A monetary penalty resulted from a misconfigured backup uncovered by Chris Vickery, who was then with Kromtech Security. It was reported publicly in April, 2017 by a number of outlets, including The Daily Dot. This was one of those cases where a vendor’s mistake turned out to be costly. The Commodity Futures Trading Commission (CFTC)…
Month: February 2018
Entergy notifies employees of W-2 breach involving TALX portal
So this is not a W-2 phishing situation, but TALX – a wholly-owned subsidiary of Equifax – is working with Entergy to notify former and current Entergy employees whose 2016 W-2 data may have been acquired by criminals from the TALX portal. In a letter to the New Hampshire Attorney General’s Office, counsel for TALX…
NC: Coastal Cape Fear Eye Associates notifies patients after ransomware attack
On February 1, Coastal Cape Fear Eye Associates in North Carolina notified HHS of a hacking incident that impacted 925 patients. Unlike many other ransomware reports where there is no clear evidence of PHI acquisition or compromise, in this incident, there was evidence of actual compromise, although no evidence of exfiltration. Here is the entity’s…
Aperio Group client account data breached by successful phishing attack
On January 30, Aperio informed advisors of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts. Aperio discovered the problem on January 11, 2018, and their investigation determined that all emails sent to those two accounts between…
One Plugin, Over 4,200 Victims – When Thousands of Government Websites Were Hijacked to Mine Monero
Rafia Shaikh reports: Thousands of websites around the world were targeted by cryptojackers over the weekend to mine Monero. The targets included websites run by the US and UK governments that were secretly hijacked by attackers to mine cryptocurrency using a compromised plugin, Browsealoud. Over 4,200 websites are in the victims list [link], including The City University of…
Ex-student suspect in Mississippi State University records tampering case
Therese Apel reports: According to Mississippi State University officials, one former student is the target of a search warrant in an investigation into university record tampering. MSU Chief Communications Officer Sid Salter told Logan Kirkland of the Starkville Daily News that the student graduated in December. The identity of the suspect and the nature of…