Categories
APT Breach Bug Cyber Security Data leak Hacking Malware Ransomware Scam Vulnerability

Amazon terminates employees over data lake, Fragomen data breach exposes Google employee’s data, and more

Major cybersecurity events on 27th October 2020 (Evening Post): Threat actor responsible for stealing $24 million worth cryptocurrency assets of Harvest Finance, identified. NetWalker group gives the Enel Group 7 days to pay the ransom, get back 4.54 TB of stolen data.

Round Up of Major Breaches and Scams

Some Ballot Requests May Be Affected by County Cyber Attack

A hacker attack against an upstate New York county’s computer system raised concern that some emailed absentee ballot applications may not be processed, but the state Board of Elections said voting won’t be affected overall. The cyber attack on Oct. 18 encrypted about 200 computers operated by Chenango County and hackers demanded ransom of $450 per computer to unlock the files, Herman Ericksen, the county’s information technology director, said Monday. “We are not paying the ransom,” he said.

Amazon sacks insiders over data leak, alerts customers

Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies. The company has sent out an email announcement to affected customers following the incident. Over the weekend, reports emerged on Twitter of multiple Amazon customers perplexed by the email alerts being sent out by the company describing the data leak.

Fragomen law firm data breach exposed Google employee’s data

Immigration law firm Fragomen has disclosed a data breach that exposed current and former Google employees’ personal information. Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP, one of the most prominent US law firms covering immigration law, disclosed a data breach. The security breach exposed current and former Google employees’ personal information after an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services.

Swedish Authorities, Banks Hit by Security Data Leak

Details of bank vault floor plans, alarm systems and the security arrangements for Swedish authorities have been leaked online after a security company was hacked, local media reported Tuesday. A total of 19 gigabytes of information and around 38,000 files were stolen from security group Gunnebo by one or more hackers in August, according to newspaper Dagens Nyheter. “It’s of course unfortunate that we’ve had a theft of data,” Gunnebo CEO Stefan Syren was quoted as telling the paper.

Cyber Espionage Detection Firm Strider Technologies Raises $10 Million

Strider Technologies, a company that provides solutions for combating cyber-espionage, on Tuesday announced that it raised $10 million in Series A funding. To date, the startup has raised $12 million. Founded in May 2019, the Washington DC-based security firm provides organizations with tools designed to keep their intellectual property and personnel secure from cyber-espionage, including the activities of nation-states.

Hacker was identified after the theft of $24 million from Harvest Finance

A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance. A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield (APY) returns. The hack took place earlier today and was almost immediately confirmed by Harvest Finance administrators in messages posted on the company’s Twitter account and Discord channel.

Round Up of Major Malware and Ransomware Incidents

Hackers Are Holding Psychotherapy Data Ransom

Finnish police announced on Thursday that the personal data of tens of thousands of citizens had been compromised in a data breach of one of the country’s largest psychotherapy centers. The hackers are now demanding 450,000 euros (~$530,000) in Bitcoin in exchange for not publishing the data, which according to Finnish National Broadcaster YLE, consists of patient names, telephone numbers, email addresses, and social security numbers, as well as sensitive mental health information, including notes from therapy sessions.

Enel Group, cyber attack: NetWalker is ready to publish the first data

The NetWalker Ransomware Group gives the Enel Group seven days to pay the ransom and get back 4.54 TB of data stolen during the cyber attack last June. In a note released in the hours following the June 7 cyber attack, the multinational said it had managed to isolate its corporate network and block the threat before the ransomware spread.

Red Canary enters cloud workload protection space

Red Canary has announced the launch of Red Canary Cloud Workload Protection, a cloud workload protection (CWP) solution that provides visibility and threat detection for security and DevOps teams. This new solution is purpose-built for cloud Linux workloads, focuses on runtime threat protection and response, and integrates seamlessly into DevOps workflows without sacrificing system performance and reliability.

Round Up of Major Vulnerabilities and Patches

Google Boots 21 Bogus Gaming Apps from Play Marketplace

Researchers have discovered a raft of malicious gaming apps on Google Play that come loaded with adware, signaling that the tech giant continues to struggle with keeping bad apps off its online marketplace. Twenty-one gaming ads discovered on Google packed with adware from the HiddenAds family were downloaded about 8 million times so far, according to new research Avast, which cited statistics from SensorTower on the number of downloads.

Flaws in Winston Privacy Devices Can Expose Networks to Remote Attacks

Researchers say they’ve uncovered a series of potentially serious vulnerabilities in devices made by online privacy firm Winston Privacy. The vendor has released patches that are automatically being sent to devices. Winston Privacy provides a hardware-based service designed to boost online privacy and security. The company says it can block online surveillance, accelerate browsing, and block ads and trackers, and it also advertises its services as an alternative to traditional VPNs.