In 2019, DataBreaches reported that Solara Medical Supplies in California was notifying more than 110,000 patients after an attacker gained access to some employees’ email accounts via phishing. Solara was subsequently sued and settled claims for $9.76 million. Now today, HHS OCR announced a settlement with Solara: Today the U.S. Department of Health and Human…
Category: Phishing
Phishing texts trick Apple iMessage users into disabling protection
Lawrence Abrams reports: Cybercriminals are exploiting a trick to turn off Apple iMessage’s built-in phishing protection for a text and trick users into re-enabling disabled phishing links. With so much of our daily activities done from our mobile devices, whether paying bills, shopping, or communicating with friends and colleagues, threat actors increasingly conduct smishing (SMS phishing)…
KY: Personal data of Boone, Kenton County students breached, school officials say
Danielle Goodman reports: Personal data from current and former students in Boone and Kenton County school districts may have been accessed and copied in cyber attacks earlier this month, according to school district announcements. School district officials said the data breaches appear to have stemmed from phishing schemes, where cybercriminals trick users into providing sensitive…
New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA
Bill Toulas reports: A new Microsoft 365 phishing-as-a-service platform called “FlowerStorm” is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service. First documented by Trustwave in late November 2024, Rockstar2FA operated as a PhaaS platform facilitating large-scale adversary-in-the-middle (AiTM) attacks targeting Microsoft 365 credentials. The service offered advanced evasion mechanisms, a user-friendly…
Illinois Department of Human Services phishing attack affected more than 1.1M public assistance clients
Their substitute notice, as published on Effingham Radio: Springfield, IL-(Effingham Radio)- Pursuant to the requirements of the Illinois Personal Information Protection Act (PIPA), 815 ILCS 530/12, the Illinois Department of Human Services (IDHS) is notifying the media of an incident within IDHS State of Illinois email accounts: On April 25, 2024, IDHS experienced a privacy breach….
Credential phishing attacks up over 700 percent
Ian Barker reports: Phishing remains one of the most significant cyber threats impacting organizations worldwide and a new report shows credential theft attacks surged dramatically in the second half of 2024, rising by 703 percent. The report from SlashNext shows that overall, email-based threats rose by 202 percent over the same period, with individual users receiving…