021-03-12 18:00

A threat actor is currently exploiting the ProxyLogon vulnerabilities to install ransomware on unpatched Microsoft Exchange email servers and encrypt their content, Microsoft confirmed today. The attacks have been taking place since at least Tuesday, March 9, and were discovered after victim organizations uploaded copies of the ransom note on ID-Ransomware, a web-based tool for identifying the name of a ransomware strain that has encrypted a victim’s systems. Once a server has been attacked and their data encrypted, files on the server have an extra .CRYPT file extension added at the end. To decrypt their files, the ransomware asks for ransoms varying between $50,000 and $110,000, MalwareHunterTeam told The Record.


Hackers Rushed in as Microsoft Raced to Avert Cyber Attack

Permalink - Posted on 2021-03-12 18:00

On Feb. 26, before Microsoft released its patches, attackers began infiltrating those email systems en masse -- almost as though they knew their window of opportunity was about to close, said Ryan Kalember, executive vice president of cybersecurity strategy at the email security firm, Proofpoint Inc. Microsoft is now investigating the possibility of a leak that may have triggered these mass Exchange compromises ahead of its patch release, according to two sources with knowledge of the company’s response to the attack. The sources, who weren’t authorized to speak on the matter, said a leak, if indeed there was one, may have come from one of the company’s security or government partners, or from independent researchers. A leak may have been malicious, or it could have been part of a separate security breach, they said. A Microsoft spokesperson declined to comment on the investigation.


Fastway Couriers Exposed Over 440,000 Parcel Deliveries in Hack

Permalink - Posted on 2021-03-12 18:00

The Irish Data Protection Commission says it’s received a breach notification from Fastway Couriers. The customer data impacted includes: names, addresses, email accounts and phone numbers.


AU: Victory Youth Data Exposed in Gov't System Abuse

Permalink - Posted on 2021-03-12 18:00

A youth case worker stood down from a Victorian health department service provider on suspicion of accessing child pornography continued to access sensitive information about clients for months afterwards, according to a data breach inquiry into the incident. Failings in the department’s privacy protections meant the man – who was also subject to a separate investigation into an alleged child sex offence – had unauthorised access to the personal information of dozens of vulnerable people for more than a year, according to the report which found “serious” contraventions of Victorian privacy principals by the department.


50,000 Premier Diagnostics Customers Have Data Leaked After Breach

Permalink - Posted on 2021-03-12 18:00

A Consumer privacy watchdog, "Comparitech," found that Lehi based company Premier Diagnostics was storing sensitive customer information on a publicly accessible server, leading to a potential data breach for over 50,000 customers.


Rise in Remote Work Leads to Increase in IT Security Gaps

Permalink - Posted on 2021-03-12 18:00

Companies have not done enough to prevent heightened security risk in light of remote working, according to Lynx Software. In fact, 36% have been, or know someone who has been, impacted by a cybersecurity attack since the start of COVID-19.


Canada Revenue Agency Sees 800,000 Accounts Exposed in Email Phishing Schemes

Permalink - Posted on 2021-03-12 18:00

The tax agency says impacted users will be locked out of their accounts as a preventive measure until they create a new user ID and password.


Another 210,000 Americans Affected by Netgain Ransomware Attack

Permalink - Posted on 2021-03-11 18:00

On December 3, Netgain notified Woodcreek that the protected health information of patients was stored on servers affected by the cyber-attack and may have been accessed by threat actors. Other data that may have been compromised included the personal information of Woodcreek employees, healthcare providers, applicants, contractors, and individuals receiving services delivered by MultiCare Health Systems and/or Woodcreek Provider Service. Confirmation of what data was involved in the attack was only received by Woodcreek on January 18, 2021. The company is now taking steps to notify affected individuals in writing.


Third of Office Workers Warned After Sharing Data via Unofficial Apps

Permalink - Posted on 2021-03-11 18:00

Almost a third (30%) of global office workers have been admonished by their bosses after sending sensitive business and personal information via non-approved online channels, according to Veritas Technologies. The data protection vendor polled 12,500 white collar workers in Europe, the Middle East, APAC and the US to better understand the risks they’re taking during lockdown. The vast majority admitted to sharing business-critical data (71%) and sensitive personal information (75%) via IM or online collaboration apps like Teams and Zoom.


Cost of 2020 U.S. Healthcare Ransomware Attacks Estimated at $21 Billion

Permalink - Posted on 2021-03-11 18:00

Ransom demands were issued ranging from $300,000 to $1.14 million, with data from Coveware indicating an average ransom demand of $169,446 in 2020. $15.6 million in ransoms were demanded from healthcare organizations in the United States in 2020, and $2,112,744 is known to have been paid to ransomware gangs in 2020. The true figure is substantially higher as many ransoms were paid but the amounts were not publicly disclosed.


Walmart: Notice of Data Security Incident

Permalink - Posted on 2021-03-11 18:00

Walmart was informed by one of its suppliers that a data hosting service they used was compromised on January 20, 2021. An unauthorized party accessed the service and stole records from that service provider. Some of those records included information about a confined number of Walmart pharmacy patients. The investigation revealed the information affected may have included some patient names, addresses, dates of birth, telephone numbers, information about medications such as drug name and strength, prescription numbers, prescriber information such as prescriber name, and dates associated with the prescription, such as fill dates.


Molson Coors Brewing Operations Disrupted by Cyber Attack

Permalink - Posted on 2021-03-11 18:00

In a Form-8K filed with the SEC today, Molson Coors disclosed that they suffered a cyberattack on March 11th, causing significant disruption to their operations, including the production and shipment of beer.


U.S. Schools Faced Record Number of Security Incidents in 2020

Permalink - Posted on 2021-03-11 18:00

The K-12 Cybersecurity Resource Center reports an 18% increase in security incidents as schools moved classes online. Data breaches and leaks were the most reported type of incident (36%), followed by ransomware (12%), DoS (5%), and phishing (2%). Most (45%) fall under the umbrella of "other," including new attacks that surfaced in the second quarter as COVID-19 began to rise and schools moved online.


Japan: 310,000 Have Information Leaked in Urban Research Breach

Permalink - Posted on 2021-03-10 17:00

The information that is believed to have been viewed corresponds to the address, name, telephone number, email address, date of birth, gender, member ID, member stage, etc.


German Soccer Club Stuttgart Fined for Data Breach

Permalink - Posted on 2021-03-10 17:00

German soccer club Stuttgart has been fined 300,000 euros ($357,000) for misusing private data about its members, a regulator said Wednesday. Stuttgart had been accused of passing on data which was potentially useful for marketing to third parties without informing members.


City Company Booked for Data Theft After Complaint from U.S.

Permalink - Posted on 2021-03-10 17:00

In what may be a first instance for the city, a local company and its director have been booked for data theft on a complaint filed by a foreign national. The Pune cyber police have registered an FIR against city-based Honey Software Company and its director, Sampurna Atmaramnani for copying and deleting confidential data, causing a loss of $1.2 million to a New York-based company.


American Companies Not Taking Cyber Security Seriously

Permalink - Posted on 2021-03-10 17:00

Lynx Software asked 1,000 Americans employed during the pandemic about their employer's approach to cybersecurity since the outbreak of COVID-19. Of those surveyed, 51% said that their companies have not been taking cybersecurity seriously. Nearly half (48%) said that they were not aware of their company's implementing any strict IT security policies since the novel coronavirus took hold. Just under two-thirds (60%) said that they had not been prohibited from using certain tools or apps that fell short of high security standards.


Phishing Attack Impacts Saint Alphonsus Health System and Saint Agnes Medical Center Patients

Permalink - Posted on 2021-03-10 17:00

A phishing attack on Saint Alphonsus Health System in Boise, ID has resulted in the exposure of patient information and has also impacted patients of Saint Agnes Medical Center in Fresno, CA.


210K MultiCare Health System and Woodcreek Healthcare Patients Affected by Ransomware Attack

Permalink - Posted on 2021-03-10 17:00

Potentially compromised information includes: Names, addresses, medical record numbers, dates of birth, Social Security numbers, health insurance information, insurance claims, explanation of benefits statements, clinical notes, referral requests, lab test reports, decision not to vaccinate forms, authorization requests for services, treatment approvals, records requests, immunization information, vaccine records, prescription requests, release of information forms, subpoena records requests, medical record disclosure logs, incident reports, invoices, correspondence with patients, student identification numbers, bank account numbers, employment related documents, court documents, DEA certificates, payroll withholding and insurance deduction authorizations, benefit and tax forms, employee health information and some medical records.


Up to $223 Billion of the World’s Top 100 Brands' Value at at Risk from Data Breach

Permalink - Posted on 2021-03-10 17:00

Infosys and Interbrand found that industries such as Technology, Financial Services,, and Automotive might suffer a higher overall brand value at risk from data breaches, whereas Luxury brands and Consumer Goods face greater value at risk as a percentage of their net income.


Norway Parliament Data Stolen in Microsoft Exchange Attack

Permalink - Posted on 2021-03-10 17:00

Norway's parliament, the Storting, has suffered another cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities. These attacks were originally attributed to a China state-sponsored hacking group known as HAFNIUM who used the vulnerabilities to compromise servers, install backdoor web shells, and gain access to internal corporate networks.


Ryuk Ransomware Hits 700 Spanish Government Labor Agency Offices

Permalink - Posted on 2021-03-10 17:00

SEPE director Gerado Guitérrez confirmed that the agency's network systems were encrypted by Ryuk ransomware operators after the incident. The attack has caused hundreds of thousands of appointments made through the agency throughout Spain to be delayed, according to CSIF (the Central Sindical Independiente y de Funcionarios), a Spanish labor union of administration workers.


76% of Employees Have Been Granted Inappropriate Access to Sensitive Data During Pandeminc

Permalink - Posted on 2021-03-09 17:00

The onset of COVID-19 and resulting distributed workforce have introduced new and complex challenges for businesses, with 45% of IT decision-makers reporting increased pressure from the board around the security of their organization. These findings highlight an increased concern over identity-based threats and the need for user access visibility across the IT estate as organizations navigate their zero trust journey.


Cosco Shipping Hacked Again

Permalink - Posted on 2021-03-09 17:00

Cosco Shipping, the world's largest containerline, is in the midst of another hacking incident that has wreaked havoc on the email systems of its employees.


Spain: Diego Larrouy and Carlos del Castillo Infected with Ryuk Ransomeware

Permalink - Posted on 2021-03-09 17:00

The website of SEPE, the public employment system, is down this Tuesday as a result of a cyberattack that SEPE’s computer systems have received. Sources from the Ministry of Labor indicate that at the moment the origin is unknown and work is being done to raise the service.


Data Leak at Dutch Foreign Credential Assessment Service Impacts 18,000

Permalink - Posted on 2021-03-09 17:00

The leak was discovered on February 9. It then emerged that the data could be viewed by developers since August 11 last year already.


Third French Hospital Hit by Cyber Attack

Permalink - Posted on 2021-03-09 17:00

The 320-bed facility in Oloron-Sainte-Marie near the Pyrenees mountains was hit by the attack on Monday, with screens displaying a demand in English for $50,000 in Bitcoin. Hospital workers have had to revert to working with pens and paper, since digital patient records are not available. The management system, used to monitor medicine stocks and other supplies, has also been affected at a time when the hospital is taking part in vaccination efforts against Covid-19.


West Ham Supporters' Personal Details Leaked on Club Website

Permalink - Posted on 2021-03-09 17:00

English Premier League football club West Ham United appears to have accidentally leaked personal data of supporters on its official website, potentially leaving fans exposed to phishing attacks. Under GDPR rules, West Ham should be directly contacting any supporters whose information was exposed. In the meantime, fans are advised to be on the lookout for unsolicited communications that contain links or requesting financial details.


The Launch of Williams New FW43B Car Ruined by Hackers

Permalink - Posted on 2021-03-09 17:00

The Williams team presented its new Formula One car on Friday, but hackers partially ruined the launch by hacking an “augmented reality” app that was designed to show the new vehicle. The British team, now owned of the American investment firm Dorilton Capital was presenting the new FW43B car, which has “a dramatic new visual identity sporting a livery inspired by Williams’ all-conquering cars of the 1980s and 1990s, combining blue, white and yellow accents.” The formula 1 team planned to use an augmented reality app to present the car and give the fans an immersive experience, but “the app was hacked prior to launch.”


Virginia Passes New Data Protection Law

Permalink - Posted on 2021-03-08 17:00

Virginia governor Ralph Northam has signed a new state data protection act into law. The Virginia Consumer Data Protection Act (CDPA) requires people conducting business in the Commonwealth of Virginia to comply with a novel set of data security and privacy requirements. The CDPA, which mirrors some of the provisions laid out in the EU's General Data Protection Regulation (GDPR), comes into effect on January 1, 2023. Businesses found to have violated the CDPA will be given 30 days to correct their behavior before they are fined up to $7,500 per violation by the Virginia attorney general. While similarities exist between the CDPA and the GDPR and also between the CDPA and the California Consumer Privacy Act (CCPA) that took effect on January 1, 2020, the laws are different enough so that compliance with one does not equal compliance with the other. Under the CDPA, Virginia residents have the right to view and obtain the personal data held by a covered entity, to correct errors in it, and to delete it.


E.U. Banking Regulator Hit by Microsoft Email Hack

Permalink - Posted on 2021-03-08 17:00

The European Banking Authority, a key EU financial regulator, says it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group.


Flagstar Bank Customer Data Breached Through Accellion Hack

Permalink - Posted on 2021-03-08 17:00

The financial organization has not revealed how many customers have been embroiled in the leak, or what records may have been compromised. The bank added that anyone thought to be involved will be contacted via mail and "will receive information regarding free credit monitoring services."


University of the Highlands and Islands Shuts Down After Cyber Attack

Permalink - Posted on 2021-03-08 17:00

The University of the Highlands and Islands (UHI) in Scotland is fending off "an ongoing cyber incident" that has shut down its campuses. In a message to students and staff yesterday afternoon, the institution, which spans 13 locations across the northernmost part of the UK, warned that "most services" – including its Brightspace virtual learning environment – were affected.


PHI of More Than 100,000 Elara Caring Patients Potentially Compromised in Phishing Attack

Permalink - Posted on 2021-03-05 17:00

In mid-December, suspicious activity was identified in some employee email accounts. Prompt action was taken to secure the accounts to prevent further unauthorized access and a third-party security firm was engaged to investigate the breach. The investigation confirmed that multiple employee email accounts had been accessed by an unauthorized individual, although no evidence was found to suggest any patient information in those accounts was viewed or obtained by the attackers. It was, however, not possible to rule out data theft.


Small and Medium Sized Practices Under Increased Pressure from Cyber Attacks

Permalink - Posted on 2021-03-05 17:00

2020 saw cyberattacks on healthcare organizations increase significantly. While large healthcare organizations are being targeted by Advanced Persistent Threat (APT) groups and ransomware gangs, there has also been a marked increase in attacks on small- to medium-sized healthcare organizations.


Exchange Server Attacks Spread After Disclosure of Flaws

Permalink - Posted on 2021-03-05 17:00

One day after Microsoft disclosed four zero-day flaws in Microsoft Exchange email servers, attackers are going on a wide hunt for vulnerable machines, some security experts say. And if some U.S. federal agencies haven't been busy enough with the SolarWinds crisis, there's a new urgent immediate task at hand: looking for signs their Exchange servers may have been compromised.


South Africa Opposes WhatsApp-Facebook Data Sharing

Permalink - Posted on 2021-03-05 17:00

South Africa's information regulator has protested WhatsApp's plans to share user data with Facebook, vowing to engage directly with the popular messaging app to ensure its compliance to national privacy laws.


Hackers Obtain Sensitive Data on U.K. Aid Projects Overseas

Permalink - Posted on 2021-03-05 17:00

Hackers have obtained sensitive documents relating to British aid projects, including details related to projects funded by a secretive national security fund. The Foreign, Commonwealth and Development Office (FCDO) and experts from the National Cyber Security Centre (NCSC), an arm of GCHQ, are investigating how a “third party” came to obtain the data. The FCDO has also told companies and individuals involved in pitching tenders for UK government projects that their personal data has been compromised. An email from the FCDO said: “Some of these documents included your personal details, compromising some, or all, of the following categories: your name, work and contact details, location and nationality.”


Southern Illinois University School of Medicine Impacted by Accellion Breach

Permalink - Posted on 2021-03-05 17:00

It appears that SIU was impacted by the Accellion breach that has been in the news a lot this past month. SIU is the first entity, however, to disclose that the incident impacted protected health information (PHI), although as DataBreaches.net reported, this site found what might be PHI in Jones Day’s dumped data.


GAO Report Finds DOD's Weapons Programs Lack Clear Cyber Security Guidelines

Permalink - Posted on 2021-03-05 17:00

As part of its so called congressional watchdog duties, the GAO found that Defense Department weapons programs are failing to consistently incorporate cybersecurity requirements into contract language. For instance, three out of five contracts reviewed by the GAO had no cybersecurity requirements written into the contract language when they were awarded, with only vague requirements added later. And out of the four military service branches, only the Air Force has a record of issuing service-wide guidance on cybersecurity requirements in contracts.


Hacked SendGrid Accounts Used in Phishing Attacks to Steal Logins

Permalink - Posted on 2021-03-05 17:00

A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid.


SITA Data Breach Affects Millions of Travelers from Major Airlines

Permalink - Posted on 2021-03-05 17:00

The total number of travelers impacted remains unclear but the figure is over 2.1 million, most of them being participants in Lufthansa Group’s Miles & More frequent flyers and awards program, the largest in Europe.


80% of Senior IT Leaders See Cyber Security Protection Deficits

Permalink - Posted on 2021-03-05 17:00

That high level of concern over the ability to withstand cyber threats in today's complex IT environment is causing 91% of organizations to increase their cybersecurity budgets in 2021, nearly matching the 96% that boosted IT security spending in 2020, according to the survey by Insight's Cloud + Data Center Transformation team.


COVID19 Vaccine Phishing Scams Surge 26% in Three Months

Permalink - Posted on 2021-03-04 18:00

Vaccine-related phishing and Business Email Compromise (BEC) attempts jumped 26% in a recent three-month period, as scammers ramped up their efforts against organizations, according Barracuda Networks. The security vendor’s Threat Spotlight, analyzed phishing emails between October 2020 and January 2021. It revealed that, while the volume of vaccine-related spear-phishing attacks increased by 12% following announcements from Pfizer and Moderna in November 2020, this figure had more than doubled by the end of January 2021, after successful rollouts of the jab. This clearly shows the extent to which cyber-criminals tweak their campaigns to coincide with real-world news events and public awareness.


Ransomware Attacks Soared 150% in 2020

Permalink - Posted on 2021-03-04 18:00

The average ransom demand stood at $170,000 last year, but groups like Maze, DoppelPaymer, and RagnarLocker averaged between $1 million and $2 million.


Tens of Thousands of Individuals Affected by AllyAlign Health Ransomware Attack

Permalink - Posted on 2021-03-04 18:00

According to the breach notification letters sent to affected individuals, AllyAlign Health first became aware of the attack on November 14, 2020. An investigation of the incident found the systems accessed by the attackers contained members’ first and last names, addresses, dates of birth, Social Security numbers, Medicare health insurance claim numbers, Medicare beneficiary identifiers, medical claims histories, health insurance policy numbers, and other medical information.


Up to 100,000 Individuals Affected by Cochise Eye and Laser Ransomware Attack

Permalink - Posted on 2021-03-04 18:00

he Sierra Vista, AZ-based ophthalmology and optometry provider Cochise Eye and Laser experienced a ransomware attack on January 13, 2021 that resulted in the encryption of its patient scheduling and billing software. The attack prevented Cochise Eye and Laser from accessing any data in its scheduling system. Eye care services continued to be provided to patients, with the practice reverting to using paper charts. According to a February 17, 2021 breach notice on its website, paper charts were still in use as the scheduling system remained out of action.


15 Schools in Nottinghamshire Crippled by Cyber Attack

Permalink - Posted on 2021-03-04 18:00

Schools across Nottinghamshire have had to shut down their IT networks after a central trust that manages their systems was hit by a cyber attack. All 15 secondary schools that are part of the Nova Education Trust are currently unable to access emails or their websites, and are still unable to conduct lessons remotely.


Singapore Airlines Hit in Third-Party Data Security Breach

Permalink - Posted on 2021-03-04 18:00

Data belonging to 580,000 Krisflyer and PPS members have been compromised in a cybersecurity attack that hit air transport IT company SITA, making Singapore Airlines the second carrier in the week to report a data breach.


