Elizabeth Hernandez

Photo of author
Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone. https://twitter.com/ElizabethHzone

MagnetoCore Malware Campaign Sees 7,339 Magneto Stores Infected with Payment Card Skimmer

A massive MagnetoCore malware campaign has been uncovered that has seen thousands of Magneto stores compromised and loaded with a payment card scraper. As visitors pay for their purchases on the checkout pages of compromised websites, their payment card information … Read more

New AdvisorsBot Malware Threat Spread Using Spam Email

Hotels, restaurants, and telecommunications companies are being focused on with a new spam email campaign that sends a new form of malware called AdvisorsBot. AdvisorsBot is a malware downloader which, like many strains of malware, is being shared using spam … Read more

Security Awareness Training Best Practices

Security awareness training best practices to help your organization tackle the weakest link in the security chain: Your employees. The Importance of Security Awareness Training It doesn’t matter how comprehensive your security defenses are and how much you invested on … Read more

New AdvisorsBot Malware Threat Distributed Through Spam Email

Hotels, restaurants, and telecommunications businesses are the focus of a new spam email campaign that broadcasts a new form of malware titled AdvisorsBot. AdvisorsBot is a malware downloader which, like many malware variants, is being sent using spam emails containing … Read more

Fake WannaCry Ransomware Campaign Uncovered

In May 2017, WannaCry ransomware attacks brought many businesses to a stop, with the UK’s National Health Service (NHS) a notable target. Now, a little more than 12 months later, a new WannaCry ransomware campaign is being operated, or so … Read more

UnityPoint Health Phishing Attack Impacts 1.4 Million

Many large healthcare data breaches recently have been reported that have seen hackers obtain access to employees’ email accounts and sensitive data, although the recently shared UnityPoint Health phishing attack stands out due to the massive number of individuals that … Read more

Adidas Phishing Scam Discovered

A new Adidas phishing scam has been discovered that involves offering free shoes and money. The messages claim that Adidas is celebrating its 69th anniversary and sending 2,500 lucky customers a free pair of Adidas sneakers along with a free … Read more

Cybercriminal Net €2 million Using Lazio Phishing Scam

The Lazio phishing scam looks to have lead to a €2 million loss for the Italian Serie A football team, which made the final installment of a transfer of a football player to the bank account of a cybercriminal. The … Read more

Rapid Spread of Cryptocurrency Mining PowerGhost Malware

A huge  cryptocurrency mining campaign has been discovered by security experts at Kaspersky Lab – a campaign that has lead to the creation of a vast network of devices infected with PowerGhost malware. PowerGhost malware is being downloaded to all … Read more

2017: Ransomware Attacks Estimated to Reach $5bn

The cost of ransomware attacks cannot be estimated by the amounts illegally earned by hackers due to ransom payments. In fact, the ransom payments are just a small part of the costs experienced by companies that have been attacked with … Read more

Your Router May Have Been Compromised: Urgent Action Required

A hacking group has succeeded in infecting hundreds of thousands of routers with VPNFilter malware. The scale of the malware campaign is astonishing. So far more than half a million routers are believed to have been infected with the malware, … Read more

Tech Support Scams Grow by 24% During 2017

Microsoft has published new figures that show there has been a sizeable upwards surge in tech support scams over the past 12 months. The amount of victims that have reported these scams to Microsoft increased by 24% in 2017. The … Read more

World Cup 2018 Phishing Scams

The 2018 World Cup is just two weeks and the media frenzy surrounding the soccer extravaganza is already reaching fever pitch. Sadly, Kaspersky Lab has already identified several World Cup 2018 phishing scams, with many of the early scams using emails … Read more

Syrian Refugee Phishing and Active Shooter Campaigns

Two new phishing campaigns have been uncovered recently that have seen phishers sink to new depths. An active shooter phishing campaign has been discovered that uses fear and urgency to steal details, while a Syrian refugee phishing campaign focuses on … Read more

Phishing News: Active Shooter and Syrian Refugee Campaigns

Two new phishing campaigns have been discovered in the last three weeks that have seen phishers sink to new depths. An active shooter phishing campaign has been discovered that uses fear and urgency to steal credentials, while a Syrian refugee … Read more

2018 Largest Data Breach Involved Exposing of 340 Million-Records

A database of U.S. consumer information has been left unprotected online by the marketing company Exactis. At 340 million records, this is the biggest data breach of 2018. You may not have heard about Florida-based data broker Exactis, but chances … Read more

Worst Data Breaches of 2017

2017 has been a particularly bad year for data violations, but what were the worst data breaches of 2017? We have put together a list of the largest and most serious cyber attacks that came to light in 2017. Equifax … Read more

