Round Up of Major Breaches and Scams
Britain’s data privacy watchdog on Friday said it has fined US hotels group Marriott over a data breach affecting millions of customers worldwide. The UK Information Commissioner’s Office said in a statement it fined Marriott £18.4 million ($23.5 million, 20.1 million euros) for breaches of data that included personal information such as passport numbers since March 2018. That was when new European Union data protection rules, or GDPR, came into effect.
Town officials still offline after a cybersecurity breach last week recently learned attackers were able to access internal systems, according to Town Manager Chris Dillon. At about 3:15 a.m. on Oct. 21, the town became the victim of “a sophisticated cybersecurity attack involving ransomware,” Dillon said in a statement.
Hackers stole $2.3 million from the Wisconsin Republican Party’s account that was being used to help reelect President Donald Trump in the key battleground state, the party’s chairman told The Associated Press on Thursday. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday, said Republican Party Chairman Andrew Hitt. Hitt said the FBI is investigating. FBI spokesman Leonard Peace did not immediately return a message seeking comment.
The University of Vermont Health Network is experiencing a systemwide network disruption following a cyberattack Wednesday. Six hospitals throughout Vermont and northern New York are being affected by a “significant and ongoing system-wide network issue,” said spokesperson Neal Goswami. The group has not confirmed an exact timeline for restoring the system.
The Information Commissioner’s Office (ICO) has fined yet another company for making nuisance calls, as doubts grow over the regulator’s ability to actually collect the money owed to it. Over a six-month period from the beginning of 2019, Bury-based Reliance Advisory Limited (RAL) made over 15 million calls to individuals who had not requested them. They included mis-sold PPI and other claims management issues.
Round Up of Major Malware and Ransomware Incidents
A research from fraud prevention and identity trust services provider Kount revealed the current state of malicious bots and their impact on businesses. The “2020 Bot Landscape and Impact Report” highlighted how businesses are using good bots against malicious bots. The evolving bots are becoming difficult to detect and block, with traditional solutions relying on blunt force protection, perimeter security, web access firewalls, and content delivery networks.
The DoppelPaymer ransomware operators have released data that was stolen from Hall County, Georgia earlier this month. The DoppelPaymer ransomware operators have published online data that was stolen from Hall County, Georgia earlier this month. The attack took place on October 7, it hit Hall County, in the northern part of the state and it disabled the county’s voter signature database. The ransomware attack hit a Georgia county government and disabled a database used to verify voter signatures in the authentication of absentee ballots. It is a common process to validate absentee ballots sent by mail by analyzing signatures.
Round Up of Major Vulnerabilities and Patches
Upcoming changes to how Windows 10 automatically installs driver updates may cause plug-and-play to break for some devices. In February 2020, as part of the new optional update experience, Microsoft allowed hardware developers to mark submitted drivers as either ‘Automatic’ or ‘Manual.’ Drivers marked as ‘Automatic’ are automatically installed by Windows 10 when an associated device is plugged into a computer for the first time.
Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure. OpenEMR is an open source management software designed for healthcare organizations. The free application is highly popular and it provides a wide range of features for managing health records and medical practices. Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.