Round Up of Major Breaches and Scams
Chartered Professional Accountants of Canada (CPA) today disclosed that a cyberattack against the CPA Canada website allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders. CPA Canada is a national organization with more than 217,000 Chartered Professional Accountants as members and one of the largest national accounting bodies in the world.
Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) were victims of a data breach that took place in late April and mid-May, according to a statement released by the Commonwealth of Kentucky Personnel Cabinet on June 2. During the first attack, from April 21 to 27, 971 KEHP members accounts were accessed by a “bad actor” who used valid login information to infiltrate StayWell, a third-party vendor utilized by KEHP members for their well-being and incentive portal.
A tweet from Google’s threat analysis chief Shane Huntley said the internet giant warned the Biden campaign about “phishing” efforts from China and the Trump campaign from Iran. “No sign of compromise. We sent users our govt attack warning and we referred to fed law enforcement,” Huntley wrote.
Round Up of Major Malware and Ransomware Incidents
A new ransomware strain called Tycoon is seeking to wheel and deal its way into the Windows and Linux worlds, using a little-known Java image format as part of its kill chain. The ransomware is housed in a trojanized version of the Java Runtime Environment (JRE), according to researchers at BlackBerry Cylance, and has been around since December.
The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network. Conduent is a New Jersey, USA based business services firm with 67,000 employees and a 2019 business revenue of $4.47 billion.
Digital security and privacy company Avast has issued a warning after it discovered three VPN Apps, available on the Apple App Store, which it claimed are fraudulent and appear to be ‘fleeceware’ – apps that are not ‘malicious’ but do not provide the services they claim to and/or are sold at far higher prices than they should be.
Round Up of Major Vulnerabilities and Patches
According to WordPress security company Defiant, its firewall blocked more than 130 million attempts to collect database credentials from 1.3 million sites between May 29 and May 31. The number of requests peaked on May 30, when 75% of the total exploit attempts were observed by the company. After May 31, the attack volume dropped to what the firm usually sees.