Round Up of Major Breaches and Scams
The city council systems for the London Borough of Hackney have been hit with a ‘serious’ cyberattack that impacts many of their services and IT systems. Not much is known about the attack, but in a press release to the borough’s website, Mayor Philip Glanville stated that it was the Hackney Borough Council’s IT systems that had suffered the attack. “Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems.”
The Dutch data protection authority AP is investigating whether health service GGD is complying with privacy rules with its coronavirus test line, the call center where Netherlands residents can book a Covid-19 test and which calls with their results. This follows stories of former employees still having access to personal data, even after they left the call center, Trouw reports.
The public is learning more about some employees at Hennepin HealthCare who were fired for accessing George Floyd’s medical information when they weren’t supposed to. An attorney for Floyd’s family was notified last month that his medical records were accessed multiple times by employees at the hospital, violating Floyd’s medical privacy and leading to the firing of several employees.
Security experts are warning of a deluge of phishing activity designed to capitalize on a major Amazon promotional event taking place this week. Amazon Prime Day is said to be bigger for the e-commerce giant than Black Friday and Cyber Monday combined. That makes it a lucrative target for scammers looking to mimic the Amazon brand in order to trick unwitting shoppers into divulging sensitive personal and financial information.
Round Up of Major Malware and Ransomware Incidents
Digital attackers incorporated a fake Windows Defender Antivirus theme into a malicious document in order to distribute QBot malware. According to Bleeping Computer, the QBot gang began using a new template for their email attack campaigns’ malicious documents beginning on August 25, 2020. The template adopted the disguise of a Windows Defender Antivirus alert in order to convince the recipient that the malicious document was actually a legitimate email attachment.
A report from global investigations firm Kroll revealed that ransomware attacks were the most observed security threats in 2020, accounting to one-third of all cyberattacks as of September 1, 2020. It highlighted that the impact of rising ransomware attacks on organizations globally of all sizes and sectors, with IT, professional services, telecoms, and health care sectors being the most targeted and affected.
Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw LLP is an international AmLaw 100 law firm headquartered in Chicago, Illinois, its clients include over 300 of the Fortune 500 companies, and its practice reflects virtually every industry and segment of the economy. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm.
A coalition compromising of ESET, Microsoft, FS-ISAC, NTT, Lumen Black Lotus Labs and Symantec managed to disrupt Trickbot botnet, one of the main vectors of ransomware distribution worldwide. The efforts were made possible due to a court order obtained by Microsoft, as well as technical actions which were made in partnership with various telecoms operators globally. These efforts resulted in the key infrastructure that the operators of Trickbot use being cut off.
Round Up of Major Vulnerabilities and Patches
Virtual appliances are a popular way for software vendors to distribute their products to enterprise customers as they contain all the necessary pre-configured software stacks their applications need to function and can be deployed in public clouds or private data centers with ease. Unfortunately, enterprises are at risk of deploying images that are vulnerable out-of-the-box according to a new study. It found that many vendors, including well-established ones, do a poor job of patching flaws and updating the software components in their virtual appliances.
Members of the Five Eyes intelligence alliance once again call for tech firms to engineer backdoors into end-to-end and device encryption. States of the Five Eyes intelligence alliance (US, UK, Canada, Australia, and New Zealand), plus Japan and India, once again call for tech firms to implement backdoors into end-to-end and device encryption. “We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security,” reads the joint “International Statement.”
Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges. The flaws could allow unprivileged Windows users to run code with SYSTEM privileges, a vulnerability note from the CERT Coordination Center (CERT/CC) reveals. Tracked as CVE-2020-10138 (CVSS score 8.1), the first of the bugs affects Acronis Cyber Backup 12.5 and Cyber Protect 15.”