32% of Enterprises Experienced Unauthorized Access to Coud Resources

Permalink - Posted on 2021-03-04 18:00

Dimensional Research revealed that 32% of enterprises experienced unauthorized access to cloud resources, and another 19% were unaware if unauthorized access occurred. This was found to be largely driven by poor enforcement of identity and access management (IAM) policies in the cloud.


5 Million Adecco.com Users' Data Leaked

Permalink - Posted on 2021-03-04 18:00

Adecco has suffered a data breach in the past. In August 2019, Adecco Group informed Belgium’s privacy regulator that the biometric data of roughly 2,000 of the employees for its Belgian unit had been compromised due to a breach of Suprema ID Inc., which had supplied biometric services for Adecco. The database appears to have been left open to the public with weak credentials. The year for this database is listed as 2021.


CompuCom MSP Confirms Ongoing Outage Following Malware Incident

Permalink - Posted on 2021-03-04 18:00

BleepingComputer was told that CompuCom began contacting customers to alert them that they had been compromised by malware soon after the attack. However, customers were not told what type of attack occurred and whether it was ransomware. In later conversations with affected customers, BleepingComputer learned that CompuCom had disconnected their access to some customers to prevent the malware's spread. Another customer told us that they had detached from CompuCom's VDIs (Virtual Desktop Infrastructure) to ensure their data was not affected by the attack. Unfortunately, based on the information BleepingComputer has received and the statement by CompuCom, the company has most likely suffered a ransomware attack.


Password Reuse at 60% as 1.5 Billion Combos Discovered Online

Permalink - Posted on 2021-03-03 19:00

Some 854 breach incidents, up a third from 2019, leaked on average 5.4 million records each. Poor password security is still rife: for users with more than one password stolen last year, SpyCloud found that 60% of credentials were reused across multiple accounts, exposing them to credential stuffing and other brute force tactics.


Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Permalink - Posted on 2021-03-03 19:00

The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.


AllyAlign Notifies 76,348 Members and Providers of Ransomware Attack

Permalink - Posted on 2021-03-03 19:00

According to AAH’s notification letter, the attack occurred on November 13, and was detected on November 14. AAH considered the incident to be “discovered” on February 2.


British Firm Polecat Company Left 30TB Server Exposed

Permalink - Posted on 2021-03-03 19:00

Polecat, which successfully predicted the outcome of the 2016 US Presidential Election, had potentially conducted a similar set of research less than a week before the 2020 US Election. The leak was discovered on October 29, 2020. By the next day, the server showed evidence of a Meow attack that wiped out more than half the data. Subsequent attacks wiped out even more.


Navajo Nation Hospital Targeted by Ransomware Hack

Permalink - Posted on 2021-03-03 19:00

Publicly available details about the hack are scarce, and the hospital has declined to comment beyond confirming that the security breach briefly forced its staff off its computers. But sensitive employee files posted online by a hacker group known for ransomware attacks and seen by NBC News indicated just how deep an attack the hospital had suffered: files on everything from job applications and background checks to staff injury reports.


GA: Atlanta Allergy & Asthma Hit by Nefilim Threat Actors

Permalink - Posted on 2021-03-03 19:00

The 1.3 GB compressed archive extracted to 2.5 GB of data consisting of 597 files with PHI on what appears to be thousands of named patients. The files are not just current or recent billing-related files: spreadsheets organized by type of health insurance, including records on outstanding claims from 2017 and 2018 were also dumped in the “Electronic Remits” folder, as were more than 100 audits, where each audit might be a multi-page detailed review of a patient’s case.


PA: Cyber Attack Affecting Hanover Area

Permalink - Posted on 2021-03-03 19:00

A cyber attack has impacted Hanover Area School District and some neighboring school districts, Superintendent Nathan Barrett said Tuesday during a virtual school board meeting. The district experienced intermittent internet issues on Monday and Tuesday, Barrett said. Board President John Mahle contacted the Army National Guard to investigate with its domestic cyber operations division “to identify where the problem points are,” Barrett said.


Telemarketing Business CallX Exposes 114,000 in Cloud Config Error

Permalink - Posted on 2021-03-03 19:00

A US telemarketing company has leaked the personal details of potentially tens of thousands of consumers after misconfiguring a cloud storage bucket, Infosecurity can reveal. A team at vpnMentor led by Noam Rotem found the unsecured AWS S3 bucket on December 24 last year. It was traced to Californian business CallX, whose analytics services are apparently used by clients to improve their media buying and inbound marketing. Rotem found 114,000 files left publicly accessibly in the leaky bucket. Most of these were audio recordings of phone conversations between CallX clients and their customers, which were being tracked by the firm’s marketing software. An additional 2000 transcripts of text chats were also viewable.


Ursnif Trojan Has Targeted Over 100 Italian Banks

Permalink - Posted on 2021-03-03 19:00

First discovered in 2007, Ursnif began its journey as a simple banking Trojan. The information stealer's code was leaked on GitHub and has since evolved and has become more sophisticated, with its code being developed independently and also appearing as part of the Gozi banking malware.


Mortgage Company to Pay $1.5 Million Following Phishing Attack

Permalink - Posted on 2021-03-03 19:00

Residential Mortgage Services Inc. has agreed to pay $1.5 million as part of a cybersecurity settlement with the New York State Department of Financial Services, the regulator announced. The settlement comes after an examination found in July that the mortgage provider had suffered a cyber breach and didn’t report it to the financial services regulator, thereby violating its Cybersecurity Regulation. The company fell prey to a phishing attack in March 2019 that compromised loan applicants’ sensitive personal data, but didn’t conduct an investigation and identify the consumer data exposed until prompted to do so by the regulator last year.


Quarter of Healthcare Apps Contain High Severity Bugs

Permalink - Posted on 2021-03-02 18:00

A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode. The security vendor broke out sector-specific data collected for its State of Software Security report and claimed that three-quarters (75%) of healthcare applications contained some kind of vulnerability. This is about on par with the cross-sector average, which stands at 76%.


Payroll/HR Giant PrismHR Hit by Ransomware

Permalink - Posted on 2021-03-02 18:00

PrismHR, a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services.


Hackers Control Perl.com Domain Months Before Hijack

Permalink - Posted on 2021-03-02 18:00

Serving articles about the Perl programming language since 1997 and managed by The Perl Foundation, the domain started pointing to a parked site at the end of January, with evidence suggesting connections to sites distributing malware. The issue, some of those involved with maintaining the site said at the time, was related to an account hijack that resulted in an unknown party being able to grab the domain for ten years.


European E-Ticketing Platform Ticketcounter Extorted in Data Breach

Permalink - Posted on 2021-03-02 18:00

A Dutch e-Ticketing platform has suffered a data breach after a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.


Hackers Use Search Engine Optimization to Deliver Malware

Permalink - Posted on 2021-03-02 18:00

To trick victims into visiting infected websites, "Gootloader uses malicious search engine optimization techniques to squirm into Google search results," Sophos notes. "These techniques are effective at evading detection over a network – right up to the point where the malicious activity trips over behavioral detection rules." When someone enters certain keywords into a Google search, they are shown the link to the malicious website. Once they visit the website, they are then prompted to download a zip file that installs Gootloader, which then loads REvil ransomware and the Gootkit and Kronos Trojans, the report notes.


Malaysia Airlines Suffers Data Security Exposure Spanning Nine Years

Permalink - Posted on 2021-03-02 18:00

Security breach compromises personal data of the airline's frequent flyer programme Enrich, including members' contact details and date of birth, at some point between March 2010 and June 2019, and reportedly involved a third-party IT service provider.


Chinese Hackers Target Indian Vaccine Makers SII, Bharat Biotech

Permalink - Posted on 2021-03-02 18:00

A Chinese state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the country’s immunisation campaign, cyber intelligence firm Cyfirma told Reuters.


Fitness Studio Management Platform Mariana Tek Exposed 1.5+ Million User Records

Permalink - Posted on 2021-03-02 18:00

We have recently discovered an exposed data bucket that belongs to Mariana Tek, a US-based software company. The unsecured bucket contained more than 1.5 million user records, including usernames, full names, street and email addresses, phone numbers, postal codes, account balances, and more. The CSV files that contained the records were stored on an Amazon Web Services server that was publicly accessible. This means that anyone with a direct URL to the files, including bad actors, could have accessed the data that was left out in the open.


Oxfam Australia Supporters Embroiled in New Data Breach

Permalink - Posted on 2021-03-02 18:00

Oxfam Australia has confirmed a data breach after a database belonging to the organization was leaked on an underground forum. After being made aware of a suspected security incident by Bleeping Computer, the charity's Australian arm has now confirmed that supporters of the charity have been impacted. A threat actor was attempting to sell a database containing Oxfam Australia records on an underground forum and this information appears to have subsequently been leaked in February.


SolarWinds Reports $3.5 Million in Expenses from Supply-Chain Attack

Permalink - Posted on 2021-03-02 18:00

SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation. Further expenses were recorded by SolarWinds after paying for legal, consulting, and other professional services related to the December hack and provided to customers for free.


Half of Organizations Concerned Remote Working Puts Them at Greater Risk of Cyber Attacks

Permalink - Posted on 2021-03-01 17:00

A large majority (80%) of organizations admitted that a portion of their workforce use personal computers to work from home, while two in five said that over 50% of their staff rely on at-home Wi-Fi networks to operate. As a result, of the CIOs, CTOs and IT decision makers surveyed in the UK, a third (33%) listed addressing security gaps as one of their top motives for consolidating remote work tools and solutions.


70% of Organizations Facing New Security Challenges Due to Pandemic

Permalink - Posted on 2021-03-01 17:00

Highlighting the security challenges that have arisen as a result, those polled cited upticks in risky behavior from remote working employees including the storing of sensitive data (41%), clicking on phishing emails (38%) and inappropriate admin access (37%). What’s more, 30% said they had observed their end users failing to update software.


Asian Food Distribution Giant JFC International Hit by Ransomware

Permalink - Posted on 2021-03-01 16:00

JFC International, a major distributor and wholesaler of Asian food products, last week revealed that it was recently targeted in a ransomware attack that disrupted some of its IT systems. The attack apparently only impacted JFC International’s Europe Group, which said it had notified authorities, employees and business partners about the incident.


Italy: Caffitaly Impacted by Cyber Attack on a Supplier

Permalink - Posted on 2021-03-01 16:00

A cyber attack by hackers targeted the logistics of the capsules of one of the most important Italian and international manufacturers. This is the Caffitaly of Gaggio Montano (Bologna) on the Bolognese Apennines. So in recent days there has been a shortage of Caffitaly capsules. The reason is obvious: there were logistical problems in the deliveries suffered by the company from Gaggio Montano coinciding with the transfer of the warehouses from the headquarters on the Apennines to the new hub in the center of the Po Valley in Capriate in the province of Bergamo. Added to this was a large-scale cyber attack against one of the group’s suppliers. Which, out of prudence, convinced the company that was founded by Giovanni Zaccanti and Sergio Zappella to suspend some activities, thus slowing down distribution in a cascade


City of Kingman Government Computer System Hit by Cyber Attack

Permalink - Posted on 2021-03-01 16:00

According to a Sunday release from spokeswoman Colleen Haines, the city became aware of the attack "throughout the entire computer system" on Friday. The FBI, Department of Homeland Security, and Arizona National Guard Cyber Joint Task Force have all been in contact to help address the hack. Haines said as of Sunday afternoon, the city still has no access to email and can only work with customers through phone calls or in-person appointments. She said some operations can be done manually, but others won't be possible until the system is repaired. It is unclear at this point when the systems will be fully functional again.


San Diegans' Personal Information Provided to Jewish Family Service Exposed Online

Permalink - Posted on 2021-03-01 16:00

Jewish Family Service of San Diego, a prominent nonprofit aid organization, exposed thousands of messages, some with identifying information from people seeking help with everything from paying rent to escaping abusive relationships. The social-services charity, which helps people in crisis regardless of their faith, learned of the data breach Monday night, after a San Diego Union-Tribune reporter stumbled upon the material online. More than 5,000 messages submitted through the public contact form on the organization’s websites over the past two years were made public.


Philippine Civil Service Commission Data Breach, Thousands of User Details Exposed

Permalink - Posted on 2021-03-01 16:00

This kind of security sums up the country’s approach to cybersecurity where users and even companies were asked to strictly follow cybersecurity rules or else face sanctions and penalties, yet government agencies holding user data are using inferior or non-existent security measures.


Data Analytics Agency Polecat Held to Ransom After Server Exposed 30TB of Records

Permalink - Posted on 2021-03-01 16:00

On October 29, 2020, the Wizcase CyberResearch Team, led by Ata Hakcil, discovered that an Elasticsearch server owned by Polecat was exposing roughly 30TB of data on the web without any authentication required to access records, or any form of encryption in place. Wizcase found records dating back to 2007, including employee usernames and hashed passwords, over 6.5 billion tweets, social media records, and over one billion posts gathered from different blogs and websites.


Most IT Security Leaders Lack Confidence in Their Company’s Security Posture

Permalink - Posted on 2021-03-01 16:00

78% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges, according to an IDG Research survey.


Social Media Platform 'Gab' Has Been Breached

Permalink - Posted on 2021-03-01 16:00

The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists.


China Confirmed to Have Attacked India's Electrical Grid with Malware

Permalink - Posted on 2021-03-01 16:00

As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.


83% of Organizations Are Experiencing Email Data Breaches

Permalink - Posted on 2021-03-01 16:00

95% of IT leaders say that client and company data is at risk on email, an Egress report reveals. Additionally, an overwhelming 83% of organizations have suffered data breaches via this channel in the last 12 months.


Judge Approves $650 Million Settlement of Privacy Lawsuit Against Facebook

Permalink - Posted on 2021-03-01 16:00

A federal judge has approved a $650m settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users. US district judge James Donato approved the deal in a class-action lawsuit that was filed in Illinois in 2015. Nearly 1.6 million Facebook users in Illinois who submitted claims will be affected. Donato called it one of the largest settlements ever for a privacy violation.


Universal Health Services Lost $67 Million Due to Ryuk Ransomware Attack

Permalink - Posted on 2021-03-01 16:00

Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million. UHS, a Fortune 500 hospital and healthcare services provider, has over 90,000 employees who provide services to roughly 3.5 million patients each year in more than 400 US and UK healthcare facilities. UHS said last week that the Ryuk ransomware attack "had an aggregate unfavorable pre-tax impact of approximately $67 million during the year ended December 31, 2020."


World's Leading Dairy Group Lactalis Hit by Cyber Attack

Permalink - Posted on 2021-03-01 16:00

Lactalis, the world's leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company's systems. Lactalis (short for Lactalis Group) has 85,000 employees in 51 countries, and it exports dairy products to over 100 countries around the world. The dairy group controls multiple leading international brands, including Président, Galbani, Lactel, Santal, and Parmalat.


Florida Studio Theatre Recovering from Ransomware Attack

Permalink - Posted on 2021-02-26 17:00

Florida Studio Theatre was hit by a ransomware attack on its business systems over Valentine’s Day weekend that compromised some internal office files, according to Managing Director Rebecca Hopkins. Theater staff was unable to access some project files until they were recreated in a safer system. Hopkins said the theater immediately reported the attack to the Sarasota Police Department. Genevieve Judge, SPD public information officer, confirmed the case is under investigation and that police are working with “other local, state and federal law enforcement partners. These are often long and lengthy investigations that can take months.”


Over 8 Million COVID-19 Test Results Leaked Online

Permalink - Posted on 2021-02-26 17:00

Millions of COVID-19 test reports were found to be publicly accessible due to flawed online system implementation. The leak, comprising over 8 million COVID-19 test results, has been attributed to the Health and Welfare Department of West Bengal, India. Dr. Sushant Roy, a government-appointed health official tasked with overseeing the COVID-19 situation in North Bengal has also acknowledged the leak. In a statement made to a regional news outlet, Dr. Roy said that information such as the COVID-19 test result data is meant to be kept confidential especially to safeguard the privacy of COVID-19 patients. He continued that the government only provides such information to the patient's family members. Dr. Roy expressed surprise at the system flaw that made it possible to access anyone's test report and stated that immediate action will be taken to rectify the problem. This is not the first time COVID-19 test results have been spotted leaking online at such a scale.


Update: Dutch Research Funding Agency, Paralyzed by Ransomware Attack, Refuses to Pay Up

Permalink - Posted on 2021-02-26 17:00

Hackers published a batch of internal documents from the Netherlands Organisation for Scientific Research (NWO) on the dark web yesterday, after the agency refused to pay up in a ransomware attack. The attack, which began on 8 February, has completely knocked out the agency’s grant application and review process and cut off NWO’s communication with applicants, grantees, and universities.


Cheating Companies Hacked Websites at MIT, Stanford, Columbia and More Than 100 Other Schools

Permalink - Posted on 2021-02-26 17:00

Jim Ridolfo at the University of Kentucky and William Hart-Davidson at Michigan State University have found that more than 100 websites of American colleges have been hacked or otherwise compromised by essay mills, the contract cheating providers that improperly sell academic work to students. What they uncovered was a coordinated, planned pattern of hacking, information manipulation and other attacks by dark academic cheating companies that embedded their materials in top-level domains at schools of every variety including: Florida State University Law School, Clemson University, Penn State, MIT, Columbia, Purdue University of Nebraska Lincoln, and UCLA. A complete list of schools, with a map is in their research report.


Email Security Breach Impacts 45,000 Covenant Healthcare Patients

Permalink - Posted on 2021-02-26 17:00

Covenant Healthcare in Saginaw, MI has discovered an unauthorized individual gained access to two employee email accounts that contained the protected health information of approximately 45,000 patients. The security breach was identified on December 21, 2020, with the investigation revealing the first email account was compromised on May 4, 2020.


Gore Medical Management Alerted to 2017 Breach of 79,100 Patients' PHI

Permalink - Posted on 2021-02-26 17:00

Gore Medical Management, a medical practice company based in Griffin, GA, has discovered a historic data breach involving the protected health information (PHI) of 79,100 individuals. The breach occurred in 2017 and affects patients of Family Medical Center in Thomaston, which is now part of Upson Regional Medical Center.


One in Four People Use Work Passwords for Consumer Websites

Permalink - Posted on 2021-02-26 17:00

Consumers are neglecting to implement fundamental security safeguards across smart IoT devices at home, which could have serious security ramifications on both the individual and the enterprise amid increased and ongoing remote work spurred by the COVID-19 pandemic. As consumers often recycle passwords, the report findings indicate enterprises are at risk every time credentials are stolen from breached consumer websites, making it paramount for organizations and consumers to ensure there is a separation between login information used for work and personal apps or websites.


Hackers Break into Biochemical Systems at Oxford University Lab Studying Covid-19

Permalink - Posted on 2021-02-26 17:00

One of the world’s top biology labs—one whose renowned professors have been researching how to counter the Covid-19 pandemic—has been hacked. Oxford University confirmed on Thursday it had detected and isolated an incident at the Division of Structural Biology (known as “Strubi”) after Forbes disclosed that hackers were showing off access to a number of systems. These included machines used to prepare biochemical samples, though the university said it couldn’t comment further on the scale of the breach. It has contacted the National Cyber Security Center (NCSC), a branch of the British intelligence agency GCHQ, which will now investigate the attack.


Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Permalink - Posted on 2021-02-26 17:00

With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without users' knowledge and consent but also "increases [the] web security threat surface," said a group of researchers Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, and Tom Van Goethem in a new study.


Steris Touted as Latest Accellion Hack Victim

Permalink - Posted on 2021-02-26 17:00

On the website Clop Leaks, ransomware gang Clop are claiming to have in their possession an unspecified amount of information belonging to the Steris Corporation. Steris is an American Ireland-registered medical equipment company specializing in sterilization and surgical products for the US healthcare system. Documents that appear to have been stolen include a confidential report about a phenolic disinfectant comparison study dating from 2018 that bears the signatures of two Steris employees— technical services manager David Shields and quality assurance analyst Jennifer Shultz. Another document appears to contain the formula for CIP neutralizer, a highly confidential trade secret owned by Steris Corporation.


