Lawrence Abrams reports: The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack. […] In a notification posted to their site today, SANS states that one of their employees fell for a phishing attack that allowed a threat actor to gain access to their…
Category: Phishing
University of Utah notifying patients after phishing attack
Did University of Utah Health really have three phishing incidents this year? Maybe not. I was confused when I saw a new listing on HHS’s public breach tool this week. The incident, reported to HHS on July 20, reportedly affected 10,000 patients and involved PHI located in email. As such, it seemed to match an…
Russian BEC Gang Targets Hundreds of Multinational Companies
Akshaya Asokan reports: A newly uncovered Russia-based business email compromise gang has been targeting hundreds of large, multinational corporations in over 40 countries since 2019, according to the security firm Agari. The gang, which Agari calls Cosmic Lynx, uses a combination of social engineering techniques and well-crafted email messages designed to target the upper echelon of…
Vast Phishing Campaign Hits Microsoft Users in 62 Countries
Bloomberg reports: Microsoft Corp. customers were targeted in a massive phishing campaign that has sought to defraud users in 62 countries since December. Recently, the malicious emails have evolved to capitalize on the pandemic, according to Microsoft. The attack “targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and re-direct…
Hakbit ransomware campaign targeting specific European countries
Derek Kortepeter reports: Proofpoint researchers have published findings on a campaign involving the Hakbit ransomware. As their blog post states, the ransomware is being spread via spear-phishing emails targeted at individuals in “mid-level positions across the pharmaceutical, legal, financial, business service, retail, and healthcare sector.” The attacks, described as low-volume, are specifically targeting employees of organizations located in…
UnityPoint Health Reaches $2.8M Settlement Over 2018 Data Breach
There’s an update to the litigation stemming from two UnityPoint Health phishing incidents that were discovered within months of each other in 2018. Part of the lawsuit was thrown out in 2019, but negligence claims were allowed to go forward. Not surprisingly, that seemed to result in a settlement. Jessica Davis reports: Iowa Health System,…