PC PORTAL

Experienced. Trusted. Solutions.

data breach

By

Cyber News Rundown: Flash Banned from Windows

Reading Time: ~ 2 min.

Adobe Flash Being Uninstalled on Windows Systems

Following its September announcement, Microsoft has released an update that removes Adobe Flash from Windows 10 systems and prevents reinstallation. It should be noted that this update only removes the version of Adobe Flash that comes bundled with Windows 10. Internet browser extensions and stand-alone installs of the software will remain unaffected by this update. Should the user want to re-install Adobe Flash on an updated system, they must either revert to a point prior to the update or perform a fresh install of Windows 10.

Gunnebo Suffers Critical Data Breach

Officials for Gunnebo, a Swedish security firm, have revealed that they were victims of a data breach in August. Researchers also discovered an 18GB file confirmed to contain customer information stolen from Gunnebo. The compromised data was uploaded to a public server after Gunnebo refused to pay a ransom, exposing roughly 38,000 sensitive files.

Finnish Health Center Hacked

It was recently revealed that the Finnish psychotherapy center Vastaamo suffered a ransomware attack that compromised highly sensitive patient data belonging to thousands of individuals. After refusing to pay a 40 Bitcoin ransom, the attackers began publishing the stolen data on the dark web. While officials have yet to determine when the breach occurred, they have been contacting victims about the stolen data since October 21.

Customer Accounts at UK Restaurant Chain Breached

Recent technology changes at restaurants and other public establishments like touchless methods of interaction have left UK restaurants open major security flaws. One such flaw has been exploited at UK restaurant chain Nando’s, with several customer accounts affected. By accessing previous account logins and using credentials that were stolen in prior cyberattacks, hackers have been able to create fraudulent orders. The company has since confirmed that, though they themselves weren’t the target of the breach, they will compensate any customers who are fraudulently charged.

Ryuk Suspected in Major Steelcase Attack

International furniture maker Steelcase was forced to take its systems offline following a ransomware attack that began late last week. It is believed that the attack used the highly active ransomware variant, Ryuk, though this has yet to be confirmed by Steelcase. By shutting down the remaining unaffected systems, Steelcase hopes it was able to stop the spread of encryption before irreparable damage was caused.

The post Cyber News Rundown: Flash Banned from Windows appeared first on Webroot Blog.

By

Cyber News Rundown: COVID-related Attacks Target Canadian Companies

Reading Time: ~ 2 min.

New Jersey Hospital Pays Massive Ransom

Officials have decided to pay roughly $670,000 in ransom following a ransomware attack on the University Hospital in New Jersey. The hospital was likely forced into this decision after being unable to restore from backups the 240GB of data stolen in the attack on their systems. It’s not entirely clear what information was stolen, but given the haste of payment it was likely highly sensitive patient data.

COVID-Related Cyberattacks Target Canadian Companies

A recent survey revealed that over 25% of all Canadian business organizations had been targeted by a COVID-19-themed cyberattack since the beginning of the year. Most of the organizations surveyed also reported seeing a significant rise in overall cyberattacks since the pandemic began. Worrisome findings also revealed that 38% of organizations surveyed were unsure if they had fallen victim to any type of cyberattack, which could mean the amount of customer information for sale on black markets could be significantly higher.

Boom! Mobile Website Compromised

Customer data has been compromised for users of the Boom! Mobile website, which was infiltrated by malicious JavaScript. It’s still unclear how the unauthorized code got onto the site or how long was active. Officials for the mobile company have confirmed they do not store payment card data and that no Boom! Mobile accounts were compromised.

Major Ransomware Attacks Increase Through Q3

Researchers have reported a massive increase in ransomware attacks in Q3 of 2020, with the Maze group being responsible for 12% of all attacks. They also reported that Ryuk ransomware variants were responsible for an average of 20 attacks per week. With the ongoing neglect of cybersecurity in major corporations, ransomware attacks will likely continue as long as their authors find them profitable.

Chicago Food Delivery Service Stricken with Data Breach

Nearly 800,000 customer records were compromised following a data breach at ChowBus, a Chicago-based food delivery service. With roughly 440,000 unique email addresses exposed, many individuals are now more susceptible to additional phishing attacks or identity theft. Fortunately, however, ChowBus does not store payment card information on its site.

The post Cyber News Rundown: COVID-related Attacks Target Canadian Companies appeared first on Webroot Blog.

By

Cyber News Rundown: ATM Jackpotting Attacks Rise

Reading Time: ~ 2 min.

ATM Jackpotting Attacks on the Rise

ATM manufacturer Diebold Nixdorf has identified a malicious campaign that uses proprietary software to “jackpot” the machines. The attack requires malicious actors to breach the ATM manually and then use the software to force the machine to dispense cash at a rapid rate, known within the industry as jackpotting. While these attacks don’t seem to affect customer data or finances, the company is unsure how the attackers obtained the proprietary software used in the scam.

Ransomware Locks Down Telecom Argentina

Telecom Argentina is being extorted for over $7.5 million following a ransomware attack last week. The hacker group REvil is believed to be behind the attack, which may mean the stolen data is set to be posted on the group’s auction site. Officials are still unsure of how the intrusion occurred, but it’s likely to have stemmed from a compromised remote access point.

Maryland Health Services Breach Affects Thousands

More than 40,000 individuals may have had personal information leaked after a ransomware attack on Lorien Health Services in Maryland. The breach was discovered in June, but after the healthcare provider refused to pay the ransom the hackers began publishing the stolen data, which includes Social Security Numbers and other highly sensitive information. Lorien was quick to notify affected clients and had begun offering credit monitoring services to those affected within two days of the attack being confirmed.

