Categories
Breach Cyber Security Malware Ransomware Spyware Vulnerability

Cano Health advises patients of data breach, Hacker releases 14,000 taxpayer IDs, and more

Major cybersecurity events on 16th June 2020 (Morning Post): Author of databreaches.net claims to have notified onlinebloodbank of data breach, in 2019, to which they paid no heed. Indian human rights activists targeted with spyware. Consumer watchdog Which? warns of vulnerable security cameras.

Round Up of Major Breaches and Scams

12,000+ Indian blood donors’ PII and passwords leaked

“It’s happened before. In 2019, I reported on another onlinebloodbank that wouldn’t respond to notifications. I was therefore not surprised when eventually their data showed up on an online forum for sharing and selling databases. Has their data actually been misused by criminals? I do not know, but I would not be surprised if it had been at least misused for spam purposes.”

Cano Health Advises Patients Of Breach That Began Two Years Ago

Cano Health LLC is advising its patients of a privacy event that may have compromised certain personal information. The company recently learned on April 13, 2020 that three employee email accounts were accessed by an unknown perpetrator, and that messages from these accounts may have been forwarded to an outside email account without its knowledge.

Bizman files complaint against six staffers for Rs 40L data

Suresh Prajapati, 48, filed a complaint of theft against six employees working at his firm for stealing software, data and source code and selling it to other companies. A Ghodasar businessman having his software company in Jodhpur in Satellite has filed a complaint of cheating of Rs. 40 Lakhs against six of his employees for sale of software and related products to companies outside his knowledge.

Russian hacker releases at least 14,000 Mexican taxpayer IDs

Researchers at Lucy Security recently discovered that a Russian hacker named m1x breached a Mexican government web portal and three days later once the government refused to pay a ransom, publicly-released some 14,000 Mexican taxpayer ID numbers.

Mobile Threats Delivered by Adult Content Double

Threat actors hiding malware in adult content are targeting mobile users over those who turn to their PCs to get turned on. Research published by Kaspersky found that while PC threats masquerading as pornography fell by 40% in 2019, attacks on mobile users increased.  Kaspersky’s review of 2019 threat activity discovered that the number of mobile users attacked by threats disguised as pornographic content grew two-fold in 2019, reaching 42,973 users, compared to the 19,699 targeted in 2018.

Round Up of Major Malware and Ransomware Incidents

Electronic Waveform Lab reports ransomware incident

Electronic Waveform Lab, Inc. announced today it is notifying individuals of a ransomware incident that affected some of its servers that contained certain patient information. On April 11, 2020, Electronic Waveform Lab became aware of the ransomware incident affecting its computer servers. Electronic Waveform Lab immediately began an investigation, promptly notified law enforcement, and an outside forensic firm was engaged to assist.

Earth Empusa targets minority group with Android ActionSpy spyware

Researchers warn that the Earth Empusa (aka POISON CARP/Evil Eye) threat group is targeting the Uyghurs, a Turkic minority ethnic group originating from and culturally affiliated with the general region of Central and East Asia, with new Android spyware dubbed ActionSpy.

Research shows human rights activists in India were targeted with spyware

Human rights activists in India were targeted by a coordinated spyware campaign from January to October of 2019, according to research published Monday by Amnesty International and the University of Toronto’s Citizen Lab. Nine activists in total were targeted, eight of which have been calling for the release of 11 people jailed during protests related to the violent uprising in Bhima Koregaon, India in 2018.

Intel Adds Anti-Malware Protection in Tiger Lake CPUs

Intel’s upcoming class of mobile CPUs, code named “Tiger Lake,” will feature a long anticipated security layer, called Control-flow Enforcement Technology (CET), which aims to protect against common malware attacks. CET protects against attacks on processors’ control flow, which refers to the order in which different functions calls are executed.

Round Up of Major Vulnerabilities and Patches

Warning issued over hackable security cameras

Around 3.5 million security cameras installed in homes and offices mainly in Asia and Europe have serious vulnerabilities that expose the gadgets’ owners to the risk that attackers will spy on them, steal their data or target other devices on the same networks, the United Kingdom’s consumer watchdog Which? has warned.

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Researchers at cybersecurity firm Positive Technologies Security have discovered several vulnerabilities in communication protocol GPRS Tunnelling Protocol (GTP), that is used by mobile network operators (MNOs). Threat actors could exploit these flaws to conduct several malicious activities against 4G/5G users.