Bill Toulas reports: The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. ‘WP HTML Mail’ is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send…
Category: Phishing
Two covered entities who discovered breaches last summer first notifying patients
Two breaches that were first reported to HHS in November have now been more fully disclosed. Both of the following breaches were first reported to HHS in November as impacting 500 or 501 patients — entries that this site usually suspects are just “markers” for “we have no idea yet how many were impacted.” Anne…
City of Tenino loses $280,309 to phishing email scam, state Auditor’s Office says
Martin Bilbao reports: The city of Tenino fell victim to a fraudulent scheme that cost it $280,309 in public funds, according to the Washington State Auditor’s Office. Former Clerk Treasurer John Millard initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts from March 19 to May 4, 2020, per…
More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild
Catalin Cimpanu reports: A team of academics said it found more than 1,200 phishing toolkits deployed in the wild that are capable of intercepting and allowing cybercriminals to bypass two-factor authentication (2FA) security codes. Also known as MitM (Man-in-the-Middle) phishing toolkits, these tools have become extremely popular in the cybercrime underworld in recent years after major…
Evanston Township High School Defrauded Of $48,570 In Hack That Exposed 1,139 Identities
I’m backfilling a breach report from November as I just saw it now and it seems that others tracking k-12 data breaches may not have been aware of it, either. Jonah Meadows had reported that Evanston Township High School officials in Illinois were scammed out of more than $48,000 during a monthslong data breach that…
WV: Monongalia Health System notifies patients and employees of data breach
Some reportable HIPAA breaches occur in the context of bad actors trying to re-route wire payments. Monongalia Health System in West Virginia seems to have suffered that type of breach. The incident impacted the email system of Monongalia Health System and its affiliated hospitals, Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company….