University of York Data Breach

The University of York in the UK has learned of a data breach that occurred in May and could affect a considerable number of students and staff. The breach itself was enabled by a third-party service provider and contained personally identifiable information on an unknown number of victims. While there is little the university can do to contain this type of attack, it comes as another reminder of the importance of supply chain data security and the knock-on effect of such attacks.

Meow Attacks Target Vulnerable Databases

Dozens of unsecured databases from Elasticsearch and MongoDB were wiped in a new malicious campaign that seems to attack indiscriminately. Discovered within the last week, the Meow attacks as they’re known appear to use an automated script to overwrite any data in vulnerable databases and destroy any remaining data. This string of attacks may encourage stronger security policies among previously lax database administrators, but the lesson is costly for affected businesses.

The post Cyber News Rundown: ATM Jackpotting Attacks Rise appeared first on Webroot Blog.

By

Cyber News Rundown: Bank of America Breach Reveals PPP Info

Reading Time: ~ 2 min.

Bank of America Breach Reveals PPP Information

After processing over 300,000 Paycheck Protection Program applications, Bank of America has revealed that a data breach occurred within the U.S. Small Business Administration’s program that allowed all other SBA-authorized lenders to view highly sensitive data. The data includes tax information and social security numbers relating to both businesses and their owners and could have extremely devastating effects in the wrong hands. Fortunately, the SBA secured the compromised data within a day of being notified and Bank of America has reached out to affected customers offering of two years of identity theft protection. null

Bank of Costa Rica Suffers Data Breach

Threat actors working for the Maze group recently claimed to have belonging to millions of Bank of Costa Rica customer accounts, a claim that was quickly refuted by the bank itself. Within a week, Maze began publishing proof of their bounty and promised to continue posting records if the bank fails to improve their current security. Maze also claimed to have accessed the bank’s systems on multiple occasions to determine if security had improved but chose not to encrypt their systems as the second breach occurred during the COVID-19 pandemic.

Old LiveJournal Breach Data Re-emerges

Researchers have been looking into a recent data dump that appears to have originated from the 2014 LiveJournal breach and contains over 33 million records up to 2017. It is hard to precisely date the breach, as LiveJournal is a Russian-owned journaling service and never reported it, though many LiveJournal users were targeted in a past spam extortion email campaign. More recently, users of Dreamwidth, which shares the LiveJournal codebase, has seen reports of compromised accounts.

Turla Hackers Grabbing Antivirus Logs to Check for Detection

One of the largest state-sponsored hacker groups, Turla, has turned their attention to accessing antivirus logs on infected systems to determine if their malicious activity has been discovered. With the use of ComRAT V1 (and later versions), Turla has been gaining highly sensitive information from major national organizations for over a decade and continues to improve on their methods. By viewing the logs created by local antivirus software, the attackers can adjust more quickly to avoid future detections.

New COVID-19 Tracker Drops [F]Unicorn Ransomware

The latest to capitalize on the public’s pandemic fears, a new fake COVID-19 tracing app has been targeting systems in Italy by dropping a new ransomware variant dubbed [F]Unicorn. The malicious payload comes disguised as a file from the Italian Pharmacist Federation. It then directs the victim to a beta version of the yet-to-be-released Immuni tracing app, showing a fake tracing dashboard as the encryption process begins. The ransomware demands a 300-Euro payment but displays an invalid email address, so users would be unable to prove payment to the attackers even if they choose to pay.

The post Cyber News Rundown: Bank of America Breach Reveals PPP Info appeared first on Webroot Blog.

By

Cyber News Rundown: WHO Under Cyberattack

Reading Time: ~ 2 min.

World Health Organization Sees Rise in Cyberattacks

Officials for the World Health Organization (WHO) have announced that many of their sites and servers have been under attack by unsuccessful hackers trying to capitalize on the latest health scare. The attack stemmed from the use of several malicious domains that attempted to gain sensitive information and credentials from WHO employees. Thousands of other malicious domains have been created over the last few weeks to exploit the uninformed victims of the Coronavirus outbreak.

TrickBot Sidesteps 2FA on Mobile Banking Apps

The creators of TrickBot have developed a new mobile app called TrickMo, that can silently circumvent two-factor authentication that is used by various mobile banking apps. The malicious app is used mainly to intercept authentication tokens, once it is installed on the victim’s device. Currently, the TrickMo app is targeting German individuals and using the name “Security Control” to disguise any ulterior motives, and even sets itself as the default SMS app, in order to steal additional information.

Google Play Finds 56 New Malicious Apps

Over 56 new malicious apps have been spotted on the Google Play store, with a combined 1.7 million installations on devices across the globe. To make matters worse, a large portion of the apps were targeted specifically at children and used native Android functionality to imitate typical user actions to boost ad revenue. Many of the apps took extreme measures to avoid being uninstalled by the users, though Google itself has since removed all of the related apps from the Play Store.

Fake Coronavirus Vaccine Sites Shutdown

A website offering fake Coronavirus vaccine kits that were claiming to be approved by the WHO has been shutdown following a ruling by a federal court. The operator of the site has been accused of committing fraud and the hosting service has received a restraining order to stop public access to the site. The site in question, “coronavirusmedicalkit.com” offered the fake kits with users only paying for shipping and entering their payment card data.

Tupperware Website Breached

The main website for Tupperware was recently hacked and used to host Magecart code to steal payment card information. The malicious code was first discovered at the end of last week, but was still active nearly a week later, even after multiple attempts to contact the company. Magecart has been a wide-spread issue for online retailers over the last couple years, and still maintains a large presence due to their ease of use and continuing success.

The post Cyber News Rundown: WHO Under Cyberattack appeared first on Webroot Blog.