TikTok Agrees to Pay $92 Million to Settle Teen Privacy Class-Action Lawsuit

Permalink - Posted on 2021-02-26 17:00

The settlement, if approved, would lay to rest claims that the video content-sharing app, owned by Beijing-headquartered ByteDance, wrongfully collected the private and biometric data of users including teenagers and minors. The class-action lawsuit originated from 21 separate class-action lawsuits filed in California and Illinois last year. If accepted, the settlement -- filed in the US District Court for the Northern District of Illinois -- would require the creation of a compensation fund for TikTok users. In addition, TikTok would be required to launch a new "privacy compliance" training program and would need to take further measures to protect user data.


Oxford Lab Studying the Coronavirus Was Victim of a Cyber Attack

Permalink - Posted on 2021-02-26 17:00

Oxford University disclosed on Thursday that one of its research labs dedicated in part to studying COVID-19 suffered a cyberattack, following an investigation from Forbes indicating external access to a number of the lab’s systems. Forbes says it was shown proof of the intrusion by Alex Holden, the chief technology officer of a cybersecurity firm called Hold Security, who provided screenshots showing access to lab equipment with active intruders as recent as February 14th. It’s not clear if the intent was to steal valuable lab data or to potentially sabotage ongoing research.


T-Mobile Discloses Data Breach After SIM Swapping Attacks

Permalink - Posted on 2021-02-26 17:00

In a data breach notice sent to impacted customers on February 9, 2021, and filed with US attorney generals' offices, T-Mobile revealed that an unknown attacker gained access to customers' account information, including personal info and personal identification numbers (PINs). As the attackers were able to port numbers, it is not clear if they gained access to an employee's account or did it through the compromised users' accounts.


Ransomware Gang Hacks Ecuador's Largest Private Bank

Permalink - Posted on 2021-02-26 17:00

A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data. The ransomware gang first targeted Ecuador's Ministry of Finance, the Ministerio de Economía y Finanzas de Ecuador, where they deployed a PHP-based ransomware strain to encrypt a site hosting an online course.


Insider Cloud Data Theft Plagues Healthcare Sector

Permalink - Posted on 2021-02-25 17:00

Over a third (35%) of global healthcare organizations suffered cloud data theft by malicious insiders last year, according to data from Netwrix. The findings come from the security vendor’s 2021 Netwrix Cloud Data Security Report, based on interviews with 937 IT professionals around the world. It claimed that while insider theft was less common than phishing (44%) and ransomware (39%) last year, it took far longer to detect and remediate. In fact, over a quarter of respondents (28%) said they needed weeks to discover such incidents, while in the case of the other threats nearly half of IT pros (49%) said they detected phishing in minutes and 43% that they spotted ransomware and other malware within hours. Over two-fifths (43%) said they needed weeks to resolve insider data theft incidents, versus just 25% for phishing and 28% for ransomware. This matters, because 61% of healthcare organizations store customer data in the cloud and 54% store personal health records there. As a result of insider incidents, many are experiencing unplanned expenses to fix security gaps (24%) and compliance fines (23%) at a time when resources need to be focused on fighting COVID-19. A lack of lack of budget (61%), IT/security skills shortages (56%) and employee negligence (39%) were cited as the sector’s key security challenges.


Cyber Attack Forces St. Margaret’s Health of Spring Valley to Shut Down Computer Systems

Permalink - Posted on 2021-02-25 17:00

St. Margaret’s Health of Spring Valley in Illinois is investigating a cyberattack that occurred over the weekend of February 20/21, 2021. The security breach was detected by the hospital’s IT team on February 21, and the hospital’s computer network and all web-based applications including email and its patient portal were shut down.


Netherlands: Housing Corporation Stadgenoot Hacked; Data of 30,000 People Stolen

Permalink - Posted on 2021-02-25 17:00

The website of the Amsterdam housing corporation Stadgenoot has recently been hacked. Private data was stolen from a maximum of 30,000 people who shared their data with the corporation. Stadgenoot informed the victims by email on Wednesday. According to a spokesperson, names, addresses, e-mail addresses and in some cases license plate numbers and indications of annual salaries have been stolen.


French Regulator Lambasts Health Firms Over Mass Data Leak

Permalink - Posted on 2021-02-25 17:00

France’s privacy watchdog said it’s investigating the leak of sensitive health data on half a million people and said the companies involved could face heavy penalties if they don’t come forward with details of the breaches. The leaks were of “particularly significant magnitude and severity,” the CNIL said in a statement. Hackers may have infiltrated software made by Dedalus France that was used by medical testing laboratories, according to press reports.


Dutch Research Council (NWO) Confirms Ransomware Attack, Data Leak

Permalink - Posted on 2021-02-25 17:00

The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang. The hackers gained access to NWO’s network on February 8 and stole internal documents, threatening with leaking them unless the organization paid a ransom.


Npower App Attack Exposed Customers' Bank Details

Permalink - Posted on 2021-02-25 17:00

Contact details, birth dates, addresses and partial bank account numbers are among details believed stolen. The firm did not say how many accounts were affected by the breach, which was first reported by MoneySavingExpert.com.


Amazon Insiders Sound Alarm Over Security

Permalink - Posted on 2021-02-25 17:00

Amazon is amassing an empire of data as the online retailer ventures into ever more areas of our lives. But the company's efforts to protect the information it collects are inadequate, according to insiders who warn the company's security shortfalls expose users' information to potential breaches, theft and exploitation. The warnings about privacy and compliance failures at Amazon come from three former high-level information security employees — one EU-based and two from the U.S. — who told POLITICO they had repeatedly tried to alert senior leadership in the company's Seattle HQ, only to be sidelined, dismissed or pushed out of the company in what they saw as professional retaliation.


61% of Malware Delivered via Cloud Apps

Permalink - Posted on 2021-02-25 17:00

The number of cloud apps in use per organization increased 20% last year, the 2020 Netskope Cloud and Threat Report states. Businesses with 500 to 2,000 employees use an average of 664 distinct cloud applications per month, and their growing dependence on cloud apps makes them a hot target for cybercrime: 36% of phishing campaigns target cloud app credentials, up from 33.5%. While most phishing lures are still hosted on traditional websites, attackers are adopting cloud apps as well: 13% of phishing pages in 2020 were hosted using cloud services.


CEOs, Senators Discuss Mandating Cyber Attack Disclosures

Permalink - Posted on 2021-02-24 17:00

Following the SolarWinds attack, it's clear there needs to be more information sharing and better public-private sector coordination, lawmakers and tech leaders agreed in a Senate hearing Tuesday. The federal government should consider imposing reporting requirements on entities that fall victim to cyber intrusions, they said.


Doppel Paymer Ransomware Publishes First Stolen Data in CMHA Breach

Permalink - Posted on 2021-02-24 17:00

On February 10, the Cuyahoga Metropolitan Housing Authority was one of the latest victims of a cyber attack by Doppel Paymer. The group of cybercriminals wasted no time and yesterday uploaded the first exfiltrated documents to their site in the Tor network.


NZ: Fears Grow Data Hacked from Reserve Bank May be Leaked by Ransomware Group

Permalink - Posted on 2021-02-24 17:00

A ransomware gang appears to be releasing confidential data obtained from the hack of customers of US software company Accellion, raising fears that New Zealand banks may be next to have data exposed. The Reserve Bank admitted it had been subject to a serious data breach in January, which occurred when a third-party file-sharing system called Accellion FTA was breached by hackers.


India Second Only to Japan in Asia Pacific in Cyber Attacks Faced in 2020

Permalink - Posted on 2021-02-24 17:00

India was second only to Japan in Asia Pacific in number of cyberattacks faced in 2020, accounting for 7% of all attacks in the region, according to an IBM report released on Wednesday. Finance and insurance emerged as the most vulnerable sectors, followed by manufacturing and professional services, according to the 2021 X-Force Threat Intelligence Index released by IBM Security. Ransomware was the top attack type, making up roughly 40% of all cyberattacks. In addition, digital currency mining and server access attacks hit Indian companies last year.


Covenant HealthCare Reports Data Breach Through Employee Emails

Permalink - Posted on 2021-02-24 17:00

Covenant HealthCare is responding to a data security breach. The hospital said an unauthorized party gained access to two Covenant employee email accounts. After learning about the issue, the hospital started an investigation and is working with outside cybersecurity professionals. According to a forensics investigation and document review, the hospital learned on Dec. 21 that the impacted email accounts were accessed on May 4. The impacted email accounts contained some personal information. That includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical diagnosis and clinical information, medical treatment, prescription information, doctors’ names, medical record numbers, patient account numbers, and medical insurance information.


France: Montélimar Transport Group Targeted by a Cyber Attack

Permalink - Posted on 2021-02-24 17:00

The Charles André group, headquartered in Montélimar, would have been the target of a cyberattack, Le Dauphiné Libéré learned on Monday February 22 from several corroborating sources.


Medical Data of 500,000 French Residents Leaked Online

Permalink - Posted on 2021-02-24 17:00

he exposed data, which can be accessed from multiple sites, includes names, phone numbers, and postal addresses of 491,840 individuals. In some cases, it is accompanied by identifying information including Social Security number, birth date, blood type, GP, health insurance provider, medical treatments, HIV status, and pregnancy test results.


Legal Firm Leaks 15,000 Cases via the Cloud

Permalink - Posted on 2021-02-24 17:00

A legal advisory company has inadvertently exposed data on 15,000 cases involving people killed or injured in traffic accidents after a cloud misconfiguration. Researchers at reviews site WizCase found the AWS S3 bucket containing 55,000 documents wide open. It required no authorization to view the 20GB trove, meaning anyone with the URL could have accessed highly sensitive personal information, the firm claimed. WizCase traced the data back to İnova Yönetim, a Turkish actuarial consultancy which analyzes data to help calculate insurance risk and premiums.


NASA and the FAA Were Also Breached by the SolarWinds Hackers

Permalink - Posted on 2021-02-24 17:00

A Transportation Department spokesperson& said the agency is investigating& the situation. A NASA spokeswoman added that the federal agency is working with CISA on "mitigation efforts to secure NASA’s data and network." These two federal agencies are the last two to be identified after the hacks of seven others have already been acknowledged since the espionage campaign was uncovered.


Airplane Maker Bombardier Data Posted on Ransomware Leak Site Following FTA Hack

Permalink - Posted on 2021-02-24 17:00

While the company did not specifically name the appliance, they are most likely referring to Accellion FTA, a web server that can be used by companies to host and share large files that can't be sent via email to customers and employees.


Sharp Rise in Ransomware Attacks Against Universities as Learning Goes Online

Permalink - Posted on 2021-02-24 17:00

The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks. Analysis of ransomware campaigns against higher education found that attacks against universities during 2020 were up 100 percent compared to 2019, and that the average ransom demand now stands at $447,000.


Wawa Reaches Proposed $12M Settlement in Data Breach Litigation

Permalink - Posted on 2021-02-24 17:00

The litigation focuses on a data breach the company experienced in 2019, in which users at potentially all of the company's locations had their payment card data exposed.


84% of CNI Orgs Experienced Cyber Attacks in the Last Year

Permalink - Posted on 2021-02-23 17:00

The vast majority (86%) of critical national infrastructure (CNI) organizations in the UK have experienced cyber-attacks on their operational technology (OT) and industrial control systems (ICS) in the past 12 months, according to a new study by Bridewell Consulting. Worryingly, more than nine in 10 (93%) of those that experienced attacks in this period admitted that at least one was successful.


119 Thousand Threats per Minute Detected in 2020

Permalink - Posted on 2021-02-23 17:00

The number of cyber-threats identified and blocked by Trend Micro rose by 20% in 2020 to more than 62.6 billion. Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target.


'Cuba' Ransomware Gang Hits Payment Processor, Steals Data

Permalink - Posted on 2021-02-23 17:00

The "Cuba" ransomware gang has taken credit for the hit against Automatic Funds Transfer Services, saying on its dedicated leaks site - reachable only via the anonymizing Tor browser - that it left AFTS crypto-locked as of Feb. 4. The leaks site listing says "financial documents, correspondence with bank employees, account movements, balance sheets and tax documents" were among the information the gang stole. The AFTS listing on Cuba's leaks site also states that the ransom demand was "paid."


Angola: Ministry of Finance Suffers Cyber Attack

Permalink - Posted on 2021-02-23 17:00

The technological platform to support the activities of the Ministry of Finance, with access to emails and shared folders, was the target of a cyber attack on Thursday, with unidentified origins and motivations, according to a statement from the institution.


Colonial Park Realty Co t/a Enders Notifies Customers of Data Breach

Permalink - Posted on 2021-02-23 17:00

Enders’ investigation determined the information that was potentially subject to unauthorized access included individuals’ name, date of birth, Social Security number, driver’s license number, passport number, financial account information, payment card information, health insurance information and medical treatment/diagnosis information.


Australia: Transport for NSW Confirms Data Taken in Accellion Breach

Permalink - Posted on 2021-02-23 17:00

Transport for New South Wales (TfNSW) has confirmed being impacted by a cyber attack on a file transfer system owned by Accellion. The Accellion system was widely used to share and store files by organisations around the world, including Transport for NSW, the government entity said on Tuesday afternoon. TfNSW said Cyber Security NSW is managing the state government investigation with the help of forensic specialists.


State of New York Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites

Permalink - Posted on 2021-02-23 17:00

On February 16, 2021, the New York Department of Financial Services (“NYDFS”) issued a Cyber Fraud Alert (the “Alert”) to regulated entities in light of a growing campaign to steal Nonpublic Information (“NPI”), as defined under New York law, from public-facing websites that provide instant quotes for products like auto insurance (“Instant Quote Websites”). The NYDFS learned of the threat after receiving reports from auto insurers that cybercriminals were targeting their premium quote sites to steal driver’s license numbers. NYDFS attributes the growing threat activity, in part, to heightened fraud during the COVID-19 pandemic. As we previously reported, NYDFS issued guidance regarding cybersecurity during the pandemic in April 2020.


10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express

Permalink - Posted on 2021-02-23 17:00

The attackers' techniques included social engineering, brand impersonation, and link redirects, report Armorblox researchers who detected the campaigns. They also hosted phishing pages on Quip and Google Firebase; because these domains are considered reputable, malicious emails may bypass security filters configured to block bad links and files, researchers note.


Finnish IT Services Giant TietoEVRY Discloses Ransomware Attack

Permalink - Posted on 2021-02-23 17:00

Finnish IT services giant TietoEVRY has suffered a ransomware attack that forced them to disconnect clients' services. TietoEVRY says they reported the attack to local authorities, the Norwegian National Security Authority (NSM), and NorCert, who are assisting in the investigation.


BBC Reports Theft of 105 Electronic Devices

Permalink - Posted on 2021-02-22 17:00

The BBC has reported the theft of 105 electrical devices from its premises over the last two years, according to data obtained following a Freedom of Information (FoI) request by litigation firm Griffin Law. The findings have raised fears that confidential information contained in these devices will have fallen into the hands of malicious actors. A total of 35 mobile phones were stolen over the two years from the premises of the UK’s public service broadcaster: 19 during 2019 and 16 in 2020. Additionally, 17 laptops and MacBooks were taken over this time, 11 in 2019 and six in 2020, and two tablet computers were stolen last year. Other electrical devices reported as stolen in the two-year period were 36 individual microphones, four hard drives, one camcorder and one firestick.


Ransom Paid to Recover Healthcare Data Stolen in Cyber Attack on Online Storage Vendor

Permalink - Posted on 2021-02-22 17:00

The protected health information of 29,982 patients of a Laguna Hills, CA-based provider of medical and surgical eye care services has potentially been stolen in a cyberattack on its online storage vendor.


South Carolina County Rebuilds Network After Hacking

Permalink - Posted on 2021-02-22 17:00

A South Carolina county continues to rebuild its computer network after what it called a sophisticated hacking attempt. Hackers sent an email Jan. 22 that allowed them to take over Georgetown County’s computers. They demanded a ransom to return the system to the county’s control, spokeswoman Jackie Broach said. The county did not pay the ransom and has been working for the past month to restore email and the network and clean infected computers, Broach said in a statement.


Chinese Hackers Cloned Equation Group Exploit Years Before Shadow Brokers Leak

Permalink - Posted on 2021-02-22 16:00

A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group’s exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers’ “Lost in Translation” leak, cybersecurity firm Check Point says in a new report.


Cyber Criminal Sells Credentials of French Hospital workers

Permalink - Posted on 2021-02-22 16:00

50,000 user accounts of French hospital agents are for sale on a cybercriminal forum. This data could allow buyers to access the computer networks of certain health establishments. Once introduced to the system, criminals can deploy their ransomware and cripple the hospital.


France: The City of Chalon-sur-Saône Victim of a Cyber Attack

Permalink - Posted on 2021-02-22 16:00

After the Villefranche-sur-Saône hospital or even the Dax hospital , it is the turn of the city and the agglomeration of Chalon-sur-Saône to be victims of a cyberattack. In the night from Saturday to Sunday, the computer systems were affected by “a crypto-virus”, told Frédéric Iacovella, director general of the services of the City and Grand Chalon, to our colleagues from the Journal de Saône et Loire.


Data from the Toledo Public Schools Attack by Maze Reportedly Being Misused

Permalink - Posted on 2021-02-22 16:00

The 13abc I-Team is seeing the first real signs of the fallout from that massive Toledo Public Schools’ data breach. We’re now hearing from parents who say they’re being notified about accounts trying to be opened in their kids’ names. As the 13abc I-Team first told you in October, that breach was much larger than first reported. It included academic and personal information of both students and staff members.


Watermark Takes 6 Months to Notify After Data Security Breach Potentially Affects People in 10 States

Permalink - Posted on 2021-02-22 16:00

Tucson, AZ-based Watermark Retirement Communities is the latest victim of a data security breach, in this case one that may have compromised the personal information of 208 residents and others. The company sent out a notice on Wednesday that it became aware of a “cyber intrusion” in September. The senior living operator hired an outside cyber forensic firm to investigate the incident and determine what information may have been accessed in the breach.


Kroger Becomes Latest Victim of Third-Party Software Data Breach

Permalink - Posted on 2021-02-22 16:00

Kroger Co. says it was among the multiple victims of a data breach involving a third-party vendor’s file-transfer service and is notifying potentially impacted customers, offering them free credit monitoring. The Cincinnati-based grocery and pharmacy chain said in a statement Friday that it believes less than 1% of its customers were affected — specifically some using its Health and Money Services — as well as some current and former employees because a number of personnel records were apparently viewed.


Personal Info. Compromised at 88 Firms in Japan in 2020

Permalink - Posted on 2021-02-22 16:00

Personal information was compromised or lost at a total of 88 publicly traded companies and their subsidiaries in Japan in 2020, the highest number since such data began being collected in 2012, according to a survey by Tokyo Shoko Research Ltd. In total, personal information on 25.15 million people was compromised, the credit research firm said. Including unlisted companies, the number of such cases may reach astronomical figures, it said.


Beneteau to Suspend Some Production After Cyber Attack

Permalink - Posted on 2021-02-22 16:00

The company detected a malware intrusion during the night of Feb. 18 to Feb. 19 and disconnected its information systems to prevent a further spread, it said in a statement on Sunday. While the deployment of backup systems will allow Beneteau’s activities to start again, production at some of its units, particularly in France, will have to slow down or stop for a few days.


Lakehead University Shuts Down Campus Network After Cyber Attack

Permalink - Posted on 2021-02-22 16:00

anadian undergraduate research university Lakehead has been dealing with a cyberattack that forced the institution earlier this week to cut off access to its servers. The school's services, including its website, have been down since Tuesday, with personnel shutting down computers on the Thunder Bay and Orillia campuses to stop the attack from spreading.


Eye Care Vendor Paid Ransom for Return of Data

Permalink - Posted on 2021-02-22 16:00

A California-based eye care provider – which also handles billing and other administrative services for a separate local surgery practice – says its online storage vendor was recently hit by hackers and paid a ransom for the return of patient data stolen from both entities. In a statement, Harvard Eye Associates says its unnamed storage vendor – "after consulting with cybersecurity experts and the FBI" – decided to pay the hackers in exchange for returning the data pertaining to both its practice and Alicia Surgery Center, both based in Laguna Hills, California.


Parents Alerted to NurseryCam Security Breach

Permalink - Posted on 2021-02-22 16:00

A webcam system that lets parents drop in and watch their children while at nursery school has written to families to tell them of a data breach. NurseryCam said it did not believe the incident had involved any youngsters or staff being watched without their permission, but had shut down its server as a precautionary measure.