Rockingham School District Loses $314,000 to Emotet Malware Infection

The Rockingham school district in North Carolina identified that Emotet malware had been downloaded to its network in late November. The cost of tackling the infection was a massive $314,000. The malware was sent using spam emails, which arrived in … Read more

Emotet Malware Infection Cost Rockingham School District $314,000 to Resolve

The Rockingham school district in North Carolina discovered Emotet malware had been installed on its network in late November. The cost of resolving the infection was an astonishing $314,000. The malware was delivered via spam emails, which arrived in multiple … Read more

Wi-Fi Alliance Enhances WPA2 and Announces WPA3 Protocol Coming Later this Year

15 years after the launch of the wireless security protocol WPA2, the Wi-Fi Alliance has announced this year will see the release of the WPA3 protocol. The transition period from the WPA2 to WPA3 protocol is expected to take several … Read more

Malware Attack at Forever 21 POS Continued for 7 Months

A recently identified Forever 21 POS malware attack has resulted in customers’ credit card data being accessed. While malware attacks on retail POS systems are now a regular occurance, in the case of the Forever 21 POS malware attack, the … Read more

Are Password Managers Safe?

Passwords should be complex and difficult to guess, but that makes them difficult to remember, so what about using password managers to get around that problem? Are password managers safe and secure? Are they better than attempting to remember passwords … Read more

Mobile Accounts Drained of Money by Xafecopy Malware

Xafecopy malware is a new Trojan that is being leveraged to take money from victims using their smartphone devices. The malware looks like a useful apps that function exactly as expected, although along with the useful functions, the apps have … Read more

Social Media Accounts Being Hack to Allow Terdot Trojan Steal Banking Details

The Terdot Trojan is a new strain of Zeus, a highly effective banking Trojan that was first spotted in 2009. While Zeus has been discontinued, its source code has been accessible since 2011, allowing hackers to create a range of … Read more

Social Media Accounts Hijacks by Banking Terdot Trojan

The Terdot Trojan is a form of Zeus, a highly successful banking Trojan that first was seen in 2009. While Zeus is no longer doing the rounds, its source code has been available since 2011, allowing cyber criminals to produce … Read more

Terdot Trojan Steals Banking Credentials and Hijacks Social Media Accounts

The Terdot Trojan is a new incarnation of Zeus, a highly successful banking Trojan that first appeared in 2009. While Zeus has been retired, its source code has been available since 2011, allowing hackers to develop a swathe of new … Read more

Combosquatting: Study Reveals Extent of Use of Trademarks in Web Attacks

Combosquatting is a popular technique used by hackers, spammers, and scammers to fool users into downloading malware or revealing their credentials. Combosquatting should not be confused with typosquatting. The latter involves the purchasing of domains with transposed letters or common … Read more

Microsoft Office Attacks Without Macros

Microsoft Office documents that include malicious macros are commonly used to distribute malware and ransomware. However, security experts have now identified Microsoft Office attacks without macros, and the technique is more difficult to block. While you can turn off macros … Read more

Phishing Website Key to Equifax Breach Success

The cyberattack on Equifax impacted around 50% of the population of the United States. 143 million U.S. consumers may have had their sensitive data illegally obtained by hackers, as did around 400,000 individuals in the United Kingdom and 100,000 consumers … Read more

IoT Reaper Botnet Growing at Alarming Rate

Last year, the Mirai botnet was used in massive DDoS attacks; however, the IoT Reaper botnet could redefine massive. The Mirai botnet, which mostly consisted of IoT devices, was capable of delivering DDoS attacks in excess of 1 terabit per … Read more

Self-Replicating Worm Module Incorporated in Trickbot Malware

Trickbot malware is a banking Trojan that has been around for some time, although its developers have recently created a WannaCry ransomware-style worm module that allows it to spread much more swiftly. The latest NotPetya attacks also included a similar … Read more

Windows 10 Attacked by Bashware

A new attack method – termed Bashware – could permit hackers to download malware to Windows 10 computing devices without being discovered by security software, according to research published by Check Point. The Windows Subsystem for Linux (WSL) was brought … Read more

HIPAA Compliance and Phishing: Email Attacks Can Result in HIPAA Penalties

A phishing attack on a HIPAA-covered entity has lead to in a $400,000 HIPAA breach fine for non-compliance. This is not the first time a phishing attack has resulted in a penalty from OCR for non-compliance. The failure to stop … Read more

Beware of Equifax Phishing Scams – Cybercriminals Are Typosquatting to Catch the Unwary

