Cyber Security Threats
Stay informed about the ever-evolving landscape of cyber threats. Explore the latest developments in malware, ransomware, and zero-day vulnerabilities, and learn how to protect your digital assets from these risks.
Gootloader Malware Delivery Framework Uses SEO Poisoning to Deliver Multiple Malware Variants
There has been an increase in the use of a JavaScript-based infection framework known as Gootloader for delivering malware payloads. Gootloader, as the name suggests, has been used to deliver the Gootkit banking Trojan, but … Read more
PHI Exposed as a Result of Data Breaches at Pennsylvania Adult & Teen Challenge And Gore Medical Management
Pennsylvania Adult & Teen Challenge located in Rehrersburg, PA announced that an unauthorized individual obtained access to worker email accounts that included the PHI of 7,771 people. This provider operates addiction treatment programs for adults … Read more
Online Storage Vendor Pays Ransom to Retrieve Healthcare Data Stolen During Cyberattack
The protected health information (PHI) of 29,982 patients of Harvard Eye Associates located in Laguna Hills, CA was potentially stolen due to a cyberattack on its cloud storage provider. The medical and surgical eye care … Read more
U.S. Treasury Hit by Email Hacks
Compromised email accounts take place many times around the world every day of the week and it is estimated that 2.5 billion accounts were hacked during 2019 which equates to 6.85 million accounts being hacked … Read more
$75,000 Paid by Renown Health to Settle its HIPAA Right of Access Case
The Department of Health and Human Services’ Office for Civil Rights (OCR) is moving forward with its campaign to stop noncompliance with the HIPAA Right of Access. OCR reported its fifteenth settlement this week that … Read more
Philadelphia Department of Public Health Ends Vaccine Distribution Agreement Due to Alleged Privacy Breaches
The contract of Philly Fighting COVID to dispense COVID-19 vaccines in Philadelphia city with the Philadelphia Department of Public Health was terminated because of allegations that the company’s privacy policies possibly made possible the sale … Read more
$5.1 Million Penalty Paid by Excellus Health Plan to Settle HIPAA Violation Case
Health insurance company Excellus Health Plan agreed to pay the Department of Health and Human Services’ Office for Civil Rights $5.1 million as a penalty to settle its HIPAA violation case associated with the 2015 … Read more
Email Security Breaches at Roper St. Francis Healthcare and Einstein Health Network
Roper St. Francis Healthcare has informed 189,761 patients regarding an unauthorized individual who accessed some of their protected health information (PHI) saved in employee email accounts. The provider detected the email security breach in late … Read more
Vulnerability in VMWare Virtual Workspaces Attacked by Russian State-Sponsored CyberCriminals
The U.S. National Security Agency (NSA) has released a cybersecurity advisory alert informing the public that Russian state-sponsored hackers are focusing on a flaw in VMWare virtual workspaces used to support remote working. The flaw, … Read more
APT32 and TA416 APT Groups Delivering New MacOS and Windows Malware Variants
The Advanced Persistent Threat (APT) group APT32 – aka OceanLotus – is conducting a malware campaign targeting Apple MacOS users. APT32 is a nation-state hacking group that primarily targets foreign companies operating in Vietnam. The … Read more
IRS Phishing Spoof Involving Request for Outstanding Tax Payment Discovered
A recent phishing campaign has been discovered that deceived the US Internal Revenue Service (IRS) and tells recipients that their are facing immediate legal action to take back a huge tax repayment. These emails are … Read more
Cybersecurity Challenges for Remote Working
It is fair to say that more people are now working from home than ever before and the number is growing rapidly due to the coronavirus pandemic. Here we explore some of the key cybersecurity … Read more
Tips to Avoid Holiday Season Spam Email Campaigns
In the rush to buy Christmas gifts online, security awareness often is disregarded and hackers are waiting to take advantage. Hidden among the countless emails sent by retailers to inform past customers of the most … Read more
Data Security Incident at SSCPG Affects 10,000 Patients
A data security incident at Shore Speciality Consultants Pulmonology Group (SSCPG) has potentially compromised the protected health information (PHI) of 10,000 patients. SSCPG, based in New Jersey and part of the Shore Physicians Group, released … Read more
Vulnerabilities Identified in Philips IntelliVue Firmware
Cybersecurity researchers have identified vulnerabilities in Philips IntelliVue WLAN firmware which could be exploited by hackers to install malware. Two vulnerabilities affect specific IntelliVue MP monitors. Hackers could use the vulnerabilities to install malicious firmware … Read more
Spam Campaigns Delivering Marap and Loki Bot Malware with ICO and IQY Files
A spam email campaign is being conducted focusing on targeting corporate email accounts to share Loki Bot malware. Loki Bot malware is a data stealer capable of obtaining passwords stored in browsers, obtaining email account … Read more