Sequoia Capital says It Was Hhacked

Permalink - Posted on 2021-02-22 16:00

Sequoia Capital told its investors on Friday that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee's email was successfully phished, Axios has learned.


New Silver Sparrow Malware Infects 30,000 Macs

Permalink - Posted on 2021-02-22 16:00

In a collaboration between Red Canary, Malwarebytes, and VMware Carbon Black, researchers have found a new Mac malware that exhibits unusual properties, including a component explicitly compiled for the new Apple M1 chip. According to Malwarebytes, this malware has infected 29,139 Mac devices across 153 countries, with high volumes in the United States, the United Kingdom, Canada, France, and Germany.


Wilmington Surgical Associates Facing Class Action Lawsuit Over Netwalker Ransomware Attack

Permalink - Posted on 2021-02-19 17:00

The lawsuit – Jewett et al. v. Wilmington Surgical Associates – was filed by Rhine Law Firm; Morgan & Morgan; and Mason Lietz & Klinger on February 10, 2021 and was recently removed to the US District Court for the Eastern District of North Carolina. Plaintiffs Katherine Teal, Sherry Bordeaux, and Philip Jewett allege in the lawsuit that their sensitive personal and health information is now in the hands of cybercriminals, which places them at an elevated risk of identity theft and fraud and other damages such as the lowering of credit scores and higher interest rates. The plaintiffs also allege they have suffered ascertainable losses as a result of the security incident in terms of out-of-pocket expenses and time spent remediating the effects of the data breach.


France: Bénéteau Company Victim of a Cyber Attack

Permalink - Posted on 2021-02-19 17:00

The Bénéteau boat company, headquartered in Saint-Gilles-Croix-de-Vie, Vendée, is the victim of a cyberattack , its communications department announced on Friday evening. This attack was detected overnight Thursday through Friday by the company’s security system. As soon as its alarms were triggered, the service immediately shut down the networks. This is a protective measure to prevent the problem from spreading.


France: Afnor Admits to Being Confronted with Ryuk Ransomware

Permalink - Posted on 2021-02-19 17:00

ronically, when the President of the Republic, Emmanuel Macron, announced, this Thursday, February 18 at noon, the allocation of one billion euros , as part of the recovery plan, to cybersecurity , Afnor was shutting down the services it exhibits on the Internet, starting with its website. Reached by telephone, on his initiative, a spokesperson for the association admitted that it was a “large-scale” cyberattack and that it led to the detonation of a ransomware: Ryuk. But no details, at this stage, neither on the extent of the quantified park nor on the chronology of the attack.


Lakehead University Campus Computers Remain Inaccessible Due to Cyber Attack

Permalink - Posted on 2021-02-19 17:00

In an update provided on Thursday morning, Lakehead said the attack was directed at its file share servers, and Technology Services Centre staff removed all access to those services as soon as they became aware of the attack. Staff are working to determine exactly which servers, and data, were affected by the attack. In the meantime, all information stored on the file servers will be inaccessible, and all campus computers unavailable for use. Lakehead said cybersecurity experts have been brought in to investigate and help staff resolve the matter.


Yuba County Was the Subject of a Ransomware Cyber Attack

Permalink - Posted on 2021-02-19 17:00

Yuba County was recently the subject of a ransomware cyber-attack, which infected some of the county computer systems with malware, according to county spokesperson Russ Brown. The malware encrypted the affected systems and the attacker demanded payment from the county in order to obtain a decryption key. The county did not make any payment to the attacker, according to Brown.


WhatsApp to Move Ahead with Privacy Update Despite Backlash

Permalink - Posted on 2021-02-19 17:00

In its latest blog bit.ly/3ufc9Eq, WhatsApp said it will start reminding users to review and accept updates to keep using the messaging platform. WhatsApp’s announcement comes as parent Facebook moved to block all news content in Australia on Thursday, facing backlash from publishers and politicians, prompting a senior British lawmaker to label the move as an attempt to bully a democracy.


Grand River Medical Group Email Breach Impacts 34,000 Patients

Permalink - Posted on 2021-02-18 18:00

The information in the email account varied from patient to patient and included one or more of the following types of protected health information in addition to patient names: Address, date of birth, patient’s balance and balance type, visit type, claim amount and status code, medications, and guarantor’s name. Some Social Security numbers were also exposed.


Breaches Cost U.S. Healthcare Organizations $13bn in 2020

Permalink - Posted on 2021-02-18 18:00

Last year saw a double-digit surge in the volume of healthcare data breach incidents in the US, with over 26 million people affected, according to Bitglass. The vast majority (67%) were down to “hacking and IT incidents” stemming from external attackers. This category also accounted for larger breaches than the others, amounting to over 91% of compromised records.


Norwegian DPA Issues Fine to Municipality of Indre Østfold

Permalink - Posted on 2021-02-18 18:00

The Norwegian Data Protection Authority has fined the Municipality of Indre Østfold EUR 20 000 (NOK 200,000) for a confidentiality violation. Personal data that should have been restricted was available to unauthorized persons. The Municipality of Indre Østfold, formerly the Municipality of Askim, published the records file of a former pupil on its municipal website. This file included confidential personal data.


Greece: Hacker Ransomware Attack on Hellenic Defense Systems Confirmed

Permalink - Posted on 2021-02-18 18:00

The attack was noticed a few days ago and according to a report in the newspaper “Kathimerini”, the Ministry of National Defense and the Police have been involved in the investigation into the incident, while the EYP is monitoring the developments. Initially there was concern about the possibility that the company fell victim to cyber espionage from a foreign country.


Turkey: Hacker Attack on Kayseri OSB Confirmed

Permalink - Posted on 2021-02-18 18:00

According to the information received, the hackers or hackers who infiltrated the computers of Kayseri OIZ Directorate last week, locked the files containing important information of the institution and demanded money from the OIZ management in return for giving the passwords. OSB officials reacted to the hackers’ demand for money and referred the issue to the judicial authorities.


Jamaica's Immigration Website Exposed Thousands of Travelers' Data

Permalink - Posted on 2021-02-18 18:00

A security lapse by a Jamaican government contractor has exposed immigration records and COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year. The Jamaican government contracted Amber Group to build the JamCOVID19 website and app, which the government uses to publish daily coronavirus figures and allows residents to self-report their symptoms. The contractor also built the website to pre-approve travel applications to visit the island during the pandemic, a process that requires travelers to upload a negative COVID-19 test result before they board their flight if they come from high-risk countries, including the United States. But a cloud storage server storing those uploaded documents was left unprotected and without a password, and was publicly spilling out files onto the open web. Many of the victims whose information was found on the exposed server are Americans.


Sensitive Data of More Than 257,000 Online Gamblers Put for Sale on Hacker Forum

Permalink - Posted on 2021-02-18 18:00

A user on a popular hacking forum is selling a database that purportedly contains more than 257,000 user records from orakulas.lt (now known as Olybet.lt), a Lithuanian online betting service. Olybet is part of Olympic Entertainment Group, which is in turn owned by private equity firm Novalpina Holding group. The forum user is selling the login details – email addresses and hashed passwords – of 257,510 orakulas.lt accounts for $100 in bitcoin. At the same, five copies of another archive potentially containing 3,087 tables that might include much more sensitive personal data such as passports, ID card scans, and credit card details of more than a quarter-million users, are being sold by the same threat actor for $1500 in bitcoin.


CA DMV Halts Data Transfers with Third-Party Company After Security Breach

Permalink - Posted on 2021-02-18 18:00

The California Department of Motor Vehicles announced Wednesday that a third-party company it shares data with has had a security breach. It is unclear if any DMV information was compromised at this time. Automatic Funds Transfer Services, Inc. (ATFS), a Seattle-based address verification company, has access to California vehicle registration records that include, names, addresses, license plate numbers and vehicle identification numbers. The DMV said ATFS was the victim of a ransomware attack in early February that might have exposed data from the last 20 months.


Spy Pixels in Emails Have Become Endemic

Permalink - Posted on 2021-02-18 18:00

The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request. Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam.


57% of Vulnerabilities in 2020 Were Classified as Critical or High Severity

Permalink - Posted on 2021-02-17 18:00

NIST logged more than 18,000 vulnerabilities in 2020, over 10,000 of which were critical or high severity – an all-time high. Redscan’s analysis looks beyond severity scores, detailing the rise of low complexity vulnerabilities as well as those which require no user interaction to exploit.


Malware Increased by 358% in 2020

Permalink - Posted on 2021-02-17 18:00

A research study conducted by Deep Instinct reports on the hundreds of millions of attempted cyberattacks that occurred every day throughout 2020 showing malware increased by 358% overall and ransomware increased by 435% as compared with 2019.


Southern Arkansas University Becomes a Breach Victim Once Again

Permalink - Posted on 2021-02-17 18:00

After being victim of the BLACKBAUD data breach in May of last year, Southern Arkansas University is now facing a new data theft by the Sodinokibi (REvil) ransomware group.


Hogeschool Van Amsterdam and the University of Amsterdam Hit in Cyber Attack

Permalink - Posted on 2021-02-17 18:00

Unknown third parties have gained access to the ICT environments of the Hogeschool van Amsterdam and the University of Amsterdam, the Security and Operations Center has found.


Research Shows How Solar Energy Installations Can Be Abused by Hackers

Permalink - Posted on 2021-02-17 18:00

FireEye’s research involved a physical inspection of the device, an analysis of debugging interfaces, removing the NAND storage, analyzing the file system and bootloader, glitch attacks, and software exploitation. The research led to the discovery of two vulnerabilities: one related to the existence of hardcoded credentials (CVE-2020-9306), and a privilege escalation flaw (CVE-2020-12878) — both were classified as high severity. The security holes were reported to both Tesla and Digi, and they have been patched. According to FireEye, an attacker who has network access to the targeted device could exploit the vulnerabilities to obtain a root shell and remotely take complete control of the device.


Capital Medical Center and Rehoboth McKinley Christian Health Care Services Data Leaked

Permalink - Posted on 2021-02-17 18:00

The Conti ransomware gang has published data on its leak site which was allegedly obtained in an attack on Rehoboth McKinley Christian Health Care Services in New Mexico. The leaked data includes sensitive patient information including scanned patient ID cards, passports, driver’s license numbers, diagnoses, treatment information, and diagnostic reports.


14 Million Amazon and eBay Accounts Sold Online in New Leak

Permalink - Posted on 2021-02-17 18:00

An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries.


SFU Warns Cyber Attack Exposed Personal Information of About 200,000 Students, Staff and Alumni

Permalink - Posted on 2021-02-17 18:00

The server contained personal information for some current and former students, faculty, staff and student applicants. Last year, on Feb. 27, ransomware — malicious software that locks a computer system until a ransom is paid — breached a database at Simon Fraser University and compromised the personal information of about 250,000 students, faculty and alumni.


110,000+ User Records from Car-Sharing Service CityBee Leaked

Permalink - Posted on 2021-02-17 18:00

The first part of the database was posted on February 15 and includes 110,000 CityBee user IDs, usernames, hashed passwords, full names, as well as personal codes (national identification numbers) that belong to mostly Lithuanian CityBee users.


Files Stolen as Law Firm Jones Day Hit by Clop Ransomware Attack

Permalink - Posted on 2021-02-17 18:00

First reported Feb. 13 by DataBreaches.net, the attack is believed to have involved the Clop ransomware gang, the same group behind an attack on German tech giant Software AG in October. Officially Jones Day is claiming that its network was not compromised and that the theft of data involved a file-sharing company that it uses to store files.


Rising Healthcare Breaches Driven by Hacking and Unsecured Servers

Permalink - Posted on 2021-02-17 18:00

Analyzing data from the U.S. Department of Health and Human Services, threat protection company Bitglass found that the count of healthcare breaches reported in 2020 increased to 599, a jump of more than 50% compared to the previous year (386).


Kia Faces $20M DoppelPaymer Ransomware Attack

Permalink - Posted on 2021-02-17 18:00

News of the attack follows a nationwide IT outage that Kia experienced this week. The outage affected its mobile UVO Link apps, phone services, payment systems, owner portal, and internal sites used by dealerships, the report states. Some Kia websites alerted users to the outage.


Most Europeans Don't Know How to Report Cyber Crime

Permalink - Posted on 2021-02-16 17:00

Over two-thirds of British adults are unaware how to report cybercrime, with many admitting they feel uninformed about attacks, according to a new study. Although 68% of Brits said they didn’t know how to report cybercrime or illegal online behavior, this was lower than the European average (77%). Spain and Denmark (both 86%) topped the EU list, followed by Romania (84%), France (82%) and Sweden (81%).


Misconfigured Baby Monitors Allow Unauthorized Viewing

Permalink - Posted on 2021-02-16 17:00

The issue exists in the manufacturers’ implementation of the Real-Time Streaming Protocol (RTSP), which is a set of procedures used by various cameras to control their streaming media. It’s possible to misconfigure its implementation, so that no authentication is needed for unknown parties to connect, according to the SafetyDetectives cybersecurity team.


100% of Tested mHealth Apps Vulnerable to API Attacks

Permalink - Posted on 2021-02-16 17:00

Ethical hacker and researcher Allissa Knight conducted the study to determine how secure popular mHealth apps are and whether it is possible to gain access to users’ sensitive health data. One of the provisos of the study was she would not be permitted to name any of the apps if vulnerabilities were identified. She assessed 30 of the leading mHealth apps and discovered all were vulnerable to API attacks which could allow unauthorized individuals to gain access to full patient records, including personally identifiable information (PII) and protected health information (PHI), indicating security issues are systemic.


Sharp HealthCare Pays $70,000 to Resolve HIPAA Right of Access Violation

Permalink - Posted on 2021-02-16 17:00

The HHS’ Office for Civil Rights (OCR) has fined Sharp HealthCare $70,000 for failing to provide a patient with timely access to his medical records. This is the sixteenth financial penalty to be agreed with OCR under the HIPAA Right of Access enforcement initiative that was launched in late 2019.


21st Century Oncology Data Breach Settlement Receives Preliminary Approval

Permalink - Posted on 2021-02-16 17:00

A settlement proposed by 21st Century Oncology to resolve a November 2020 class action lawsuit has received preliminary approval from the court. The class action lawsuit was filed in District Court for the Middle District of Florida on behalf of victims of a 2015 cyberattack that potentially affected 2.2 million individuals.


Omnicom Media Group Falls Prey to Cyber Attack

Permalink - Posted on 2021-02-16 17:00

ormer WPP CEO Martin Sorrell said in an internal memo then that it was working with IT partners and law enforcement agencies to assess the situation, take all precautionary steps and return to normal operations as soon as it can.


Singapore: Nearly Six-Fold Increase in Unauthorized Online Banking Transactoins in 2020

Permalink - Posted on 2021-02-16 17:00

The police received 1,848 reports of unauthorised online bank and card transactions last year, a sharp spike from the 329 reports made in 2019 and the 114 made in 2018, Transport Minister Ong Ye Kung told Parliament on Tuesday (Feb 16). Mr Ong is also a board member of the Monetary Authority of Singapore (MAS).These cases arise from phishing scams, in which fraudsters impersonate someone else such as a government official or a service support personnel from a technology company in order to trick victims into revealing their banking or card details.


Adorcam App Leaks Millions of User Records via ElasticSearch Database

Permalink - Posted on 2021-02-16 17:00

An unsecured ElasticSearch database belonging to the Adorcam app exposed credentials, hostname, and port for the MQTT server, allowing threat actors to download, delete, or modify the data.


Many SolarWinds Customers Failed to Secure Systems Following Hack

Permalink - Posted on 2021-02-16 17:00

RiskRecon on Friday said it observed 1,785 organizations exposing Orion to the internet on December 13, 2020, shortly after the breach came to light, and the number dropped to 1,330 by February 1, 2021. However, only 8% of these companies have applied the Orion update (2020.2.4) released by SolarWinds in response to the breach.


Cyber Attack on Dutch Research Council (NWO) Suspends Research Grants

Permalink - Posted on 2021-02-16 17:00

Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future.


Ransomware Gang Dumps Data Stolen from Two U.S. Healthcare Providers

Permalink - Posted on 2021-02-12 17:00

The Conti ransomware gang has dumped a large batch of healthcare data online that was allegedly stolen from Leon Medical Centers in Florida and Nocona General Hospital in Texas.


Finnish Therapy Firm Declares Bankruptcy After Cyber Attack

Permalink - Posted on 2021-02-12 17:00

Vastaamo, the Finnish psychotherapy practice that covered up a horrific security breach which resulted in patients receiving blackmail threats, has declared itself bankrupt. Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy sessions had been accessed by hackers.


Trigano Company Victim of a Cyber Attack

Permalink - Posted on 2021-02-12 17:00

The manufacturer of caravans, motorhomes, camping furniture and mobile homes was the victim of a cyberattack on Tuesday February 9. It prevents access to computers. The factory based in Tournon-sur-Rhône (Ardèche) is therefore at a standstill this Friday, February 12.


Personal Data of 10 Million Malaysian Voters Exposed Online

Permalink - Posted on 2021-02-12 17:00

Following the databases that were said to contain information about E-Pay Malaysia and Ifmal customers, there is a new listing that claimed to have 10 million Malaysian voters in its database. The listing took place last weekend on the same marketplace forum that featured the two previous databases. First reported by OMG Hackers, it was put up by the same seller that claimed to have personal information from 200,000 Ifmal customers which have since been refuted by the e-commerce platform.


Successful BEC Attacks Become 56% More Costly

Permalink - Posted on 2021-02-12 17:00

The number of phishing attacks grew through 2020, fully doubling over the course of the year. Attacks peaked in October 2020, with a high of 225,304 new phishing sites appearing in that month alone, breaking all previous monthly records, according to APWG.


Yandex Suffers Data Breach After Sysadmin Sold Access to User Emails

Permalink - Posted on 2021-02-12 17:00

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The company discovered the breach internally, during a routine check of its security team. The investigation revealed that the employee’s actions led to the compromise of almost 5,000 Yandex email inboxes.


Illinois Is State Hit Hardest by Cyber Crime

Permalink - Posted on 2021-02-11 18:00

The highest concentration of cybercrime victims in the United States can be found in Illinois, according to a recent study by Clario. The London-based cybersecurity company analyzed cybercrime data in the UK and the US to determine which geographical areas were hardest hit by attackers. In the US, Illinois topped the table with 14.6 victims per 1,000 people. The Prairie State was followed closely by Virginia, which had 13.2 victims per 1,000 people, and New York, which had 11. Total losses due to cybercrime were $107,152,415 in Illinois, $92,467,791 in Virginia, but just $19,876,576 in New York.


Renown Health Pays $75,000 to Settle HIPAA Right of Access Case

Permalink - Posted on 2021-02-11 18:00

The Department of Health and Human Services’ Office for Civil Rights (OCR) is continuing to crackdown on noncompliance with the HIPAA Right of Access. This week, OCR announced its fifteenth settlement to resolve a HIPAA Right of Access enforcement action. Renown Health, a not-for-profit healthcare network in Northern Nevada, agreed to settle its HIPAA case with OCR to resolve potential violations of the HIPAA Right of Access and has agreed to pay a financial penalty of $75,000.


Mobile Health Apps Found to Expose Records of Millions of Users

Permalink - Posted on 2021-02-11 18:00

An analysis of 30 popular mobile health (mHealth) applications has revealed that all of them expose the full patient records of millions of people. Research conducted by Alissa Knight, partner at marketing agency Knight Ink, on behalf of mobile API threat protection firm Approov showed that the applications are vulnerable to API attacks that unauthorized parties could leverage to access protected health information (PHI) and personally identifiable information (PII).


Bannock County, Idaho – Notice of Data Security Event

Permalink - Posted on 2021-02-11 17:00

The information involved may have included name, Social Security number, driver’s license or state identification card number, and financial account information. To date, Bannock County is unaware of any actual or attempted misuse of this information as a result of this incident and is providing this notice out of an abundance of caution.


ECU Worldwide Chief Confirms IT Systems Are Down After Cyber Incident

Permalink - Posted on 2021-02-11 17:00

ECU’s systems are believed to have gone down at the weekend, but the company has remained quiet up until now. One source, familiar with the crisis management sector, said some insurance companies required customers to make no public comment on cyber attacks. Many of the recent attacks on businesses have demanded a ransom, which is also typically kept quiet.


