Categories
APT Breach Bug Cyber Security Data leak Hacking Malware Phishing Ransomware Scam Vulnerability

Britain fines Marriott £18.4M for data breaches, Hacker allegedly steals $2.3M Trump reelection account, and more

Major cybersecurity events on 30th October 2020 (Evening Post): Information Commissioner’s Office fines Reliance Advisory Limited with £250,000 for making nuisance calls. DoppelPaymer leaks voter info stolen from Hall County, Georgia. Critical OpenEMR flaw allows hackers to access health records.

Round Up of Major Breaches and Scams

Britain Fines US Hotel Chain Marriott Over Data Breach

Britain’s data privacy watchdog on Friday said it has fined US hotels group Marriott over a data breach affecting millions of customers worldwide. The UK Information Commissioner’s Office said in a statement it fined Marriott £18.4 million ($23.5 million, 20.1 million euros) for breaches of data that included personal information such as passport numbers since March 2018. That was when new European Union data protection rules, or GDPR, came into effect.

NH: Info may be stolen in Salem computer attack

Town officials still offline after a cybersecurity breach last week recently learned attackers were able to access internal systems, according to Town Manager Chris Dillon. At about 3:15 a.m. on Oct. 21, the town became the victim of “a sophisticated cybersecurity attack involving ransomware,” Dillon said in a statement.

Wisconsin Republican Party says hackers stole $2.3M from Trump reelection account

Hackers stole $2.3 million from the Wisconsin Republican Party’s account that was being used to help reelect President Donald Trump in the key battleground state, the party’s chairman told The Associated Press on Thursday. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday, said Republican Party Chairman Andrew Hitt. Hitt said the FBI is investigating. FBI spokesman Leonard Peace did not immediately return a message seeking comment.

Cyberattack causes ‘significant’ UVM Health Network technology outage

The University of Vermont Health Network is experiencing a systemwide network disruption following a cyberattack Wednesday. Six hospitals throughout Vermont and northern New York are being affected by a “significant and ongoing system-wide network issue,” said spokesperson Neal Goswami. The group has not confirmed an exact timeline for restoring the system.

ICO Slaps £250,000 Fine on Another Nuisance Call Company

The Information Commissioner’s Office (ICO) has fined yet another company for making nuisance calls, as doubts grow over the regulator’s ability to actually collect the money owed to it. Over a six-month period from the beginning of 2019, Bury-based Reliance Advisory Limited (RAL) made over 15 million calls to individuals who had not requested them. They included mis-sold PPI and other claims management issues.

Round Up of Major Malware and Ransomware Incidents

50% Businesses Encountered 50 Malicious Bot Attacks Last Year: Report

A research from fraud prevention and identity trust services provider Kount revealed the current state of malicious bots and their impact on businesses. The “2020 Bot Landscape and Impact Report” highlighted how businesses are using good bots against malicious bots. The evolving bots are becoming difficult to detect and block, with traditional solutions relying on blunt force protection, perimeter security, web access firewalls, and content delivery networks.

DoppelPaymer ransomware gang leaked Hall County, Georgia, voter info

The DoppelPaymer ransomware operators have released data that was stolen from Hall County, Georgia earlier this month. The DoppelPaymer ransomware operators have published online data that was stolen from Hall County, Georgia earlier this month. The attack took place on October 7, it hit Hall County, in the northern part of the state and it disabled the county’s voter signature database. The ransomware attack hit a Georgia county government and disabled a database used to verify voter signatures in the authentication of absentee ballots. It is a common process to validate absentee ballots sent by mail by analyzing signatures.

Round Up of Major Vulnerabilities and Patches

Microsoft driver update change may break Windows 10 plug-and-play

Upcoming changes to how Windows 10 automatically installs driver updates may cause plug-and-play to break for some devices. In February 2020, as part of the new optional update experience, Microsoft allowed hardware developers to mark submitted drivers as either ‘Automatic’ or ‘Manual.’ Drivers marked as ‘Automatic’ are automatically installed by Windows 10 when an associated device is plugged into a computer for the first time.

Critical OpenEMR Vulnerabilities Give Hackers Remote Access to Health Records

Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure. OpenEMR is an open source management software designed for healthcare organizations. The free application is highly popular and it provides a wide range of features for managing health records and medical practices. Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.