One of the many hacks this site reported on in 2021 was the attack on Vhive in Singapore by threat actors calling themselves ALTDOS. The attack resulted in what the threat actors claimed was hundreds of thousands of the furniture retailers’ customers having their personal information leaked when the firm refused to pay the attackers’…
Category: Hack
Central Florida Inpatient Medicine notifies 197,733 patients after employee email account compromised last year
Central Florida Inpatient Medicine (CFIM) is notifying 197,733 patients whose protected health information (PHI) was in an employee’s email account that was accessed by an unauthorized individual between August 21, 2021 and September 17, 2021. CFIM does not indicate when they first discovered that there had been a breach or how they first discovered it. …
Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
Sergiu Gatlan reports: Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. If successfully exploited, this OGNL injection vulnerability (CVE-2022-26134) enables unauthenticated attackers to take over unpatched servers remotely by creating new admin accounts…
Data breach lawsuits settle: UPMC vendor and a holding company for department stores
Two potential class action lawsuits involving data breaches have reportedly settled. One awaits final approval in October, but the other settlement is already final. University of Pittsburgh Medical Center data breach $450K class action settlement During April to June 2020, Charles J. Hilton PC (CJH), a firm hired by UPMC for billing services, allegedly suffered…
District 207 Approves Cybersecurity Contract In Wake Of Attempted Breach
Igor Studenkov reports: Maine Township High School Dist. 207 Board of Education voted unanimously on Monday (June 6) to award a one-year cybersecurity contract to the company that helped the district prevent a security breach a few weeks earlier. The district considered bids from seven vendors. When one of the bidders, Texas-based Crowdstrike, was demonstrating…
Defensive Cyber Attacks Declared Legal by UK AG, Path Cleared to “Hack Back” When Critical Infrastructure & Services Attacked
Scott Ikeda reports: The Attorney General of the United Kingdom has declared the country can make use of defensive cyber attacks when “key services” (such as critical infrastructure and banks) are struck by foreign threat actors. The country is taking a formal position on extending international law to the digital realm, something that nations have…