WeChat Data Leak Leads to Arrest of Tencent Executive Zhang Feng

Permalink - Posted on 2021-02-11 17:00

Zhang Feng, an executive at China’s most valuable public company Tencent Holdings, has been detained by authorities in connection to a data leak and corruption scandal. According to the Wall Street Journal, Zhang is accused of sending user data from the messaging app juggernaut WeChat to Sun Lijun, the former vice public security minister now under investigation for unspecified violations against the CCP. Zhang has been under investigation for the better part of a year as investigators learn what data he shared and how it was used. Tencent confirmed that Zhang was under investigation but tried to distance him from its services.


British Colomiba Real Estate Agency Sustains Unusual Ransomware Attack

Permalink - Posted on 2021-02-11 18:00

A British Columbia-based real estate agency is the latest victim of a ransomware cyberattack – but the circumstances of the attack raise more questions than answers. Last week, the Conti ransomware group listed the ReMax Kelowna as one of its victims on its website. To prove it had instigated the attack, the group also listed the names of 15 files it allegedly copied from ReMax Kelowna.


Romania's Biggest Real Estate Portal Suffers Major Data Breach

Permalink - Posted on 2021-02-11 18:00

The largest real estate portal in Romania, Imobiliare.ro, has suffered a data breach that could potentially affect its entire client database, reports Website Planet quoted by Profit.ro. It remains unknown whether the company's client information fell into nefarious hands, but the company's bucket was found to be exposed, without password protection or encryption.


Credential Spill Incidents Nearly Doubled Since 2016

Permalink - Posted on 2021-02-11 18:00

Credential stuffing, which involves the exploitation of large numbers of compromised username and/or email and password pairs, is a growing global problem. As a directional case in point, a Private Industry Notification issued by the FBI last year warned that the threat accounted for the greatest volume of security incidents against the US financial sector between 2017 and 2020 (41%).


Australian Research Institute Confirms "Likely" Data Breach After Third-Party Accellion Hack

Permalink - Posted on 2021-02-11 17:00

The medical research institution said its early investigation indicates that certain data stored in file-sharing system Accellion has been accessed. Accellion, a US-based company that offers a secure file sharing system, announced it had been the victim of a cyber-attack on December 25 last year.


Singtel Hit by Third-Party Vendor's Security Breach

Permalink - Posted on 2021-02-11 17:00

Singapore telco says it has pulled back all use of Accellion's file-sharing system FTA and is investigating the impact of a cybersecurity attack, having ascertained on February 9 that "files were taken" and customer data "may have" been compromised.


French MNH Health Insurance Company Hit by RansomExx Ransomware

Permalink - Posted on 2021-02-11 17:00

Since the attack, the mnh.fr website displays a notice stating that it has been affected by a cyberattack that started on February 5th. This attack has caused their websites and telephone platform to become unavailable.


SU Data Breach Exposes Nearly 10,000 Names, Social Security Numbers

Permalink - Posted on 2021-02-11 17:00

The names and Social Security numbers of about 9,800 Syracuse University students, alumni and applicants have been exposed after someone gained unauthorized access to an employee’s email account.


Romance Fraud Surges in Lockdown Following Shift to Online Dating

Permalink - Posted on 2021-02-10 16:00

Bank transfer romance fraud rose 20% year-on-year between January and November 2020, according to new figures from UK Finance. Published shortly before this year’s Valentine’s Day, the trade association revealed that the total value of this type of scam – in which victims are duped into sending money to criminals who have convinced them they are in a genuine relationship – has increased by 12% to £18.5m.


Nebraska Medicine Notifies 219,000 Patients About September 2020 Malware Attack

Permalink - Posted on 2021-02-10 16:00

Nebraska Medicine identified unusual activity in some of its systems on September 20, 2020. All affected devices were isolated to contain the breach and impacted systems were shut down to prevent any further unauthorized access. Independent computer forensics experts were engaged to conduct an investigation and determine the nature and scope of the security breach.


Stolen Chatham County, NC Data Posted Online After Cyber Incident

Permalink - Posted on 2021-02-10 16:00

The files include such things as personnel records of some county employees, medical evaluations of children who are the subjects of neglect cases, eviction notices and documents related to ongoing investigations within the Chatham County Sheriff’s office.


Wallstreet Listings Continue to Bury Data Breach Incidents

Permalink - Posted on 2021-02-10 16:00

According to IBM's latest Cost of a Data Breach report, the enterprise sector can expect an average bill of $3.86 million -- but in the case of large security incidents involving consumer records, this may rise to up to $392 million -- to remedy a breach. Some companies will hide their head in the sand when told of a data breach, whether caused by open buckets, intrusion, insider operations, or accidental information loss. However, for businesses trading on public stock market platforms, failing to recognize a data breach has occurred or trying to hide it can have real, long-term repercussions.


Researchers Discover Exposed Comcast Database Containing 1.5 Billion Records

Permalink - Posted on 2021-02-10 16:00

The WebsitePlanet research team in cooperation with security researcher Jeremiah Fowler discovered a non-password protected database that contained more than 1.5 billion records. The database belonged to American cable and internet giant Comcast, and the publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords. There were a large number of remote and internal IP addresses, node names and other details that could provide a blueprint for internal functionality, logging, and overall structure of the network.


177% Increase: Hackers Grabbed 21.3 Million Healthcare Records in Second Half of 2020

Permalink - Posted on 2021-02-10 16:00

The numbers are not getting better for healthcare systems trying to keep patient data out of hackers' hands. Healthcare data breaches went up 36% in the second half of 2020, according to a new analysis from CI Security. In the second half of the year, more than 21.3 million records were breached, an increase of 177% from nearly 7.7 million records breached in the first half of 2020.


Cyberpunk 2077 Maker Was Hit with a Ransomware Attack

Permalink - Posted on 2021-02-09 17:00

D Projekt Red's list of woes gets longer, as hackers claim to have stolen the source code for their most popular games.


Tokyo Gas discloses Data Breach Impacting Anime-Style Dating Simulation Game

Permalink - Posted on 2021-02-09 17:00

Around 10,000 email addresses belonging to players of an online, anime-style game were exposed during a data breach, according to Tokyo Gas, the game’s developer and Japanese utility giant.


Someone Tried to Poison Oldsmar's Water Supply During Hack, Sheriff Says

Permalink - Posted on 2021-02-09 17:00

Local and federal authorities are investigating after an attempt Friday to poison the city of Oldsmar’s water supply, Pinellas County Sheriff Bob Gualtieri said. Someone remotely accessed a computer for the city’s water treatment system and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100, Gualtieri said at a news conference Monday. The chemical is used in small amounts to control the acidity of water but it’s also a corrosive compound commonly found in household cleaning supplies such as liquid drain cleaners.


France: The Dax Hospital Center Targeted by a Large-Scale Cyber Attack

Permalink - Posted on 2021-02-09 17:00

A crisis meeting was held in the early afternoon. “This attack put our entire information system out of service using data encryption.


Threat Actors Dump Somerset ISD Student Personal and Health Information

Permalink - Posted on 2021-02-09 17:00

The threat actors dumped an archive with 1,520 files in 27 folders. When uncompressed, there was more than 3 GB of data. Much of the data was from a few years ago, but there was a lot of personal and sensitive information about students.


RBNZ says Partner Accellion Kept It in the Dark About Data Breach

Permalink - Posted on 2021-02-09 17:00

"We had no warning to avoid the attack which began in mid-December. Accellion failed to notify the Bank for five days," Reserve Bank Governor Adrian Orr says.


Web Hosting Provider Shuts Down After Cyber Attack

Permalink - Posted on 2021-02-09 17:00

A web hosting company named No Support Linux Hosting announced today it was shutting down after a hacker breached its internal systems and compromised its entire operation.


Ransomware Attack Targets Ness IT Company in Israel, India, U.S.

Permalink - Posted on 2021-02-08 17:00

The company has worked in the past with the IDF, Israel Aerospace Industries, Israel Post, the Israel Airport Authority and the Hebrew University, among other companies and government bodies. Over 150 servers in Israel and about 1,000 servers outside of Israel are being scanned by McAfee in light of the attack. The managers of the company’s India branch have reportedly begun managing the incident and have brought their insurer, AIG, into the picture.


Taiwan Mobile Operator's Security Breach Hits Headlines

Permalink - Posted on 2021-02-08 17:00

On 15 January 2021 the National Communications Commission (NCC) issued an official order of recall against Taiwan Mobile, one of the country’s top three mobile operators. The order concerned Taiwan Mobile’s self-branded smartphone (the Amazing A32), which had been supplied by a Chinese company and was sold to more than 94,191 subscribers between April 2018 and July 2020.


Experian says Investigating If Involved in Brazil Data Breach

Permalink - Posted on 2021-02-08 17:00

Credit data firm Experian said on Monday it was continuing to investigate whether the personal data of millions of people in Brazil that was found to be illegally offered for sale online could be connected with its Brazilian business Serasa.


Remote Desktop Protocol Attacks Surge by 768%

Permalink - Posted on 2021-02-08 17:00

Remote desktop protocol (RDP) attacks increase by 768% between Q1 and Q4 last year, fuelled by the shift to remote working, according to ESET’s Q4 2020 Threat Report. ESET also highlighted the global disruption campaign it took part in against one of the largest and longest-lived botnets, TrickBot. This led to 94% of TrickBot’s servers being taken down in a single week.


Only 18% of Medical Device Makers Entertain Security Protections for Products

Permalink - Posted on 2021-02-08 17:00

Medical internet of things (IoT) devices promise great benefits, but companies working with them must tighten their cyber security, according to new research from cyber security company Irdeto. The company surveyed senior executives at Fortune 1000-sized US-based companies working in the medical device sector to assess their cyber security stance. Responses to the survey suggested a high level of confidence in medical IoT security among one in five companies, with 18% believing their medical device security was strong. Slightly fewer (13%) believed they were well-prepared to mitigate future risks, while 18% weren’t prepared at all.


Email Account Breach at Law Firm Affects More Than 36,000 UPMC Patients

Permalink - Posted on 2021-02-08 17:00

In June 2020, Charles J. Hilton & Associates P.C. (CJH) discovered suspicious activity in its employee email system and launched an investigation. On July 21, 2020, CJH determined that hackers had gained access to the email accounts of several of its employees between April 1, 2020 and June 25, 2020.


Tens of Thousands of Patient Files Leaked in U.S. Hospital Attacks

Permalink - Posted on 2021-02-08 17:00

Patients and employees from 11 hospitals in the US have had their personal information exposed after hackers reportedly published tens of thousands of records online. The files come from Leon Medical Centers, which runs eight facilities in Florida, and Nocona General Hospital, which has three in Texas. The compromised information includes patients’ names, addresses and birthdays, medical diagnoses and letters to insurers. Also exposed was a folder containing background checks on hospital staff.


Cyber Crime Jumps by 31% in Odisha in 2020

Permalink - Posted on 2021-02-08 17:00

Cybercrime cases increased by an alarming 31% in Odisha in 2020 as compared to 2019. Statistics of Odisha police said altogether 1931 cybercrime cases were registered last year as against 1475 cases in 2019.


British Airways Data Breach Victims Granted Extension to File Claims

Permalink - Posted on 2021-02-05 17:00

Victims of the two British Airways (BA) data breaches in 2018 have been granted an additional two months to file a compensation claim after the Group Litigation Order (GLO) window was extended. The claims relate to two breaches recorded back in 2018: between August and September 2018, it was revealed that 380,000 transactions were compromised and later, 185,000 customers were notified that their personal and financial details were exposed between April and July 2018. Data compromised included payment card information, such as card numbers, expiry dates, and (in tens of thousands of cases) the CVV security code, as well as customer names, billing addresses and email addresses. Evidence has been given by the defendant’s solicitor at the GLO application hearing that the total number of unique payment cards that may have been affected is 429,420.


Ramsey County and Crisp Regional Health Services Affected by Ransomware Attacks

Permalink - Posted on 2021-02-05 17:00

The County Manager’s Office of Ramsey County, MN has started notifying 8,700 clients of its Family Health Division that some of their personal information has potentially been accessed by unauthorized individuals in a ransomware attack on one of its vendors. St. Cloud-based Netgain Technology LLC provides technology services to Ramsey County, including an application used by the Family Health Division for documenting home visits. Data within that application was potentially accessed and exfiltrated by threat actors prior to the deployment of ransomware. The application contained information such as names, addresses, dates of birth, dates of service, telephone numbers, account numbers, health insurance information, medical information and, for a small number of individuals, Social Security numbers. The attack appears to have been conducted with the sole purpose of extorting money from Netgain rather than to gain access to personal information; however, it was not possible to rule out unauthorized access or data theft.


Spotify Suffers Second Credential-Stuffing Cyber Attack in 3 Months

Permalink - Posted on 2021-02-05 17:00

Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same passwords across multiple online accounts. Attackers simply build automated scripts that systematically try stolen IDs and passwords (either gleaned from a breach of another company or website, or purchased online) against various types of accounts.


SitePoint Discloses Data Breach After Stolen Info. Used in Attacks

Permalink - Posted on 2021-02-05 17:00

SitePoint says the hackers gained access to through a compromised third-party tool used to monitor their GitHub account. Using this tool and stolen API keys, SitePoint believes that the attackers could gain access to their codebase and system. While SitePoint has not disclosed the compromised third-party tool's name, it fits the Waydev app breach's description that hackers used to breach other sites over the past year.


Packaging Giant WestRock says Ransomware Attack Hit Production

Permalink - Posted on 2021-02-05 17:00

Atlanta-based packaging giant WestRock on Friday shared an update on the recent ransomware incident that impacted the company’s information technology (IT) and operational technology (OT) systems.


Brazil's Eletrobras says Nuclear Unit Hit with Cyber Attack

Permalink - Posted on 2021-02-04 17:00

nuclear power subsidiary of Brazil’s Eletrobras suffered a cyberattack but no operations were impacted, the state-controlled power holding company said in a filing late on Wednesday. It said the incident is under investigation by government entities responsible for nuclear power security.


Microsoft Office 365 Attacks Sparked from Google Firebase

Permalink - Posted on 2021-02-04 17:00

A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. Researchers at Armorblox uncovered invoice-themed emails sent to at least 20,000 mailboxes that purport to share information about an electronic funds transfer (EFT) payment. The emails carry a fairly vanilla subject line, “TRANSFER OF PAYMENT NOTICE FOR INVOICE,” and contain a link to download an “invoice” from the cloud.


Automated Tools Increasingly Used to Launch Cyber Attacks

Permalink - Posted on 2021-02-04 17:00

In its new report, Threat Spotlight: Automated attacks on web applications, the cybersecurity firm revealed that over half (54%) of all cyber-attacks it blocked in November and December were web application attacks which involved the use of automated tools. The most prevalent form was fuzzing attacks, making up around one in five (19.5%). This uses automation to detect and exploit the points at which applications break. This was followed by injection attacks (12%), in which cyber-criminals make use of automation tools such as sqlmap to gain access to applications.


As Details Emerge About Major Vermont Data Breach, Governor’s Office Steps in

Permalink - Posted on 2021-02-04 17:00

Vermont Gov. Phil Scott stepped into the widening information void formed by a huge state Department of Labor data breach on Wednesday, appointing a deputy commissioner to the department and deploying a team to help with the immediate response. Scott also asked the state auditor, Doug Hoffer, to audit the department to find out how the error occurred and identify long-term quality improvements.


Nespresso Smart Cards Hacked to Provide Infinite Coffee

Permalink - Posted on 2021-02-04 17:00

Polle Vanhoof, a security researcher, describes a vulnerability affecting unspecified Nespresso Pro machines equipped with a smart card reader: the problem? Some rely on outdated Mifare Classic smart cards.


Clearview Facial-Recognition Technology Ruled Illegal in Canada

Permalink - Posted on 2021-02-04 17:00

Canadian authorities have found that the collection of facial-recognition data by Clearview AI is illegal because it violates federal and provincial privacy laws, representing a win for individuals’ privacy and potentially setting a precedent for other legal challenges to the controversial technology.


Oxfam Australia Investigates Data Breach After Database Sold Online

Permalink - Posted on 2021-02-04 17:00

Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database belonging on a hacker forum. Oxfam Australia is a charity focused on alleviating poverty within the indigenous Australian people and people from Africa, Asia, and the middle east. The charity is part of a confederation of twenty charities worldwide operating under the Oxfam umbrella.


Phishing Gangs Hack Data of Logistics Companies, Cheat Customers

Permalink - Posted on 2021-02-04 17:00

Posing as employees of logistics companies, the fraudsters contact customers who want to send vehicles out of town. They take delivery of the vehicles from customers, give them false receipts and run away. When customers contact them to check the status of their consignment, the fraudsters would give them fictitious addresses.


91% of Enterprise Pros Experienced an API Security Incident in 2020

Permalink - Posted on 2021-02-04 17:00

Researchers found that 56% of customers faced between 10 and 55 attacks per month while 22% dealt with anywhere between 51% and 200%.


Goodwin says Vendor Breach May Have Exposed Client Data

Permalink - Posted on 2021-02-03 17:00

Goodwin Procter experienced an indirect security breach involving a third-party vendor whose services the firm uses for large file transfers, according to an internal memo reviewed by Reuters on Tuesday.


U.S. Fertility Hit with Class Action Over Month-Long 2020 Data Breach

Permalink - Posted on 2021-02-03 17:00

US Fertility, LLC faces a proposed class action centered on a reported September 2020 data breach in which hackers armed with ransomware gained access to a trove of personal information from the fertility clinic support services company’s clients. The 29-page lawsuit in Maryland federal court says hackers were able to access US Fertility’s cloud-based systems from August 12 through September 14, 2020, and viewed patients’ names, dates of birth, addresses, Social Security numbers, driver’s licenses and state ID numbers, passport numbers, medical treatment and diagnosis information, medical record details, health insurance and claims specifics and credit and debit card information.


Fertility App Sued Over Non-Consensual Data Sharing

Permalink - Posted on 2021-02-03 17:00

The Illinois company behind a popular fertility app is being sued for allegedly sharing user data with third-party companies without first securing users' consent. Easy Healthcare Corp, based in Burr Ridge, is the developer of ovulation tracking app Premom, which helps users to identify the days on which they are most likely to conceive. A lawsuit filed against the company alleges that a variety of sensitive data belonging to app users was shared non-consensually with at least three different firms located in the People's Republic of China (PRC). Information allegedly shared includes sensitive healthcare information, device activity data, geolocation data, user and advertiser IDs, and device hardware identifiers.


Trucking Company Forward Air Said Its Raansomware Incident Cost it $7.5 Million

Permalink - Posted on 2021-02-03 17:00

The sum was described as a loss of revenue from its LTL (less-than-load) trucking business and not costs incurred from dealing with the incident. The losses stemmed "primarily because of the Company's need to temporarily suspend its electronic data interfaces with its customers," Forward Air said in SEC documents filed today.


India: Data of 25 Lakh Airtel Customers in J-K Allegedly Leaked

Permalink - Posted on 2021-02-03 17:00

Data of around 25 lakh Bharti Airtel subscribers of Jammu and Kashmir circle, including Aadhaar numbers, address and date of birth, has reportedly been leaked by hackers, even as the telecom operator denied any breach in its servers.


Largest Compilation of Emails and Passwords Leaked for Free on Public Forum

Permalink - Posted on 2021-02-03 17:00

However, the current breach, known as “Compilation of Many Breaches” (COMB), contains more than double the unique email and password pairs. The data is currently archived and put in an encrypted, password-protected container. However, the current breach, known as “Compilation of Many Breaches” (COMB), contains more than double the unique email and password pairs. The data is currently archived and put in an encrypted, password-protected container.


Data on Thousands of Foxtons Customers Posted Online

Permalink - Posted on 2021-02-03 17:00

Estate agent Foxtons Group is under pressure after a daily newspaper claimed that thousands of customers’ card and personal details have been uploaded to a dark web site. A customer found over 16,000 card details, addresses and private messages on October 12 last year, according to publication i.


Female Escort Review Site Data Breach Affects 470,000 Members

Permalink - Posted on 2021-02-03 17:00

This database contains the registration information for over 472,695 members, including their display name, email address, MD5 hashed passwords, optional Skype account names, optional birthday, and IP address.


A Second SolarWinds Hack Deepens Third-Party Software Fears

Permalink - Posted on 2021-02-03 17:00

SolarWinds emphasizes that, unlike the Russian hackers, who used their access to SolarWinds to infiltrate targets, the Chinese hackers exploited the vulnerability only after already breaking into a network by some other means. They then used the flaw to bore deeper. “We are aware of one instance of this happening, and there is no reason to believe these attackers were inside the SolarWinds environment at any time,” the company said in a statement. “This is separate from the broad and sophisticated attack that targeted multiple software companies as vectors."


