Lawrence Abrams reports: Hackers have reportedly stolen 2 million Binance Coins (BNB), worth $566 million, from the Binance Bridge. Details are scant at the moment, but the attack appears to have started at 2:30 PM EST today, with the attacker’s wallet receiving two transactions [1, 2], each consisting of 1,000,000 BNB. Soon after the hacker began spreading some…
CSI Laboratories reports a second big breach this year
Georgia-based Cytometry Specialists d/b/a CSI Laboratories (“CSI”) has reported a second big breach this year. In a press release issued this week, CSI reports that they discovered on July 8 that they had been the victim of a phishing attack that compromised an employee’s email account. The incident was reported to HHS on September 26…
HC3: Abuse of Legitimate Security Tools and Health Sector Cybersecurity
HC3 has published another guidance (TLP:WHITE) for the healthcare sector. In this one, they discuss how the same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure. The paper includes: Cobalt Strike PowerShell Mimikatz Sysinternals Anydesk Brute Ratel Access the paper on HHS.
Saskatoon gynecology clinic hit with ransomware attack: report
Rory MacLean reports: A ransomware attack on a Saskatoon obstetrics and gynecology clinic left the personal health information of up to 20,000 patients in the hands of malicious hackers, according to the province’s privacy watchdog. In a report issued in September, Privacy Commissioner Ronald Kruzeniski said the attack targeting Saskatoon Obstetric and Gynecologic Consultants resulted…
Bankrupt Crypto Lender Celsius Reveals Thousands of Users’ Transaction Histories in Court Filing
Will McCurdy reports: Troubled crypto lender Celsius has revealed the names and transaction history of hundreds of thousands of its customers in a court filing. The 14,500-page long document contained information such as customer names, crypto wallet IDs, transaction types and amounts, which services the customer had used, and the types and quantities of tokens held. Read…
Some Tufts community members’ health insurance information compromised in vaccine clinic data breach
Emily Thompson reports: Tufts announced in a Thursday evening email to the community that its vaccine clinic provider, Pelmeds, has experienced a data breach involving images of patients’ insurance cards. The number of Tufts community members affected by the breach is still unknown. Tufts has ended its contract with the company and postponed all previously…