August 8 – U.S. District Judge Paul Maloney today sentenced Cedric Smith to a prison term of 70 months. His sentence is the last handed down in a West Michigan federal case charging three Miami, Florida residents with bank fraud and aggravated identity theft. In February 2021, a grand jury charged Cedric Smith, Daja Smith…
Update: Colosseum Dental Benelux pays ransom to threat actors
Updating the story concerning Colosseum Dental Benelux reported yesterday, Yannick Spinner reports (machine translated): The umbrella company, in its own words, had no choice but to pay the criminals: “Caring for our patients is our top priority and prompted Colosseum Dental to contact the cyber attackers and make agreements about the return and security of our…
Salinas Valley Memorial Healthcare System settles class action lawsuit for $340K
Salinas Valley Memorial Healthcare System has agreed to pay $340,000 to resolve claims lax cybersecurity resulted in a 2020 data breach. Five employee and contractor email addresses were reportedly compromised in April, May and June of 2020 through a phishing scheme. As Salinas claimed in their notification of July 1, 2020: On April 30, 2020,…
Snapchat, Amex sites abused in Microsoft 365 phishing attacks
Sergiu Gatlan reports: Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks. Read more at…
More than 100 Dutch dental practices closed for days due to cyber attack
On August 5, RTL Nieuws reported: More than a hundred dental practices will be forced to keep their doors closed in the coming days. These are practices of Colosseum Dental Benelux, a large company with more than 130 branches in Belgium and the Netherlands. The company has been hit by a cyber attack and is going to…
Louisiana Public Facilities Authority (LPFA) victim of ransomware attack
The following notification was first published on July 18 as a legal notice: 00110404 PUBLISH 07/18/22 – 09/02/22 Notice of Data Breach On or about February 26, 2022, the Louisiana Public Facilities Authority (LPFA) was the target of a ransomware attack by unknown persons. Our investigation indicates the attack may have gone on over a…