Tom Carreras reports: North Korean hacking syndicate Lazarus Group is thought to be behind a failed cyberattack on deBridge Finance yesterday. […] According to Smirnov, several members of the deBridge team received emails yesterday with PDFs attached to them entitled “New Salary Adjustments.” Downloading the file and submitting password information would have unleashed a data-collecting…
Category: Phishing
Methodist Hospitals data breach $425K class action settlement
Top Class Actions reports a settlement in a lawsuit stemming from a 2019 phishing incident that reportedly impacted or potentially impacted 68,039 patients: The Methodist Hospitals Inc. has agreed to pay up to $425,00 to settle a class action lawsuit that alleges it failed to adequately protect patients’ personal information from being exposed in a…
BJC HealthCare settles class action litigation
In May 2020, DataBreaches noted that BJC Healthcare in Missouri was alerting patients to a data breach. The breach had first been discovered on March 6, shortly after three employee email accounts were compromised. At the time of notification, BJC Healthcare reported that investigators were unable to determine if any emails or attachments had actually…
‘Callback’ Phishing Campaign Impersonates Security Firms
Elizabeth Montalbano reports: A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the companies, among other security firms, being impersonated, they said in…
Don’t Put All Your Eggs in the Silent-Cyber Basket
William P. Sowers Jr. and Michael S. Levine of Hunton Andrews Kurth write: The Eastern District of Pennsylvania recently gave another reminder why cyber insurance should be part of any comprehensive insurance portfolio. In Construction Financial Administration Services, LLC v. Federal Insurance Company, No. 19-0020 (E.D. Pa. June 9, 2022), the court rejected a policyholder’s attempt…
Ukraine arrests cybercrime gang operating over 400 phishing sites
Bill Toulas reports: The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. The threat actors used forms on the site to steal visitors’ payment card data and online banking account credentials and perform fraudulent, unauthorized…