There are so many breach reports that it’s hard to even find all the notices and reports about them these days. These days, there are many breaches that I log in worksheets I compile for Protenus’s Breach Barometer annual report but never even post on this blog. Just today, for example, I found: a notice…
Category: Phishing
Lewd Phishing Lures Aimed at Business Explode
Socially engineered BEC attacks using X-rated material spike 974 percent. Becky Bracken reports: Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team…
OH: Five Rivers Health Centers notified 155,748 patients after phishing incident
On May 28, Five Rivers Health Centers in Ohio notified HHS about a data security incident that impacted 155,748 patients. The following is their media notice, linked from the home page of their web site if you can find it (see attached, where I highlighted the location of the link on their home page). DataBreaches.net…
MI: WMed warns 2,474 employees and beneficiaries enrolled in healthcare coverage of phishing incident
Brad Devereaux reports: WMed has alerted employees, former employees and their beneficiaries covered under employee healthcare coverage about a data security incident caused by phishing that exposed personal information. Someone within the Western Michigan University Homer Stryker MD School of Medicine, or WMed, clicked on a “phishing” link in an email, which allowed outside access…
Kenyan arrested in Qatar first targeted by phishing attack
Jon Gambrell reports: A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say. While analysts from Amnesty International and Citizen Lab said they were unable to…
Justice Department Announces Court-Authorized Seizure of Domain Names Used in Furtherance of Spear-Phishing Campaign Posing as U.S. Agency for International Development
WASHINGTON – On May 28, pursuant to court orders issued in the Eastern District of Virginia, the United States seized two command-and-control (C2) and malware distribution domains used in recent spear-phishing activity that mimicked email communications from the U.S. Agency for International Development (USAID). This malicious activity was the subject of a May 27 Microsoft…