Bill Toulas reports: A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign’s goal is to breach corporate accounts to conduct BEC (business email compromise) attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign’s…
Category: Phishing
DeBridge Team Foils Possible Lazarus Group Cyberattack
Tom Carreras reports: North Korean hacking syndicate Lazarus Group is thought to be behind a failed cyberattack on deBridge Finance yesterday. […] According to Smirnov, several members of the deBridge team received emails yesterday with PDFs attached to them entitled “New Salary Adjustments.” Downloading the file and submitting password information would have unleashed a data-collecting…
Methodist Hospitals data breach $425K class action settlement
Top Class Actions reports a settlement in a lawsuit stemming from a 2019 phishing incident that reportedly impacted or potentially impacted 68,039 patients: The Methodist Hospitals Inc. has agreed to pay up to $425,00 to settle a class action lawsuit that alleges it failed to adequately protect patients’ personal information from being exposed in a…
BJC HealthCare settles class action litigation
In May 2020, DataBreaches noted that BJC Healthcare in Missouri was alerting patients to a data breach. The breach had first been discovered on March 6, shortly after three employee email accounts were compromised. At the time of notification, BJC Healthcare reported that investigators were unable to determine if any emails or attachments had actually…
‘Callback’ Phishing Campaign Impersonates Security Firms
Elizabeth Montalbano reports: A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the companies, among other security firms, being impersonated, they said in…
Don’t Put All Your Eggs in the Silent-Cyber Basket
William P. Sowers Jr. and Michael S. Levine of Hunton Andrews Kurth write: The Eastern District of Pennsylvania recently gave another reminder why cyber insurance should be part of any comprehensive insurance portfolio. In Construction Financial Administration Services, LLC v. Federal Insurance Company, No. 19-0020 (E.D. Pa. June 9, 2022), the court rejected a policyholder’s attempt…