Round Up of Major Breaches and Scams
Highly sensitive employee data, including bank account details and home addresses, may have been breached after super-producer Banijay was the victim of what could be a major hack late last week. Banijay, the company behind global hits including MasterChef and Big Brother, had its IT systems compromised by a bad actor demanding a ransom, potentially exposing the personal information of hundreds, if not thousands of staff.
Home Depot has agreed to a $17.5 million settlement in a multi-state investigation of a data breach suffered by the company in 2014. Delaware Attorney-General Kathy Jennings announced the settlement on Tuesday, in which a total of 46 states, as well as the District of Columbia, have reached a resolution with the US retailer.
Cybercriminals looking to steal personal information are baiting U.S. citizens with emails purporting to be from government agencies offering federal assistance. The purpose of the phishing campaigns is to collect personal data that could be used for identity theft or usernames and passwords that could be used for credential stuffing attacks.
Three healthcare providers in Florida, Georgia, and New York are notifying patients that their protected health information may have been exposed in recent cyber-attacks involving ransoms. Warnings went out to patients of Advanced Urgent Care of the Florida Keys on November 6 regarding a ransomware attack that took place on March 1, 2020.
Round Up of Major Malware and Ransomware Incidents
Law In Order, an Australian supplier of document and digital services to law firms, suffered a ransomware infection over the weekend that is believed to be the Netwalker malware. After detecting the attack, Law In Order said it halted many of its business operations and called in cyber security advisers to assist in the investigation and incident response.
Security researchers are warning of a new malware family that currently targets mobile phone users to subscribe them silently to legitimate premium-rate services. Named WAPDropper, the malware is a multi-function dropper that can deliver second-stage malware and uses a machine learning solution to bypass image-based CAPTCHA challenges.