American Cable and Internet Giant Comcast Exposed Development Database Online

Permalink - Posted on 2021-02-02 18:00

On December 1st, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 1.5 billion records. There were references to Comcast throughout the database including multiple subdomains, urls, and internal IP addresses. The publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords.


State-Owned Energy Utility, COPEL, Suffers Cyber Attac

Permalink - Posted on 2021-02-02 18:00

According to the company, the operation and protection systems detected the attacks and the security protocols were followed, with the suspension of the operation of its computerized environment to protect the integrity of the information. The full assessment of what happened is ongoing and necessary steps are being taken to restore normality.


Ransomware Gangs Made at Least $350 Million in 2020

Permalink - Posted on 2021-02-02 18:00

The figure represents a 311% increase over ransomware payments recorded the previous your, in 2019.


South Carolina County Still Reeling from January Cyber Attack

Permalink - Posted on 2021-02-02 18:00

Georgetown County's network was brought down by cyber-criminals on January 23 in what officials described as a "major infrastructure breach." While 911 systems and operations at the Georgetown County Detention Center were unaffected by the attack, the county's electronic systems and email were disrupted. Ten days after the attack took place, cybersecurity experts are still working to recover systems and analyze the full extent of the breach, and county emails have not yet been restored.


Social Media Oversharing Exposes 80% of Office Workers

Permalink - Posted on 2021-02-02 18:00

Over 80% of British and American employees overshare on social media, potentially exposing themselves and their organization to online fraud, phishing and other cyber-threats, according to Tessian. The email security vendor polled 4000 UK and US professionals and interviewed 10 hackers specializing in social engineering to compile its latest research: How to Hack a Human. It revealed that half of respondents share names and photos of their children, 72% mention birthdays and even more (81%) update their job status on social media. Even worse, over half (55%) admitted they have public profiles on Facebook, and only one third (32%) have a private Instagram account. An overwhelming majority (84%) post on social media every week and over two-fifths (42%) do so every day.


SonicWall Says 'a Few Thousand Devices' Impacted by Zero-Day Vulnerability

Permalink - Posted on 2021-02-02 18:00

SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.


Data Breach Exposes 1.6 Million Washington State Residents

Permalink - Posted on 2021-02-02 18:00

The Office of the Washington State Auditor is investigating a security incident which has compromised the personal information of more than 1.6 million people who filed for unemployment claims in the state in 2020. State Auditor Pat McCarthy’s office blamed the breach on a third party software provider named Accellion, whose services are used to transmit computer files.


U.K. Research and Innovation Becomes Next Victim Hit with Ransomware

Permalink - Posted on 2021-02-02 18:00

UKRI added that it’s working to discover if financial information was taken, and it will notify potential victims if this is confirmed.


Netgain Ransomware Incident Impacts Local Governments

Permalink - Posted on 2021-02-02 18:00

The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data. The government of Ramsey County learned about the potential breach on December 2, 2020, when Netagin let them know of the attack and the impact it could have.


Wind River Security Incident Affects SSNs, Passport Numbers

Permalink - Posted on 2021-02-02 18:00

Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the company’s personnel records – including critical data like Social-Security numbers, driver’s license numbers and passport numbers.


Kids' Health Insurer's Website Vulnerable for 7 Years

Permalink - Posted on 2021-02-02 18:00

An organization that administers a children’s dental and health insurance program in Florida took down its online application platform after it discovered the company that hosted its website apparently failed to address vulnerabilities over a seven-year period, resulting in the exposure of personal data. Plus, hackers tampered with that data, Tallahassee, Florida-based Florida Healthy Kids Corp. says.


Data on 3.2 Million DriveSure Clients Exposed on Hacking Forum

Permalink - Posted on 2021-02-02 18:00

DriveSure, a service provider for car dealerships that focuses on employee training programs and customer retention, maintains an abundance of client data. The information exposed included names, addresses, phone numbers, email addresses, IP addresses, car makes and models, VIN numbers, car service records and dealership records, damage claims and 93,063 bcrypt hashed passwords. While security pros consider bcrypt a strong encryption technique relative to older methods such as MD5 and SHA1, it is still vulnerable to brute-force attacks depending on the password strength.


U.S. Court System Ditches Eectronic Filing After SolarWinds Hack

Permalink - Posted on 2021-02-02 18:00

In an extraordinary order handed down to all federal courts late last week – here's an example [PDF] – any documents that “contain information that is likely to be of interest to the intelligence service of a foreign government” will now have to be physically printed out and provided in a physical format. The decision follows concerns last month that as a result of the SolarWinds fiasco – in which suspected Kremlin spies gained access to the networks of multiple US government departments via backdoored IT tools – the court system itself may have been hacked, making Highly Sensitive Documents (HSDs) accessible.


Global Government Outsourcer Serco Hit by Ransomware

Permalink - Posted on 2021-02-02 18:00

British services business Serco, which employs 50,000 staff and manages hundreds of contracts worldwide, confirmed to Sky News that it had suffered an attack. However, the firm did not comment on the impact or whether it had paid the ransom demand.


Data of 300,000 Customers Leaked in São Paulo

Permalink - Posted on 2021-02-01 17:00

Following procedures contained in the LGPD (Brazil’s new data protection law), the international company Enel, with operations in Brazil, has started contacting its customers in relation to a data breach affecting the data of at least 300 thousand clients in the city of Osasco. It is reported that the leak involved personal data, such as name, personal identity (CPF) and telephone numbers, and consumption data; such as address, meter-reading rates and even the payment history of its consumers, and affects an estimated 4% of the company’s customer base. It is still unclear how the leak occurred.


Victor Central School District closed Monday to In-Person Classes Due to Malware Attack

Permalink - Posted on 2021-02-01 17:00

According to an e-mail sent to parents and guardians of district students, the malware attack has caused all internet services in the district, including phones, to stop operating. No personal or financial information has been compromised, nor have student grades. However, the district does say that they may need to close for longer depending on the situation.


The Town of Houilles in France Paralyzed by a Cyber Attack

Permalink - Posted on 2021-02-01 17:00

The city of Houilles (Yvelines) has been facing a cyberattack since Saturday, January 30. The municipality announced it on its social networks: “The City of Houilles is the victim of a cyberattack which paralyzes the website and the municipal IT and digital services. It is not able to send e-mails or process paperless requests and procedures. The City is doing everything it can to stem the spread of this cyberattack."


FTC Gives Final Approval to Settlement with Zoom Over Pricacy Violations

Permalink - Posted on 2021-02-01 17:00

The final order requires Zoom to implement a comprehensive security program, review any software updates for security flaws prior to release and ensure the updates will not hamper third-party security features. The company must also obtain biennial assessments of its security program by an independent third party, which the FTC has authority to approve, and notify the Commission if it experiences a data breach.


Failure to Patch Results in 7-Year Breach of Florida Medicaid Applicants' PHI

Permalink - Posted on 2021-02-01 17:00

The Tallahassee, FL-based Medicaid health plan, Florida Healthy Kids Corporation, has discovered its web hosting provider failed to patch vulnerabilities which were exploited by cybercriminals to gain access to its website and the protected health information of applicants for benefits.


Greek Police to Introduce Live Facial Recognition

Permalink - Posted on 2021-02-01 17:00

Police in Greece are to be issued new devices that will allow them to carry out real-time facial recognition and fingerprint identification while out on the beat. The plan to disseminate the new technology is part of the 4.5 million euro "Smart Policing" project announced in 2017 that aims to identify and verify the identity of citizens when stopped by the police. Most of the project costs (75%) are being covered by the Internal Security Fund (ISF) of the European Commission.


Board Members Aren't Taking Cyber Security as Seriously as They Should

Permalink - Posted on 2021-02-01 17:00

The lack of cybersecurity prioritization of security is particularly true in the boardroom. Although 85% of respondents claimed that the board of directors are more engaged in security decisions and strategy than two years ago, often those executives are passively drawn in because of a major breach, new compliance requirements or the creation of a security program by a CISO. In fact, 44% of respondents indicated that their board of directors have limited involvement in many critical cybersecurity operations. This lack of engagement means many boards are only prepared to fund the bare minimum to meet requirements for compliance and protection.


SonicWall SMA 100 Zero-Day Exploit Actively Used in the Wild

Permalink - Posted on 2021-02-01 17:00

While SonicWall investigates the vulnerability and has not provided many details, they state that it likely affects their SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) line of remote access appliances. As mitigation against the attack, SonicWall states that administrators need to enable multi-factor authentication (MFA) on the devices and recommend setting up IP address restrictions to the management interface.


European Volleyball Org's Azure Bucket Exposed Reporter Passports

Permalink - Posted on 2021-02-01 17:00

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. These sensitive documents were hosted on a Microsoft Azure blob storage share that was publicly accessible to anyone. Further investigation by BleepingComputer revealed that the source of the leak was Confédération Européenne de Volleyball (CEV), or European Volleyball Confederation.


Increase in Physical Security Incidents Adds to IT Security Pressures

Permalink - Posted on 2021-02-01 17:00

An increase in physical security incidents since the start of the COVID-19 pandemic may be adding to IT security teams' workloads at many organizations. In a recent survey by Pro-Vigil, a provider of remote video-monitoring services, nearly 20% of 124 business operations leaders surveyed said their organizations had experienced more physical security incidents than the prior year. One-third said they believed they will see an increase in these incidents in 2021.


Cyber Security Incident at Peel District School Board Causes System Outage

Permalink - Posted on 2021-01-29 17:00

The Peel District School Board confirmed on Thursday that a virtual classroom was hacked on two separate occasions. PDSB [Close caption] Peel District School Board says it’s in the process of getting back to normal operations after a cyber security incident on Jan. 26 that resulted in the encryption of files and systems.


Florida Healthy Kids Website Breached; Vendor Blamed for Not Patching

Permalink - Posted on 2021-01-29 17:00

Florida Healthy Kids Corporation posted a notice on their site about an incident that they attribute to Jelly Bean Communications Design. From November 2013 until December 9, 2020 when the vendor discovered that the site had been hacked, an as yet unspecified number of applicants and enrollees had their personal information at risk.


UKRI Issues Statement About Ransomware Attack

Permalink - Posted on 2021-01-29 17:00

The UK Research and Innovation (UKRI) has sustained a cyber attack adversely affecting several of its web assets, which has resulted in data being encrypted by a third party. After reporting the incident to the National Crime Agency, the National Cyber Security Centre and Information Commissioner’s Office, UKRI stated that at this point it cannot confirm whether or not any data was extracted from its systems, as investigation is underway.


Crisp Regional Health Services Falls Victim to Ransomware Attack

Permalink - Posted on 2021-01-29 17:00

Crisp Regional Health Services was recently the victim of a ransomware attack, which affected some of the systems and encrypted files, according to a release from the hospital.


UScellular Breach Allowed Hackers to Port Customer Phone Numbers

Permalink - Posted on 2021-01-29 17:00

Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a cybersecurity breach.


Miss England Held to Ransom by Cyber Attackers

Permalink - Posted on 2021-01-29 17:00

Pageant organizer and former Miss England Angie Beasley was sent what appeared to be an authentic message from the administrators of the social media app Instagram informing her that she had violated the app's rules and asking her to confirm her phone number.


Ransomware Payoffs Surge by 311% to Nearly $350 Million

Permalink - Posted on 2021-01-29 17:00

Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds.


Leaks and Breaches Soared 93% in 2020

Permalink - Posted on 2021-01-28 17:00

January 28 marks the signing in 1981 of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Also known as Data Privacy Day in North America, it is now an awareness raising event aimed at organizations and consumers alike. However, new research from Imperva warned today that unauthorized transmissions of data from organizations’ networks to external destinations had soared 93% in 2020. The security vendor detected 883,865 such incidents at the start of the year, rising to 1.7 million by the end of December, and argued the figure would be even higher if loss of data via physical devices, print-outs and the like were included.


Most Network Outages Exceed $1 Million in Damages

Permalink - Posted on 2021-01-28 17:00

Concerns over lost productivity, reputational damage, loss of intellectual property, breach notification processing, and legal ramifications are unpleasant consequences to prevent.


Citrix Employees Secure $2.3 Million Settlement for Data Breach

Permalink - Posted on 2021-01-28 17:00

Citrix Systems Inc.'s $2.275 million settlement offer to a class of current and former employees whose data was compromised by hackers over a five-month period earned a Florida federal judge’s initial approval.


Ransomware Attacks Account for Almost Half of Healthcare Data Breaches

Permalink - Posted on 2021-01-28 17:00

According to the Tenable Research 2020 Threat Landscape Retrospective Report, 730 data breaches were reported across all industry sectors in the first 10 months of 2020 and more than 22 billion records were exposed. 8 million of those records were exposed in healthcare data breaches. Healthcare registered the highest number of data breaches of any industry sector between January and October 2020, accounting for almost a quarter (24.5%) of all reported data breaches, ahead of technology (15.5%), education (13%), and the government (12.5%).


Dead System Admin's Credentials Used for Ransomware Attack

Permalink - Posted on 2021-01-28 17:00

Sophos found that attackers have compromised the admin account of a deceased admin, which maintained high-level access, about one month before launching Nefilim ransomware. Once they gained access to the compromised admin account, the gang spent a month quietly stealing credentials for other accounts and also found troves of data, exfiltrating hundreds of gigabytes before deploying the ransomware and locking files. As with other ransomware attacks associated with Nefilim, the operators targeted vulnerable Citrix resources to gain the initial foothold.


Almost 190,000 Patients Affected by Roper St. Francis Healthcare Phishing Attack

Permalink - Posted on 2021-01-27 17:00

Roper St. Francis Healthcare has notified 189,761 patients that some of their protected health information was contained in employee email accounts that were accessed by an unauthorized individual. The email security breach was detected in late October 2020, and the subsequent investigation revealed three email accounts were compromised between October 14 and October 29, 2020.


Norway to Fine Dating App Grindr $11.7M Over Privacy Breach

Permalink - Posted on 2021-01-27 17:00

Gay dating app Grindr faces a fine of more than $10 million from Norwegian regulators for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules.


176 Million Pakistani Mobile Service Customers Have Information Sold Illegally

Permalink - Posted on 2021-01-27 17:00

A threat actor is selling a database allegedly containing the personal details of over 176 million Pakistani citizens. Apparently, the database is a compilation of data belonging to different telecom companies in the country and dumped altogether for sale. Currently, some of the major telecom companies in Pakistan include Zong, Warid, Ufone, Telenor, and Jazz (Previously Mobilink & Warid).


Insurers Defend Covering Ransomware Payments

Permalink - Posted on 2021-01-27 17:00

The Association of British Insurers (ABI) has defended the inclusion of ransomware payments in first-party cyber-insurance policies. It said insurance was "not an alternative" to doing everything possible to first minimise the risk.


Rady Children's Hospital Facing Class Action Lawsuit Over Blackbaud Ransomware Attack

Permalink - Posted on 2021-01-26 17:00

In May 2020, the cloud software company Blackbaud suffered a ransomware attack. As is common in human operated ransomware attacks, data was exfiltrated prior to file encryption. Some of the stolen data included the fundraising databases of its healthcare clients. One of the affected healthcare providers was Rady Children’s Hospital-San Diego, the largest children’s hospital in California in terms of admissions. A class action lawsuit has been proposed that alleges Rady was negligent for failing to protect the sensitive information of 19,788 individuals which was obtained by the hackers through Blackbaud’s donor management software solution.


Haywood County, NC Schools Sends Data Breach Notices for August Ransomware Attack

Permalink - Posted on 2021-01-26 17:00

A cybercriminal ring hacked the school’s servers in August and attempted to blackmail the school system into paying a ransom in exchange for unlocking the network — including a threat that the hackers would post the data they obtained on the dark web if the school system didn’t pay up.


South Carolina County Suffers Weekend Cyber Attack

Permalink - Posted on 2021-01-26 17:00

A statement from Georgetown County’s local government Monday said the county’s computer network “suffered a major infrastructure breach over the weekend.” Most of the county’s electronic systems, including emails, were impacted.


Packaging Giant WestRock says Ransomware Attack Impacted OT Systems

Permalink - Posted on 2021-01-26 17:00

American packaging giant WestRock (NYSE: WRK) on Monday revealed that it was recently targeted in a ransomware attack that impacted both information technology (IT) and operational technology (OT) systems.


Misconfigured Cloud Server Exposes 66,000 Gamers

Permalink - Posted on 2021-01-26 17:00

A research team at WizCase found the wide-open server, with zero encryption and no password protection, through a simple search. It was traced back to VIPGames.com, a popular free-to-play card and board game platform with 100,000 Google Play downloads and roughly 20,000 active daily players globally. Over 30GB of data was leaked in the privacy snafu, including 23 million records. In this trove, the researchers picked out 66,000 user profiles including: usernames, emails, device details, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, in-game transaction details, bets and details regarding banned players.


Dutch COVID-19 Patient Data Sold on the Criminal Underground

Permalink - Posted on 2021-01-26 17:00

Buyers would receive details such as home addresses, emails, telephone numbers, dates of birth, and a person's BSN identifier (Dutch social security number).


Pan-Asian Retail Giant Dairy Farm Suffers REvil Ransomware Attack

Permalink - Posted on 2021-01-26 17:00

Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation. The attackers claim to have demanded a $30 million ransom.


PupBox Data Breach Now Being Investigated by Legal Council for Plantiffs

Permalink - Posted on 2021-01-25 16:00

A San Francisco law firm has launched an investigation into a data breach that took place at a subsidiary of Petco Health and Wellness Company. The breach, which occurred over a six-month period last year, resulted in the exposure of the payment card information of tens of thousands of customers of PupBox, Inc. PupBox, which appeared on the entrepreneurial-themed reality TV show Shark Tank, sells customized puppy subscription boxes containing toys, treats, chews, and accessories handpicked according to the animal's age and physical characteristics. On October 2, 2020, PupBox announced that its website, PupBox.com, had been the target of a prolonged data breach affecting more than 30,000 of its subscribers.


Palfinger Group Crippled by Massive Attack

Permalink - Posted on 2021-01-25 16:00

PALFINGER Group is currently the target of an ongoing global cyber attack. IT infrastructure is disrupted at the moment (including sending and receiving emails, ERP systems). A large proportion of the group’s worldwide locations are affected. It is not possible to estimate the precise extent and duration of the attack or its consequences at this time. Work is being carried out intensively on a solution.


WestRock Reports Ransomware Incident

Permalink - Posted on 2021-01-25 17:00

Although WestRock is actively managing this incident and will continue to do so, it has caused and may continue to cause delays in parts of the Company’s business and may result in a deferral or loss of revenue and incremental costs that may adversely impact WestRock’s financial results.


Illinois Court Exposes More Than 323,000 Sensitive Records

Permalink - Posted on 2021-01-25 17:00

On September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U.S., with a population in excess of 5 million people.


Data of BuyUcoin Cryptocurrency Exchange Traders Allegedly Leaked Online

Permalink - Posted on 2021-01-25 17:00

Names, email addresses, phone numbers, cryptocurrency transaction records, and bank details of users may have been compromised, according to Inc42. The publication estimates that up to 325,000 users are impacted, whereas Bleeping Computer suggests a figure closer to 161,000. The alleged data leak, flagged by researcher Rajshekhar Rajaharia, was posted on a hacking forum and is thought to be the work of ShinyHunters, previously linked to the sale of stolen company databases.


8+ Million Teespring User Records Leaked on Hacker Forum

Permalink - Posted on 2021-01-25 16:00

The files contained in the leaked archive include email addresses and last update dates for 8,242,000 user accounts, as well as full names, phone numbers, locations, and other account details of more than 4 million Teespring users and apparel creators.


Hacker Leaks Data of 2.28 Million Dating Site Users

Permalink - Posted on 2021-01-25 16:00

Data belongs to dating site MeetMindful and includes everything from real names to Facebook account tokens, and from email addresses and geo-location information.


Leading Crane Maker Palfinger Hit in Global Cyber Attack

Permalink - Posted on 2021-01-25 16:00

Palfinger's site is currently displaying an alert warning that the company is experiencing a cyberattack that has taken down their e-mail and disrupted business operations.


