Round Up of Major Breaches and Scams
The Blackbaud ransomware incident disclosed on July 16 will likely end up being the largest or one of the largest breaches of the year involving patient information. I’ve been reading disclosures from dozens of entities and have compiled a list of those Blackbaud clients whose disclosures state or suggest that Blackbaud had been storing some patient-related information as part of their files with them.
Through this new venture, users will now be able to reclaim that had been unwittingly marked as spam or phishing by EOP. EOP- a cloud-based filtering service that scans messages and restricts malicious emails like spams, phishing emails, malware attachments from reaching to the end-user. “We understand that managing false positives is important to ensuring an email is delivered appropriately, and in the past, end-users weren’t granted access to the quarantine to view messages,” Microsoft debriefs on the new feature.
A misconfigured Elasticsearch server is responsible for exposing the personal details of a large number of Razer customers. The IT security researchers Volodymyr “Bob” Diachenko identified a security lapse at Razer Inc., a globally operating gaming hardware manufacturer, which led to the exposure of the private data of nearly 100,000 customers of Razer. It is unclear exactly how many customers were impacted by the unfortunate configuration mishap. Diachenko claims that his assumption that roughly 100,000 customers are affected is based on the number of exposed email IDs.
Crooks are using the July 15th’s cyberattack on Twitter to carry out phishing scam designed to steal the login credentials of unsuspected users. Twitter for the past year or so has been constantly embroiled in a range of controversies. Earlier this month Indian Prime Minister Modi’s personal yet verified Twitter account was hacked while in July, we saw how 130 accounts of high profile individuals were hacked resulting in attackers siphoning large amounts of cryptocurrencies from innocent users.
The Russia-linked threat group known as APT28 has changed up its tactics to include Office 365 password-cracking and credential-harvesting. Microsoft researchers have tied APT28 (a.k.a. Strontium, Sofacy or Fancy Bear) to this newly uncovered pattern of O365 activity, which began in April and is ongoing. The attacks have been aimed mainly at U.S. and U.K. organizations directly involved in political elections.
Round Up of Major Malware and Ransomware Incidents
Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world. A team of researchers at Temple University in Philadelphia has presented a project named CIRWA (repository of critical infrastructure ransomware attacks) that aims at tracking ransomware attacks on critical infrastructure worldwide. The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013.
The Development Bank of Seychelles (DBS) was hit by ransomware according to a press statement published earlier today by the Central Bank of Seychelles (CBS). DBS was founded in 1977 as a joint venture by the Seychelles government and several other shareholders including the European Investment Bank, Standard Chartered Bank, Barclays Bank, Deutsche Investitions und Entwicklungsgesellschaft (DEG), and Caisse Francaise de Cooperation.
Cyber-criminals who launched a ransomware attack on a US court have published what they claim are stolen court documents online. Attackers claim to have successfully targeted the Fourth Judicial District Court of Louisiana with a ransomware strain known as Conti, first detected in the wild in December 2019. The malware has been observed to use the same ransom note deployed by the Ryuk crypto-malware family, and code similarities have been spotted between the two ransomware strains.
Round Up of Major Vulnerabilities and Patches
Video conferencing and web communication provider Zoom has announced two-factor authentication to enhance user protection by adding an extra layer of security. Zoom reportedly facilitates over 300 million participants every day which makes it a rather lucrative target for hackers. Several have already attacked Zoom users through phishing campaigns in order to access user credentials. Zoom via a blog post, explains that the users can now enable two-factor authentication which will require them to present two or more credentials in the form of a password or pin to authenticate the ownership of their accounts.
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. More than 100,000 WordPress websites are affected by a high-severity flaw in a plugin that assists websites in sending out emails and newsletters to subscribers. The vulnerability exists in the Email Subscribers & Newsletters plugin by Icegram, which enables users to collect leads, send automated new blog post notification emails. A remote, unauthenticated attacker can exploit the flaw to send forged emails to all recipients from the available lists of contacts or subscribers.
An online database left exposed online without a password has leaked the personal details of hundreds of thousands of users who signed up for online dating sites. The leaky database, an Elasticsearch server, was discovered at the end of August by security researchers from vpnMentor. The database was taken offline on September 3 after vpnMentor tracked down its owner in Mailfire, a company that provides online marketing tools.