On March 10, Kroger’s Healthy Options program, Postal Prescription Services (PPS), issued a statement about a privacy breach. According to their statement, some PPS patients’ names and email addresses were erroneously shared with the grocery side of Kroger’s business due to an internal error. Kroger doesn’t state when the breach first occurred, but they discovered…
Category: Breach Incidents
Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals
Robert Lemos reports: Companies in every industry continue to leave backup and storage platforms unsecured, with more than a dozen issues, including insecure network settings and unaddressed CVEs, affecting the average device. That leaves these repositories — often the first line of protection in the event of a ransomware attack — as sitting ducks for cybercriminals….
Oak Ridge malware attack: Police investigating as city offices remain closed
Donna Smith reports: As city of Oak Ridge employees continued to work offline because of a malware attack on the city’s computer network, officials announced Wednesday afternoon they are working with law enforcement to investigate the attack. When asked if foul play was suspected, city senior communications specialist Lauren Gray said an investigation is considered standard practice…
Uncovering the unheard: Researchers reveal inaudible remote cyber-attacks on voice assistant devices
UTSA reports: Guenevere Chen, an associate professor in the UTSA Department of Electrical and Computer Engineering, recently published a paper on USENIX Security 2023 that demonstrates a novel inaudible voice trojan attack to exploit vulnerabilities of smart device microphones and voice assistants — like Siri, Google Assistant, Alexa or Amazon’s Echo and Microsoft Cortana —…
Top of the World Ranch Treatment Center notifies patients after email account compromise
Top of the World Ranch Treatment Center in Illinois has disclosed that a November 17 compromise of a business email account resulted in protected health information being accessible to an attacker. The attack was detected quickly and shut down within hours, and the treatment center’s investigation could not determine if any data was exfiltrated during…
Everything old is new again… or did it just never stop? (1)
In June 2022, Christopher Cook reached out to IPFS: Hi @IPFS if someone sends a phishing email with an link to IPSF.io (sic) is that something that needs to be reported to your abuse team? If so, this is their link which is phishing for cpanel logins https://ipfs.io/ipfs/QmatpCGs1h4jCwAWcbUEFMMLrLjYi1Po3o29JWcCVxfszx — Christopher Cook (@webprofusion) June 7, 2022…