From the Office of the New York State Comptroller, this follow-up report on the New York State Education Department shows ongoing concerns that have not been addressed at all or only addressed partially: Issued: November 13, 2018 Link to full audit report 2018-F-17 Purpose To determine the extent of implementation of the two recommendations included…
Category: Of Note
New York Oncology Hematology notifying more than 128,400 employees and patients after phishing attack
Albany-based New York Oncology Hematology is notifying more than 128,400 employees and patients after discovering that 14 employees fell prey to phishing attacks in April. Although forensic invesgtigation did not find any clear evidence that attackers accessed employee or patient data in the employees’ email accounts, NYOH decided to notify everyone. As part of their web…
Russian APT comes back to life with new US spear-phishing campaign
Catalin Cimpanu reports: A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector. The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because…
UK: Hackers, 21 and 23, admit breaking into TalkTalk’s website in a huge data breach that cost the telecoms firm £77m in lost business
Darren Boyle reports: Two computer geeks hacked the website of telecoms giant TalkTalk in a massive data breach costing the company £77m in lost business, a court heard. Connor Allsopp, 21, and Matthew Hanley, 23, were behind the plot to steal thousands of customers’ personal and banking details in October 2015. TalkTalk was fined a…
HealthEquity, Inc. notifying 190,000 after two employee email accounts were hacked
Reading a notification that employee email accounts were hacked and customer or patient information may have been accessed is nothing particularly unusual these days. What is a bit surprising, however, is when a breached entity offers those affected five years worth of credit monitoring, remediation, and other services. And that’s exactly what HealthEquity, Inc. is doing….
A leaky database of SMS text messages exposed password resets and two-factor codes
Zack Whittaker reports: A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to…