Consumers should be wary of Equifax phishing attacks following massive data breach revealed earlier this month. The 143 million records possibly stolen in the breach will be monetized, which means many will likely be sold to hackers. Trend Micro has … Read more

Lack of Two-Factor Authentication Linked to Deloitte Data Breach

This week, news has emerged about a serious Deloitte data breach that allegedly resulted in ‘several gigabytes’ of sensitive emails sent to and from the accountancy firm’s clients being obtained by hackers. Deloitte is one of the big four accountancy … Read more

NHS Computers Taken Offline After Barts Health Malware Attack:

A Barts Health malware attack resulted in the shutdown of hospital IT systems on Friday last week as the UK NHS Trust attempted to address the damage caused and limit the infection. Barts Health is the biggest NHS Trust in … Read more

Equifax Breach Victims Directed to Phishing Website

The cyberattack on Equifax affected almost half the population of the United States. 143 million U.S. consumers potentially had their sensitive data stolen by hackers, as did around 400,000 individuals in the United Kingdom and 100,000 consumers in Canada. To … Read more

Average Cost of a SMB Data Breach Revealed by New Study

The average cost of a SMB data breach is now $117,000 per incident, according to a large study of data breach costs at small to medium sized businesses. The study was conducted by Kaspersky Lab and B2B International, with over … Read more

Beware of Hoeflertext Warnings: Popups Used to Deliver Ransomware

Popup warnings of missing fonts, specifically the Hoeflertext font, are being used to infect users with malware. The Hoeflertext warnings appear as popups when users visit compromised websites using the Chrome or Firefox browsers. The warnings flash up on screen … Read more

Healthcare and Education Sectors hit by Defray Ransomware

Defray ransomware is being used in targeted hacking campaigns on groups in the healthcare and education sectors. The new ransomware variant is being shared via email; however, in contrast to many ransomware campaigns, the emails are not being distributed in … Read more

Result of 2017 Spam Study Show Most Malicious Messages Sent During Working Day

The busiest day of the week for email spam is  typically Tuesday and cyber criminals focus on sending messages during the working day, Monday to Friday, according to a 2017 spam study completed by IBM X-Force. The study was carried … Read more

Locky Ransomware Spam Campaigns Discovered Sharing Two New Strains

Two new Locky ransomware spam campaigns have been witnessed this month, each being used to distribute a new variant of the cryptoransomware. The campaigns have started after a relatively quiet period for ransomware campaigns, although the most recent campaigns show … Read more

What is the Cost of a Malware Attack? $300 Million for Maersk

The cost of a malware attack is difficult to predict. There are many factors that affect the cost. The type of malware, whether data were stolen, the extent of the infection, how easy it is to mitigate, and how much … Read more

Majority of Malicious Messages Sent During Office Hours According to 2017 Spam Study

The most hectic day of the week for email spam is Tuesday and hackers focus on sharing messages during working hours, Monday to Friday, according to a 2017 spam study facilitated by IBM X-Force. The study was run during 6-month … Read more

Poor Patch Management Policies Result in Cyberattacks and Huge Settlement

The importance of implementing good patch management policies was clearly highlighted by the WannaCry ransomware attacks in May. The ransomware attacks were made possible due to poor patch management policies at hundreds of companies. The attackers leveraged a vulnerability in … Read more

Devastating Losses Inflicted by Ransomware Attacks on Small Businesses

Ransomware attacks on small businesses can have major consequences. Many small companies have little spare capital and certainly not enough to be doling out cash to cybercriminals, let alone enough to cover the cost of loss of business while systems … Read more

Federal Agencies Asked to Deploy DMARC to Stop Impersonation Campaigns

A U.S senator is asking the Department of Homeland Security and other federal agencies to implement DMARC to prevent impersonation attacks being conducted through email. In recent months, several government agencies have been focused on by phishers who have used … Read more

Spam King Gets 30-Months Prison Sentence

The self-titled Spam King, Sandford Wallace, has been given a 30-month jail sentence in relation to a Facebook spam campaign carried out between November 2008 and February 2009. Wallace illegally gained access to around 550,000 Facebook accounts and used those … Read more

2017 US Data Breaches at Record Breaking Level

2017 US data breaches have reached a record high, jumping an incredible 29% year over year. The mid-year data breach report from the Identity Theft Resource Center (ITRC) and CyberScout shows there were 791 reported data breaches between January 1 … Read more

Verizon Communications Data Leak Resulted in Exposure of 6 Million Accounts

Human error was to blame for a massive Verizon Communications data leak that saw the personal information, account details and PIN numbers of more than 6 million customers exposed on the Internet. The Verizon Communications data leak is particularly serious … Read more