If this story doesn’t scare you, I don’t know what will. Joseph Cox reports: I didn’t expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received…
Category: Commentaries and Analyses
NY: Home care agency notifies more than 92,000 after ransomware attack
Back in January, Sodinokibi (REvil) threat actors added Preferred Home Care of New York to their dark web leak site. At the time, the threat actors did what they usually do — they posted a few screencaps as proof of access. The screencaps showed directories of folders and images of identity cards of people working…
Former Roswell Park nurse pleads guilty to tampering with a consumer product
Articles on breaches involving protected health information (PHI) often raise the specter of what could happen if a patient’s records were misused and the patient’s healthcare suffered as a result. Here’s a case where it reportedly happened. This case also raises some questions about access controls and the value of audits and follow-up on audits….
Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits
Lawrence Abrams reports: Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to…
Hackers Rushed in as Microsoft Raced to Avert Mass Cyber-Attack
Kartikay Mehrotra and Alyza Sebenius report that the timing of the attacks exploiting vulnerabilities in Microsoft Exchange right before Microsoft could push patches out has Microsoft considering whether there was some leak that alerted the hackers: Microsoft is now investigating the possibility of a leak that may have triggered these mass Exchange compromises ahead of…
Norway’s parliament hit by new hack attack
Reuters reports: Hackers have infiltrated the Norwegian Parliament’s computer systems and extracted data, officials said on Wednesday, just six months after a previous cyber attack was made public. The attack by unknown hackers was linked to a “vulnerability” in Microsoft’s Exchange software, the parliament said, adding that this was an “international problem”. Read more Reuters….