SonicWall says It Was Hacked Using Zero-Days in Its Own Products

Permalink - Posted on 2021-01-25 16:00

The company initially listed NetExtender VPN clients and the Secure Mobile Access (SMA) gateways as impacted, but in an update several hours later said that only devices part of its SMA 100 series appliances are still under investigation as containing a zero-day vulnerability.


Australian Securities Regulator Discloses Security Breach

Permalink - Posted on 2021-01-25 16:00

The Australian Securities and Investments Commission (ASIC) has revealed that one of its servers has been accessed by an unknown threat actor following a security breach. ASIC is an independent Australian government commission tasked with the regulation of insurance, securities, and financial services, as well with consumer protection as Australia's national corporate regulator. The commission also maintains a searchable database of business information for several types of organizations. The stored data includes both current and historical info including but not limited to addresses and office locations.


Colliers International Group Gets Slammed by Cyber Attack

Permalink - Posted on 2021-01-22 17:00

Colliers International Group, a Toronto-based commercial real estate services firm, has acknowledged that it suffered a cyberattack last November. However, the company would not confirm whether the cyber incident involved ransomware.


Enterprise Credentials Publicly Exposed by Cyber Criminals

Permalink - Posted on 2021-01-22 17:00

As part of the campaign, the attackers were able to successfully bypass Microsoft Office 365 Advanced Threat Protection (ATP) filtering, which allowed them to harvest more than a thousand credentials from victims.


CHwapi Hospital Hit by Windows BitLocker Encryption Cyber Attack

Permalink - Posted on 2021-01-22 17:00

The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker. CHwapi suffered an attack that caused the hospital to redirect patients to other hospitals and delay surgical procedures.


Intel Probing Reports of Quarterly Earnings Hack

Permalink - Posted on 2021-01-22 17:00

Intel Corp said on Thursday that it was investigating reports that a graphic in its quarterly earnings statement had been the object of unauthorized access before publication. CFO George Davis said the leak was the result of an illicit action that had not involved any unintentional disclosure by the company itself.


MyFreeCams Sees 2 Million User Records Stolen

Permalink - Posted on 2021-01-22 17:00

The threat actor has now deleted their post, as well as their account, from the hacker forum. They’ve also emptied their cryptocurrency wallet after collecting ~$22,400 in Bitcoin for the stolen data across 49 transactions. The author of the forum post is asking for $1500 in Bitcoin per 10,000 user records and claims that a single batch would net the buyers at least $10,000, which they could make by selling premium accounts with MFC Token (MyFreeCams’ virtual currency) balances on the black market.


Bonobos Clothing Store Confirms Breach After Hacker Leaks 70GB Database

Permalink - Posted on 2021-01-22 17:00

This leaked database is a monstrous 70 GB SQL file containing various internal tables used by the Bonobos website. The database also includes various data far more interesting to threat actors, such as customers' addresses, phone numbers, partial credit card numbers (last four digits), order information, password histories, and virtual gift cards.


Truckers' Medical Records Leaked

Permalink - Posted on 2021-01-21 17:00

Medical records belonging to truck drivers and rail workers may have been exposed following an alleged cyber-attack on an occupational healthcare provider in Virginia. Data apparently belonging to employees of the United Parcel Service (UPS) and Norfolk Southern Railroad was published online to a leak site by the gang behind Conti ransomware. The cyber-criminals claimed to have obtained the data during a December cyber-attack on Taylor Made Diagnostics (TMD). The leaked data includes full names, Social Security numbers, details of medical examinations, drug and alcohol testing reports, and scans of driver’s licenses.


Einstein Healthcare Network Announces August Breach

Permalink - Posted on 2021-01-21 17:00

Einstein Health Network, a Pennsylvania-based company operating medical rehab, outpatient and primary care centers, announced a breach of its employee email system, which exposed patient personal and medical information. The company waited more than five months to make the compromise public.


Woolworths Gave Customer Data to NSW Health

Permalink - Posted on 2021-01-21 17:00

Woolworth’s privacy policy – one of what author of The Age of Surveillance Capitalism, Shoshana Zuboff, sardonically refers to as ‘surveillance policies’ – outlines how customers can expect the retailer to use private information they provide when scanning their orange Everyday Rewards cards at the checkout.


Giant Leak Exposes Data from Almost All Brazilians

Permalink - Posted on 2021-01-21 17:00

The leaked data contains detailed information on 104 million vehicles and about 40 million companies, potentially vulnerable to 220 million people. The information contained in the compromised database includes the name, date of birth and CPF of almost all Brazilians, including authorities. In a press release, the director of the dfndr lab, Emilio Simoni, explained that the biggest risk is that this data will be used in phishing scams, in which a person is induced to provide more personal information on a fake page.


Hacker Leaks Data of Millions of Teespring Users

Permalink - Posted on 2021-01-21 17:00

The Teespring data was made available as a 7zip archive that includes two SQL files. The first file contains a list of more than 8.2 million Teespring users' email addresses and the date the email address was last updated.


Singapore Widens Security Labelling to Include All Consumer IoT Devices

Permalink - Posted on 2021-01-21 17:00

Introduced last October as a voluntary programme, the Cybersecurity Labelling Scheme rates devices according to their level of cybersecurity features and will now be extended to include all consumer smart devices such as smart lights and smart printers.


2020 Sees Huge Increase in Records Exposed in Data Breaches

Permalink - Posted on 2021-01-21 17:00

Measured on a scale of 0 to 10, breach severity is calculated based on how many records were stolen, how the breach occurred, the type of data exposed, and other factors. The first quarter started were an average severity score of 4.75 and then gradually climbed to hit a score of the 5.71 around the third quarter.


Ransomware Victims Continue to Sabatoge Their Own Livelihoods

Permalink - Posted on 2021-01-20 17:00

There are victims of ransomware attacks which are entirely capable of restoring their network from backups and have successfully done so – but are still paying a bitcoin ransom of hundreds of thousands or millions of dollars to cyber criminals in an effort to prevent cyber criminals from leaking stolen information.


Livecoin Out of Business After Cyber Attack

Permalink - Posted on 2021-01-20 17:00

Livecoin has announced its closure following a cyberattack that allegedly compromised the firm's infrastructure and exchange rate setup. Livecoin claimed to have lost control of its "servers, backend, and nodes," and was unable to stop the attack from occurring. The cryptocurrency exchange said law enforcement had been notified of the security incident.


New York CASES Operation Notifies Clients of Data Security Breach

Permalink - Posted on 2021-01-20 17:00

On November 18, 2020, employee email accounts containing client information were subject to unauthorized access at times between July 6, 2020 and October 4, 2020.


Hacker Leaks Full Database of 77 Million Nitro PDF User Records

Permalink - Posted on 2021-01-20 17:00

The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.


Hacker Posts 1.9 Million Pixlr User Records for Free on Forum

Permalink - Posted on 2021-01-20 17:00

Over the weekend, a threat actor known as ShinyHunters shared a database for free on a hacker forum that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.


Coin-Mining Malware Volumes Soar 53% in Q4 2020

Permalink - Posted on 2021-01-20 17:00

It was the browser-based Coinhive that drove the previous spike in cryptocurrency-mining activity. By February 2018 it had impacted 23% of global organizations, according to one study. One researcher even found it installed on UK and US government sites including those belonging to the UK’s Information Commissioner’s Office (ICO), United States Courts, the General Medical Council, the UK’s Student Loans Company and NHS Inform.


U.S. Spinal Care Practice Among First to Issue Healthcare Data Breach Warning in 2021

Permalink - Posted on 2021-01-20 17:00

Precision Spine Care, a Texas-based spinal care center, has warned of a potential data breach after an unauthorized individual gained remote access to an employee’s email account in an attempt to fraudulently divert funds from the organization. The company, which has facilities in the cities of Tyler, Longview, Lufkin, Texarkana, and Nacogdoches, has become one of the first US healthcare companies to flag a potential data breach in 2021, in line with HIPAA requirements.


OpenWrt Informs Users of Forum Breach

Permalink - Posted on 2021-01-19 17:00

In a security notice posted on the OpenWrt forum, users were told that the hacker gained access to the account of an administrator on January 16. It’s unclear how the account became compromised — it had a “good password,” but two-factor authentication was not enabled.


Amey PLC Bin Collection Firm in U.K. Hit by Ransomware

Permalink - Posted on 2021-01-19 17:00

The company in charge of Trafford’s bin collections and cleaning the borough’s street has suffered a major cyber attack and sensitive personal, financial and commercial details have been leaked. Amey PLC, which has a super contract with Trafford council to manage its infrastructure, was targeted by Mount Lock ransomware group in an incident the company has labelled ‘complex’.


Okanogan Co. Government Hit with Cyber Attack

Permalink - Posted on 2021-01-19 17:00

The Okanogan County government is dealing with a computer cyber attack that has impacted its phone system and emails. The attack is also affecting Okanogan County Public Health, according to the Okanogan County Sheriff’s Office.


X-Rated Social Media App Fleek Exposes Users in Massive Data Breach

Permalink - Posted on 2021-01-19 17:00

vpnMentor’s research team, led by cybersecurity analyst Noam Rotem, recently uncovered a data breach originating from the Fleek social media app. While it appears Fleek ceased operating in 2019, it failed to secure a huge amount of sensitive data collected from users since it launched in 2016. Furthermore, the discovery exposed a potential scam by the app’s operators, who appeared to be monetizing it by targeting users with fake chatbot accounts.


25% Increase in Breaches in 2020 of Healthcare Records

Permalink - Posted on 2021-01-19 17:00

In 2020, healthcare data breaches of 500 or more records were reported at a rate of more than 1.76 per day. 2020 saw 642 large data breaches reported by healthcare providers, health plans, healthcare clearing houses and business associates of those entities – 25% more than 2019, which was also a record-breaking year.


GDPR Fines Surge 39% Over Past Year

Permalink - Posted on 2021-01-19 17:00

The past year has seen double-digit increases in the value of GDPR fines imposed by regulators and the volume of breaches notified to regulators, according to a new analysis by DLA Piper. The international law firm said that €158.5m ($192m, £141m) in fines was imposed since January 28 2020, a 39% increase on the previous 20-month period since the law came into force in May 2018. Breach notifications surged by 19%, the second consecutive double-digit increase, to reach 121,165 over the past year. In total, €272.5m ($332m, £45m) in fines has been issued since the start of the new regulatory regime, with Italy (€69m) having imposed the larges number, followed by Germany and France. Total breach notification volumes have reached 281,000, with Germany (77,747), the Netherlands (66,527) and the UK (30,536) topping the table. However, when weighted according to national populations, Denmark comes top, followed by the Netherlands and Ireland.


Over 22 Billion Records Exposed in Data Breaches in 2020

Permalink - Posted on 2021-01-19 17:00

Thirty five percent of breaches were linked to ransomware attacks, resulting in tremendous financial cost, while 14 per cent of breaches were the result of email compromises, according to an analysis of breach data by cyber exposure company Tenable’s Security Response Team (SRT) from January through October last year.


AnyVan Confirms Data Breach of Customer Information

Permalink - Posted on 2021-01-19 17:00

Anyvan, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed it was the victim of a digital burglary that involved the theft of customers' personal data. The company wrote to customers mid-last week to inform them of a "breach of security resulting in the unauthorised access to data from our user database," according to the email seen by The Register.


U.K. MoD Experiences 18% Growth in Personal Data Loss Incidents

Permalink - Posted on 2021-01-18 16:00

Of the seven most serious incidents reported to the ICO, one involved a sub-contractor incorrectly disposing of MoD originated material in July 2019, which led to the personnel and health data of two former employees being accidently disclosed. Another occurred when a recorded delivery package containing the claims for forms of five individuals was lost in transit between two stations in February 2020. A third example revolved around a whistleblowing report that had not been properly anonymized.


Excellus Health Plan Settles HIPAA Violation Case and Pays $5.1 Million Penalty

Permalink - Posted on 2021-01-18 16:00

The Department of Health and Human Services’ Office for Civil Rights has announced the health insurer Excellus Health Plan has agreed to pay a $5.1 million penalty to settle a HIPAA violation case stemming from a 2015 data breach that affected 9.3 million individuals.


CHwapi Hospital Hit by Ransomware, Operations Canceled

Permalink - Posted on 2021-01-18 16:00

The CHwapi was the victim of a cyber attack on Sunday evening, at 8:46 p.m. sharp. No less than 80 of the 300 computer servers have been affected. As the personal data of the admissions department was no longer accessible, the staff returned to reviewing the old paper data. No computer theft was committed and no ransom demand was made. Faced with this situation, a hundred operations were canceled on Monday. As far as consultations are concerned, according to the doctors, the majority has been maintained. Patients who had their consultation canceled were notified by text message or by phone call.


German Laptop Retailer Fined €10.4m for Video-Monitoring Employees

Permalink - Posted on 2021-01-18 16:00

The penalty represents one of the largest fines imposed under the 2018 General Data Protection Regulation (GDPR) not only in Germany but across Europe as well. The recipient is notebooksbilliger.de AG (doing business as NBB), an online e-commerce portal and retail chain dedicated to selling laptops and other IT supplies.


Malware Incidents on Remote Devices Increase

Permalink - Posted on 2021-01-18 16:00

52% of organizations experienced a malware incident on remote devices in 2020, up from 37% in 2019, a Wandera report reveals. Of devices compromised by malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage, highlighting a need for organizations to better determine how to configure business tools to ensure fast and safe connectivity for all users in 2021.


Singapore Tightens Cyber Defense Guidelines for Financial Services Sector

Permalink - Posted on 2021-01-18 16:00

Revised guidelines on technology risk management include instructions for financial institutions to exercise "strong oversight" of arrangements with third-party service providers to ensure data confidentiality and details of the responsibility of senior management.


Australians Lost A$176m to Scams in 2020

Permalink - Posted on 2021-01-18 16:00

Investment scams topped the list of scams, which grew by 23.1% in 2020 as criminals exploited human psychology using social engineering.


150,000 Arrest Records "Accidentally" Deleted from Police Database

Permalink - Posted on 2021-01-15 17:00

A technical issue has resulted in 150,000 arrest records being accidentally deleted from the Police National Computer system, used by law enforcement organisations across the UK to store and share criminal records. The lost data included fingerprints, DNA, as well as arrest histories.


Omani Detergent Company Exposed to Cyber Attack

Permalink - Posted on 2021-01-15 17:00

In a disclosure published by the Muscat Securities Market said: "The National Detergent company want to informs you of its exposure to an electronic attack on the company's information technology network that caused the loss of some electronic data."


Pitkin County, CO COVID-19 Xase Investigations Exposed Online

Permalink - Posted on 2021-01-15 17:00

Pitkin County learned of an incident that may affect the privacy of certain information and is providing notice so that affected individuals may take steps to better protect their personal information, should they feel it is appropriate to do so.


Polish DPA Fines Virgin Mobile Polska €460,000 for Lack Security Measures

Permalink - Posted on 2021-01-15 17:00

The President of the Personal Data Protection Office (UODO) imposed a fine of PLN 1.9 million (EUR 460,000) on Virgin Mobile Polska for the lack of implemented appropriate technical and organisational measures to ensure the security of the processed data.


Ronald McDonald House Notifying Almost 18,000 Guests of Blackbaud Breach

Permalink - Posted on 2021-01-15 17:00

Ronald McDonald House is well-known in the U.S., for offering housing accommodations to families who have children being treated for serious illnesses. As it says on their site: “A Ronald McDonald House program helps reduces stress and financial burden for families when they must travel far from home to access medical care for their child…. Research shows that patients whose families stayed at the Ronald McDonald House are the sickest, traveled the farthest distances, and spent the longest time in the hospital.”


South Country Health Alliance Breach Impacts 66,874 Plan Members

Permalink - Posted on 2021-01-15 17:00

Owatonna, MN-based Minnesota South Country Health Alliance has discovered an unauthorized individual accessed the email account of an employee that contained the protected health information of 66,874 of its members.


12,000+ Workers' IDs, Banking Details, etc. Personal Data Leaked by U.K. Staffing Agency

Permalink - Posted on 2021-01-15 17:00

The database appears to belong to Nohow International, a UK-based recruitment and staffing agency that provides blue- and white-collar personnel services to companies across the UK and other countries.


Scotland Environmental Regulator Hit by Ongoing Ransomware Attack

Permalink - Posted on 2021-01-15 17:00

The Scottish Environment Protection Agency (SEPA) confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve.


Ransomware Attacks Now to Blame for Half of Healthcare Data Breaches

Permalink - Posted on 2021-01-15 17:00

Almost half of data breaches at hospitals were because of ransomware attacks – and those attacks could've been prevented with timely patching.


2020 Saw 6% Rise in Number of CVEs Reported

Permalink - Posted on 2021-01-14 17:00

Among the 2020 vulnerabilities disclosed were 29 Tenable identified as net-new zero-day vulnerabilities. Of the 29 vulnerabilities, over 35% were browser-related vulnerabilities, while nearly 29% were within operating systems. Font libraries were also popular, accounting for nearly 15% of zero-day vulnerabilities.


Hy-Vee Data Breach Settlement Proposed

Permalink - Posted on 2021-01-14 17:00

A preliminary settlement agreement regarding a data breach that impacted customers of Iowa-based grocery store chain Hy-Vee has been proposed. Hy-Vee launched an investigation after detecting unauthorized activity on some of its payment processing systems on July 29, 2019. The investigation found that malware designed to access and steal payment card data from cards used on point-of-sale (POS) devices had been installed at certain Hy-Vee fuel pumps and drive-thru coffee shops. Restaurants were also impacted, including Hy-Vee Market Grilles, Hy-Vee Market Grille Expresses, and the Wahlburgers locations that Hy-Vee owns and operates, as well as the cafeteria at the chain's West Des Moines corporate office.


Telegram Bots at Heart of Classiscam Scam-as-a-Service

Permalink - Posted on 2021-01-14 17:00

A new automated scam-as-a-service has been unearthed, which leverages Telegram bots in order to steal money and payment data from European victims. The scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals, and has been used by at least 40 separate cybergangs – which altogether made at least $6.5 million using the service in 2020.


Healthcare Industry Web Application Attacks Increased by 51% in December

Permalink - Posted on 2021-01-14 17:00

In December, Imperva Research Labs detected significant increases in four types of attacks. The largest increase was seen in protocol manipulation attacks, which increased 76% from the previous month and were the third most common attack type. There was a 68% increase in remote code execution / remote file inclusion attacks, although they only accounted for a relatively small volume of attacks. Cross-site scripting (XSS) attacks were the most common attack type, with attack volume increasing 43% from the previous month. SQL injection attacks were the second most common attack type, with these attacks increasing by 44% since November.


TikTok Harvested MAC Addresses by Exploiting Android Loophole

Permalink - Posted on 2021-01-14 17:00

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google.


3BB Hackers Dump Customer Data, Thai Regulator Seeks Answers from Businesses

Permalink - Posted on 2021-01-14 17:00

On December 10, DataBreaches.net reported a hack and ransom demand by ALTDOS on Country Group Securities. The hackers demanded 170 BTC (approximately USD $3,000,000.00 at the time). CGS allegedly never responded to their demands at all, so ALTDOS provided some data as proof that they dumped publicly. To date, the attackers do not appear to have followed up on that attack, but recently informed DataBreaches.net that they intend to follow up.


Tencent, Xpeng, Other Firms Ordered to Fix App Security Flaws

Permalink - Posted on 2021-01-14 17:00

More than 70 per cent of the 201 apps reprimanded by the Guangdong Communications Administration failed to specify the purpose, means and scope of data collection. Up to 40 per cent were found to have collected personal information before receiving user consent.


Saskatchewan Privacy Commissioner Investigates Potential Breach of Hunting Lcensing System

Permalink - Posted on 2021-01-14 17:00

Saskatchewan’s privacy commissioner is investigating a potential privacy breach involving the province’s hunting, angling, and trapping licence system (HAL system). The province said the incident occurred on Jan. 7 when an email regarding Hunter Harvest surveys was sent to HAL customers from a third-party agency called Aspira. Aspira sent an email that contained the customer name and HAL account identification number to about 33,000 email addresses.


Police Release Firearm Owner Details in Data Breach

Permalink - Posted on 2021-01-14 17:00

Queensland police have accidentally released details of hundreds of firearms owners in an embarrassing privacy and security breach, which is under investigation. Compounding the error, the move was an attempt to warn firearms owners to secure their properties following a spate of thefts of guns.


