Updating some HHS reports: First Choice Community Health Care reported its ransomware attack to HHS on August 1 as impacting 101,541 patients. BHG Holdings / Behavioral Health Group reported its breach to HHS on July 27 as impacting 197,507 patients. Elsewhere: California: A former owner of a T-Mobile retail store in Eagle Rock has been…
Category: Business Sector
Morocco court in favor of extraditing a French national alleged to be ShinyHunters member to US
French news wires report that Morocco’s Court of Cassation has issued an opinion favorable to extraditing French national Sebastien Raoult to the U.S. to face criminal charges related to alleged involvement in ShinyHunters. But the court’s opinion is not an extradition order and they do not have the final say on extradition. Raoult has been…
Twilio hacked by phishing campaign targeting internet companies
Carly Page reports: Communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The San Francisco-based company, which allows users to build voice and SMS capabilities — such as two-factor authentication (2FA) — into applications, said in a blog post published Monday that it became aware that someone gained…
New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
This site generally doesn’t cover or announce new types of ransomware, but this one targets the healthcare sector, so…. Bill Toulas reports: A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is…
Class Action Targets Experian Over Account Security
Brian Krebs reports: A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts…
Microsoft accounts targeted with new MFA-bypassing phishing kit
Bill Toulas reports: A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign’s goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign’s…