On January 30, the Meadville Tribune reported that Meadville Medical Center was investigating what appeared to be an attack on the employee payroll system. No patient data was believed to have been impacted. On March 26, however, and only days after furloughing hundreds of employees due to the decreased volume of patients coming to the…
Month: April 2020
Applications Software Technology LLC notifies employees of W-2 data breach
Remember the “good old days” when we were most worried about phishing or BEC attacks to get employees’ W-2 data for tax refund fraud scams? Have you seen any reports like that recently? I just realized that I haven’t when I saw one in the news today. Bill Toulas reports: “AST LLC” has announced a data…
Nemty ransomware operation shuts down
Catalin Cimpanu reports: The operators of the Nemty ransomware have announced this week they were shutting down their service after ten months in operation, ZDNet has learned from a source in the infosec community. […] But in an update posted on a dedicated topic on the Exploit hacking forum, the Nemty operator announced yesterday they…
New York State Investigates Network Hack
Scott Ferguson reports: In January, hackers compromised portions of the New York state government’s computer network by taking advantage of an unpatched vulnerability in Citrix enterprise software, according to the Wall Street Journal. While the New York State Office of Information Technology Services discovered the hacking incident on Jan. 28, officials did not disclose the breach…
RagnarLocker ransomware hits EDP energy giant, asks for €10M
Sergiu Gatlan reports: Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind…
You’re One Misconfiguration Away from a Cloud-Based Data Breach
Suresh Kasinathan writes: Not all instances of data exposure in the cloud are the product of malicious intentions from either internal or external actors. In its “2019 Data Breach Investigations Report” (DBIR), for instance, Verizon Enterprise showed that errors constituted one of the top causes in the data breaches it examined. Verizon’s researchers attributed 21%…