Fertility-Tracking App Flo Health Settles FTC Privacy Infringement

Permalink - Posted on 2021-01-14 17:00

FTC alleges Flo Health shared the health information of users with outside data analytics providers after promising that such information would be kept private.


OCR Continues HIPAA Right of Access Crackdown with $200,000 Fine

Permalink - Posted on 2021-01-13 17:00

The HHS’ Office for Civil Rights (OCR) is continuing to crackdown on healthcare providers that are not providing patients with timely access to their medical records. Yesterday, OCR announced a settlement had been agreed with Banner Health to resolve a HIPAA Right of Access investigation. Banner Health agreed to pay $200,000 to settle the case.


Confidential Data Stolen from Promutuel Ends Up online

Permalink - Posted on 2021-01-13 17:00

A gang of cyber hackers posted on the dark web confidential documents from Promutuel Insurance. The company, which has around 630,000 customers, is still paralyzed a month after a cyberattack.


King, Pierce County Schools Hit with Data Breach

Permalink - Posted on 2021-01-13 17:00

The Puget Sound Educational Service District (PSESD) sent out a notice to current and former students and employees of King and Pierce County Schools upon learning of a data breach within their computer network. It's unclear what specific information was hacked, but PSESD officials said it could potentially be employees and/or students' names, dates of birth, Social Security numbers, financial account information, and high-level medical information.


National Board of Certified Counselors, Inc. Has Data Breached

Permalink - Posted on 2021-01-13 17:00

An investigation determined that the malware was introduced into the system by an unauthorized actor who also accessed and acquired certain files within NBCC's system. The unauthorized access occurred between August 31, 2020 to September 7, 2020.


Update: Cyber Attack on European Medicines Agency

Permalink - Posted on 2021-01-13 17:00

The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet.


India Just Had the Biggest Medical Records Breach Ever

Permalink - Posted on 2021-01-13 17:00

Public debate this week has been dominated by how WhatsApp compromises personal data and privacy, and the pros and cons of its competitors. On 5 January, there was a story on a technology portal about how details of COVID-19 test results of tens of thousands of patients were leaked on the net through multiple Government of Delhi domains (delhigovt.nic.in/delhi.gov.in/revenue.delhi.gov.in). Individual reports of lab tests were available as well. Yet, no media follow up happened on the issue.


Healthcare Hit by 187 Million Monthly Web App Attacks in 2020

Permalink - Posted on 2021-01-13 17:00

Web application attacks in the healthcare sector surged in December as distribution of the first COVID-19 vaccines began, according to new data from Imperva. The security vendor claimed that attacks jumped 51% last month from detected volumes in November in a vertical that has been bombarded by cyber-criminals over the past year. Four specific attack types saw the largest increases: cross-site scripting (XSS) detections jumped 43%; SQL injection attacks surged 44%; protocol manipulation attacks soared 76%; and remote code execution/remote file inclusion detections increased 68% in December.


Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

Permalink - Posted on 2021-01-13 17:00

A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced. A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. It would be possible to intercept that traffic, or possibly to infiltrate customers’ Microsoft 365 Exchange Web Services and steal information.


New Zealand Central Bank Breach Hit Other Companies

Permalink - Posted on 2021-01-12 17:00

The Palo Alto-headquartered firm’s File Transfer Application (FTA) was targeted by malicious third parties, presumably going after the sensitive info stored and shared via the service.


Two-Thirds of Employees Don't Consider Security Whilst Home Working

Permalink - Posted on 2021-01-12 17:00

Although 71% of workers do not think about the implications a cybersecurity breach could have on their work and job security, when asked, 45% said they could lose their job if their working device’s security was compromised.


Data Breach at Capcom Gaming Company Widens

Permalink - Posted on 2021-01-12 17:00

Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.


Clearfield County, PA Hit by Cyber Attack

Permalink - Posted on 2021-01-12 17:00

A cyberattack infected all of Clearfield County’s servers and 15 percent of its computers over the weekend. Commissioner John A. Sobel, board chairman, Tony Scotto and Dave Glass issued the following public statement Tuesday: “Clearfield County recently detected and is responding to malware activity on its computer network. As soon as we learned of this, we began working to investigate to restore operations and determine the effects of the incident. “We’re also working with nationally-recognized, third-party cybersecurity consultants … at this time, there’s no evidence that our information has been compromised. We will continue to actively monitor the situation.


Networking Giant Ubiquiti Alerts Customers of Potential Data Breach

Permalink - Posted on 2021-01-12 17:00

Ubiquiti owners are frustrated as UniFi requires them to create cloud accounts to manage local devices, and many would prefer to be able to manage everything locally. Over the weekend, Ubiquiti suffered a widespread outage to their UniFi cloud management platform that prevented users from using the web and mobile apps or manage their devices.


Feds Will Weigh Whether Cyber Best Practices Were Followed When Assessing HIPAA Fines

Permalink - Posted on 2021-01-12 17:00

The Department of Health and Human Services (HHS) will now consider whether organizations followed best practices for protecting medical information before assessing fines for violation of the Health Insurance Portability and Accountability Act. The new rule, which President Trump signed into law last week, amends the Health Information Technology for Economic and Clinical Health Act so that the HHS secretary could forgo fines or cut short an investigation if a organization can show it implemented best practices for protecting health information for at least a year.


High Court Rules Against Government Bulk Hacking

Permalink - Posted on 2021-01-11 17:00

Non-profit Privacy International challenged the practice in the Investigatory Powers Tribunal (IPT), a secretive court set-up to handle cases involving the intelligence agencies. However, the IPT ruled in the latter’s favor, back in 2016. Although the government then tried to block a High Court challenge to the ruling, by claiming the tribunal’s decisions can’t be subject to judicial review, it lost, and the case went ahead. On Friday, the High Court agreed with Privacy International, quashing the IPT decision. It cited 250 years of common law precedent whereby individuals have a right not to not have their property searched without lawful authority, even in cases of national security. As general warrants don’t apply to individuals, the authorities are wrong to take this approach, it found.


Ransom Demanded After AKVA Group Victim of Major Virus Attack

Permalink - Posted on 2021-01-11 17:00

AKVA group CEO Knut Nesse told the newspaper Dagens Næringsliv that the cyber attack was ransomware. Nesse would not comment on how much ransom they demand or whether the company will pay. Among the systems affected is the software Fishtalk that AKVA group supplies to a wide range of fish farming companies.


China's Socialarks Exposes 200+ Million Facebook, Instagram and LinkedIn Users

Permalink - Posted on 2021-01-11 17:00

The company’s unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million social media users from around the world, using both populist consumer platforms such as Facebook and Instagram, as well as professional networks such as LinkedIn.


Ransomware Attack Hits Short Line Rail Operator OmniTRAX

Permalink - Posted on 2021-01-11 17:00

Colorado-based short line rail operator and logistics provider OmniTRAX was hit by a recent ransomware attack and data theft that targeted its corporate parent, Broe Group. OmniTRAX confirmed to FreightWaves that the cyberattack had occurred after the Conti ransomware gang posted stolen data from a leak site. The company, however, provided no details about the incident and whether it impacted any operations.


Communauto Hit by Cyber Attack

Permalink - Posted on 2021-01-11 17:00

Communauto, the Montreal-based car-sharing service, confirmed on Friday that its computer systems were hit with a cyber attack over the holidays that compromised the personal information of some of its clients, including member numbers, names as well as email and civic addresses.


1 Million Highly Sensitive NSFW Pictures Leaked by Korean Teen Dating App

Permalink - Posted on 2021-01-11 17:00

The database appears to belong to the free Korean dating app 스윗톡, which may go by the name Sweet Tea, Sweet Talk or Sweet Chat. The database that discovered was related to “sweetchat”.


WhatsApp Group Chat Links Seen Again on Google Search

Permalink - Posted on 2021-01-11 17:00

New Delhi, Google has again indexed invite links to private WhatsApp group chats, meaning anyone can join various private chat groups with a simple search. WhatsApp is making several private groups available across the Web by indexing group chat invites, as their links can be accessed by anyone using a simple search on Google. Independent cybersecurity researcher Rajshekhar Rajaharia shared screenshots with IANS shows indexing of WhatsApp group chat invites on Google. Recently, WhatsApp faced a huge security crisis when over 4,000 links inviting people to join private groups had been indexed on Google, suggesting a massive data breach and enabled anyone to join these groups.


United Nations Data Breach Exposed Over 100k UNEP Staff Records

Permalink - Posted on 2021-01-11 17:00

Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of personally identifiable information (PII) associated with UNEP employees.


New Zealand's Central Bank says Its Systems Have Been Hacked

Permalink - Posted on 2021-01-11 17:00

New Zealand’s central bank says that one of its data systems has been breached by an unidentified hacker who potentially accessed commercially and personally sensitive information. A third-party file sharing service used by the Reserve Bank of New Zealand to share and store sensitive information was illegally accessed, the Wellington-based bank said in a statement.


Hacker Locks Internet-Connected Chastity Cage, Demands Ransom

Permalink - Posted on 2021-01-11 17:00

A victim who asked to be identified only as Robert said that he received a message from a hacker demanding a payment of 0.02 Bitcoin (around $750 today) to unlock the device. He realized his cage was definitely "locked," and he "could not gain access to it."


Dassault Falcon Jet Reports Data Breach After Ransomware Attack

Permalink - Posted on 2021-01-08 17:00

Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.


Ransomware Attack Costs Health Network $1.5 Million a Day

Permalink - Posted on 2021-01-08 17:00

The University of Vermont Health Network, which is based in Burlington, was hit by ransomware in October 2020, and is yet to make a full recovery. Most computer systems have been brought back online; however, some applications are still down, causing delays in various departments, including radiology.


Lake Region Healthcare Recovering from Ransomware Attack

Permalink - Posted on 2021-01-08 17:00

Lake Region Healthcare in Fergus Falls, Minnesota is investigating a ransomware attack that was first detected on December 22, 2020. The attack impacted several of the healthcare provider’s systems and caused some disruption to normal operations at its locations in Fergus Falls, Battle Lake, Ashby, and Barnesville.


Tasmania Police Called in After Ambulance Patient Details Published Online

Permalink - Posted on 2021-01-08 17:00

The private details of every Tasmanian who has called an ambulance since November last year have been published online by a third party in a list still updating each time paramedics are dispatched. The breach of Ambulance Tasmania's paging system has been described as "horrific" by the Health and Community Services Union, which has suggested the data dump could leave the Government open to litigation.


Ben-Gurion University Targeted by Cyber Attack

Permalink - Posted on 2021-01-08 17:00

A cyberattack targeted Ben-Gurion University of the Negev resulting in a breach in a number of its servers, the university announced on Wednesday. The attack was found during routine scans that were being conducted by the university along with the National Cyber Directorate.


Ryuk Ransomware Earns Over $150 Million for Cyber Gang

Permalink - Posted on 2021-01-07 17:00

In a joint report published today, threat intel company Advanced Intelligence and cybersecurity firm HYAS said they tracked payments to 61 Bitcoin addresses previously attributed and linked to Ryuk ransomware attacks. AdvIntel and HYAS say the extorted funds are gathered in holding accounts, passed to money laundering services, and are then either funneled back into the criminal market and used to pay for other criminal services or are cashed out at real cryptocurrency exchanges.


Data Analytics Company Settles with FTC Over Alleged Data Security Violations

Permalink - Posted on 2021-01-07 17:00

Ascension, a data analytics company serving the mortgage industry, recently settled with the Federal Trade Commission (FTC) over charges that it violated the Gramm-Leach-Bliley (GLB) Act Safeguards Rule, as well as its own policies, when it neglected to vet the data security practices of a service provider and require the vendor to adequately protect personal information of mortgage holders. While the settlement involves a financial institution subject to the GLB Act, it is instructive for all businesses that maintain consumers’ personal information and share it with third parties.


Two-Year Data Breach Hits Employees' Email at WTTW, WFMT

Permalink - Posted on 2021-01-07 17:00

Window to the World Communications, parent company of WTTW-Channel 11 and WFMT 98.7-FM, alerted employees this week to the discovery of a data breach in its computer system believed to have occurred over nearly a two-year period. Investigations by a law firm and forensic accounting firm determined that emails and personal information of approximately 40 staffers were hacked between December 2018 and August 2020. On Tuesday a company representative confirmed there was "unusual activity relating to an employee email account that may have impacted current and former employee information."


Facebook’s Mandatory Data-Sharing Rules for WhatsApp Spark Ire

Permalink - Posted on 2021-01-07 17:00

The move also comes at a time when Facebook is embroiled in twin antitrust suits filed by dozens of state and the federal government that call for the tech giant to be broken up due to exactly this type of activity. The lawsuits allege that the company has abused its dominance in the digital marketplace and engaged in anti-competitive behavior. Users, for their part, are less than pleased with the situation. The increasingly tight relationship between Facebook and WhatsApp already has seen a migration of users to other messaging services, including Telegram and Signal.


Data Stolen from London Council Published Online

Permalink - Posted on 2021-01-07 17:00

Sensitive data stolen from Hackney Council in the UK has allegedly been published online, three months after the ransomware attack on the local authority that took place last year. A cyber-criminal group called Pysa/Mespinoza has claimed it has published a range of information resulting from the incident on the dark web. This includes sensitive personal data of staff and residents, such as passport documents.


Over a Third of TMT Firms Hit by Security Breach in 2020

Permalink - Posted on 2021-01-07 17:00

Over a third of technology and media companies in the UK suffered a serious cyber-incident last year, according to new data from insurer Hiscox. The firm claimed that 34% of firms in the technology, media and telecoms (TMT) sector were caught out by a cyber-incident or breach in 2020, leading to a median loss of nearly $40,000.


Stolen Data of Over 10 Million Indian Consumers Up for Sale

Permalink - Posted on 2021-01-07 17:00

After hacking masked credit and debit card data of crores of Juspay users, the same hacker possibly known as 'ShinyHunters' is now selling databases belonging to three more Indian companies on Dark Web, independent cyber security researcher Rajshekhar Rajaharia claimed on Wednesday.


Poor Software Quality Costs U.S. $2.08tn

Permalink - Posted on 2021-01-06 17:00

Poor-quality software cost America over $2tn last year, according to a new report by the Consortium for Information & Software Quality (CISQ). The "Cost of Poor Software Quality in the US: A 2020 Report," which was co-sponsored by American software company Synopsys, found that the cost of poor software quality (CPSQ) in the US in 2020 was approximately $2.08tn. Researchers looked at poor software quality resulting from software failures, unsuccessful development projects, legacy system problems, technical debt, and cybercrime enabled by exploitable weaknesses and vulnerabilities in software. Operational software failure was determined to be the leading driver of the total CPSQ. CISQ estimated the cost of operational software failure in the US in 2020 as $1.56tn, a figure that has increased 22% since 2018.


British Airways Plans £3bn Breach Settlement

Permalink - Posted on 2021-01-06 17:00

The UK's flag-carrier airline is planning to begin settlement discussions that could see customers who became the victims of a data breach receive a compensation payout of up to £3bn. British Airways customers were impacted by two data breaches in 2018. Between April and July 2018, some 185,000 British Airways reward-booking customers were notified that their personal information and financial details had been compromised, while a further 380,000 users of the airline’s app and website had their information exposed between August and September 2018. Data compromised in the breaches included customer names, billing addresses, and email addresses. Payment card information, including card numbers, expiry dates, and—in tens of thousands of cases—the CVV security code, was also exposed. No passport details were stolen.


Nissan Source Code Leaked Online After Git Repo Misconfiguration

Permalink - Posted on 2021-01-06 17:00

The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers.


WhatsApp: Share Your Data with Facebook or Delete Your Account

Permalink - Posted on 2021-01-06 17:00

After WhatsApp updated its Privacy Policy and Terms of Service on Monday with additional info on how it handles users' data, the company is now notifying users through the mobile app that, starting February, they will be required to share their data with Facebook.


Aurora Cannabis Breach Exposes Personal Data of Former, Current Workers

Permalink - Posted on 2021-01-06 17:00

A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company’s current and former employees, Marijuana Business Daily has learned. An email sent to a victim of the data breach cites a Dec. 25 “cybersecurity incident during which unauthorized parties accessed data in (Microsoft cloud software) SharePoint and OneDrive.” The email was shared with MJBizDaily. The victim, a former Aurora employee who was laid off in February, wasn’t notified of the breach until late in the evening of Dec. 31.


Ransomware Surge Drives 45% Increase in Healthcare Cyber Attacks

Permalink - Posted on 2021-01-05 18:00

Although the attacks span a variety of categories — including ransomware, botnets, remote code execution and DDoS — perhaps unsurprisingly, it is ransomware that displayed the largest increase overall and poses the biggest threat to HCOs, according to Check Point. Ryuk and Sodinokibi (REvil) were highlighted as the main culprits.


Indian government Sites Leaking Patient COVID-19 Test Results

Permalink - Posted on 2021-01-05 18:00

Websites of multiple Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online. These leaked lab reports which are being indexed by search engines expose patient data, and whether they tested positive for coronavirus.


Italy's Ho Mobile Has 2.5 Million Customers Violated in Data Breach

Permalink - Posted on 2021-01-05 18:00

Ho Mobile, an Italian mobile operator, owned by Vodafone, has confirmed a massive data breach on Monday and is now taking the rare step of offering to replace the SIM cards of all affected customers. The breach is believed to have impacted roughly 2.5 million customers. It first came to light last month on December 28 when a security analyst spotted the telco's database being offered for sale on a dark web forum.


Auto Parts Distributer NameSouth Has Data Leaked After Ransomware Attack

Permalink - Posted on 2021-01-05 17:00

A 3GB archive that purportedly belongs to NameSouth, a US-based auto parts shop, has been publicly leaked by the NetWalker ransomware group. NameSouth seems to be the latest victim of the ransomware gang that surfaced sometime in 2019. NetWalker’s targets range across multiple industries, with archives of stolen data from about a hundred victimized businesses publicly posted on the gang’s darknet website to date.


SolarWinds, Top Executives Hit with Class Action Lawsuit Over Orion Software Breach

Permalink - Posted on 2021-01-05 17:00

SolarWinds and some of its top executives have been hit with a class action lawsuit by stockholders, who allege the company lied and materially misled them about security practices leading up to a massive breach of its Orion management software that has reverberated throughout the public and private sector.


Over 250 Organizations Breached via SolarWinds Supply Chain Hack

Permalink - Posted on 2021-01-05 17:00

SolarWinds and others are trying to determine if SUPERNOVA, whose delivery involved exploitation of a zero-day vulnerability, is connected to SUNBURST. In its latest update, the company said it does “not have a definitive answer at this time” regarding SUNBURST and SUPERNOVA possibly being related.


Data from August Breach of Amazon Partner Juspay Dumped Online

Permalink - Posted on 2021-01-05 17:00

Researcher discovered info of 35 million credit-card users from an attack on the Indian startup, which handles payments for numerous online marketplaces.


Ticketmaster Coughs Up $10 Million Fine After Hacking Rival Business

Permalink - Posted on 2021-01-04 18:00

The American ticket sales and distribution giant, which is owned by Live Nation, in 2013 hired an employee who formerly worked for Ticketmaster’s rival company (reported by some outlets to be Songkick, a now-defunct company that offered concert pre-sale tickets), according to the Department of Justice (DoJ) last week. This co-conspirator illegally retained credentials from the rival firm, which he and other Ticketmaster executives then used to hack into the victim company’s systems. From there, they were able to monitor the company’s draft ticketing web pages, allowing them to find out which artists planned to use the rival company to sell tickets. They were also able to hack into and snoop on the company’s Artist Toolbox, a password-protected app that provides real-time data about ticket sales.


Apex Laboratory Says Patient Data Stolen in Ransomware Attack

Permalink - Posted on 2021-01-04 18:00

At-home laboratory services provider Apex Laboratory said hackers stole some patient data during a ransomware attack that took place several months ago.


South African Government to Replace Sassa Grant Cards After Security Breach

Permalink - Posted on 2021-01-04 18:00

Minister of Social Development Lindiwe Zulu says that government is in talks with stakeholders to replace South African Social Security Agency (Sassa) cards after a security breach, first reported in 2019. Responding to a written parliamentary Q&A in December, Zulu said that Sassa cards are actually bank cards issued by the South African Post Office (SAPO) on behalf of Postbank to approved applicants who choose to collect their social grants through the post office. Although Sassa does not manage the cards, she noted that it was a priority of the agency to intervene in instances of fraud or corruption.


100 Million Card Details Leaked to Dark Web in Juspay Data Breach</