Is Ascension Health being targeted by attackers successfully acquiring employee e-mail account logins via phishing? (Update 2: It seems they are. See this post after reading the one below.) Zach Lozano reports that Seton Family of Hospitals will provide free identity monitoring and protection services for patients who had their personal information leaked in a phishing…
Category: Malware
Banks seek to block Target’s deal with MasterCard over data breach
Reuters reports: A group of small banks and credit unions suing Target Corp over its massive data breach in 2013 are moving to block the retailer’s proposed $19 million settlement with MasterCard Inc, calling it a “sweetheart deal” aimed at undercutting their own claims for losses. Lawyers for plaintiffs in the lawsuit, which seeks class-action…
IN: St. Vincent Medical Group notifies patients after successful phishing attempt compromises PHI
St. Vincent Medical Group in Indiana, a member of Ascension Health, has provided a substitute notice following an e-mail phishing incident. According to their notice, a copy of which is posted on their web site, on December 3, 2014, they learned that an employee’s user name and password had been compromised as a result of e-mail phishing….
CozyDuke hackers targeting prominent US targets
John Leyden reports: A newly discovered group of cyber-spies are closely targeting high profile US targets, possibly including both the White House and the State Department. The so-called CozyDuke hackers make extensive use of spear-phishing, sometimes using emails containing a link to a hacked (otherwise legitimate) websites such as “diplomacy.pl”. Read more on The Register.
The Bad News For Infosec In The Target Settlement: OpEd
Giora Engel of LightCyber writes: The legal argument behind the $10 million Class Action lawsuit and subsequent settlement is a gross misrepresentation of how attackers operate. Central to the recent Target data breach lawsuit settlement was the idea that cyber attacks are mechanistic and follow a prescribed course or chain of events. The judge hearing the case…
OS X Yosemite still open to Rootpipe backdoor, warns ex-NSA bod
Shaun Nichols reports: Apple’s attempt to fix a serious security weakness in OS X has fallen short, leaving users still vulnerable to malware hijacking their Macs, it is claimed. Patrick Wardle, director of research at Synack, reckons Cupertino has not been able to kill off the so-called “Rootpipe” backdoor that was supposed to be eradicated…