Irish Internet Browser Claims Google is Operating GDPR ‘Workaround’
Irish Internet browser Brave has claimed that they have offered new information to the Data Protection Commission (DPC) in Ireland which proves that Google has been trying to bypass General Data Protection Regulation (GDPR) legislation. … Read more
Software Vulnerability Identified in Change Healthcare Cardiology Devices
Cybersecurity researchers have identified a flaw in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. Locally authenticated users could exploit the flaw to insert files that could allow the attacker to execute arbitrary code … Read more
Email Spam and Botnet Infection Levels Quantified
Although many reports seem to indicate that email spam is dropping, email spam and botnet infection is still a major danger for most U.S organizations and people – with criminal practices netting hacking gangs billions … Read more
Monzo Contacts 500,000 Customers Following PIN Security Breach
Monzo has contacted 500,000 customers following a data breach which saw customer PINs accessible to employees of the digital bank for more than a year. The incident, which may constitute a breach of the EU’s … Read more
Philadelphia DBHIDS Notifies Patients of Lost Laptop HIPAA Breach
The Philadelphia Department of Behavioral Health and Intellectual Disability Services (DBHIDS) is notifying 1,500 individuals that their private information may have been exposed after an employee lost an unencrypted laptop. The employee has been carrying … Read more
Phishing Attack at St. Croix Hospital Compromises PHI of 21,000 Patients
St. Croix Hospice is notifying 21,000 patients that their protected health information (PHI) may have been compromised in a phishing attack. St. Croix Hospice is a provider of hospice care in Minnesota and Wisconsin. On … Read more
Marriott Fined £99 Million for Breach Affecting 7 Million UK Residents
The UK Information Commissioner’s Office has fined Marriott International Inc £99 million under GDPR for a data breach that affected seven million UK residents. The ICO released the statement for intention to fine Marriott on … Read more
City of Griffin Officials Lose $800,000 Business Email Compromise Attack
The City of Griffin, Georgia, has revealed that it made two payments totalling $800,000 to scammers following a series of business email compromise attacks. BEC campaigns are a form of a phishing attack in which … Read more
Microsoft July 2019 Patch Tuesday
Microsoft has issued patches for 77 vulnerabilities this Patch Tuesday. Of the vulnerabilities, 15 were rated critical and two were actively exploited zero day vulnerabilities. Six of the vulnerabilities patched this month had been previously … Read more
ICO Hits BA with £183.39 million GDPR Fine for 2018 Data Breach
British Airways (BA) has been hit by a GDPR fine of £183.39 million by the UK Information Commissioners Office (ICO) for a 2018 data breach. The ICO investigation revealed that hackers stole the data of … Read more
Summa Health Notifies 10,000 Patients of Data Security Incident
Summa Health is in the process of notifying 10,000 patients of a data security incident which resulted in sensitive data being compromised. On May 1, 2019, Summa Health, based in Akron, Ohio, noticed suspicious activity … Read more
Flaw in Dell SupportAssist Leaves Millions of PCs vulnerable
A newly-identified privilege escalation flaw in Dell SupportAssist could leave millions of Dell PCs and laptops vulnerable attack. Threat actors could employ malicious software to elevate their privileges to administrator level and hijack the device … Read more
Franciscan Health Patient Data Compromised in Incident Involving Former Employee
Franciscan Health is notifying 2,200 patients that their sensitive data may have been compromised in a security incident involving a former employee. Franciscan Health, a health system operating 14 hospitals in Indiana and Illinois, discovered … Read more
ICO Declares HMRC Voice Recordings to be ‘Unlawfully Obtained’
Her Majesty’s Revenue and Customs (HMRC) has agreed to delete more than five million voice recordings after the UK Information Commissioner’s Office (ICO) declared the data had been unlawfully obtained. HMRC collected for use in … Read more
Today’s Vision Medical Records Found in Texas Dumpster
The medical records of Today’s Vision patients have been found in a dumpster in Tomball, Texas. Today’s Vision is an optometry services provider with over 50 independently owned clinics. More than 20 boxes of records … Read more
Medical Informatics Engineering Settles with OCR for $100,000 for 2015 Data Breach
Medical Informatics Engineering Inc (MIE) has agreed to a $100,000 settlement with HHS’s Office for Civil Rights for a 2015 data breach affecting 3.5 million individuals. MIE, an Indiana-based provider of electronic medical record software … Read more
Businesses Still Using Unencrypted USB Devices to Store Data One Year After GDPR
It has been revealed that businesses are still storing data on unencrypted USB devices despite the risk of incurring significant GDPR fines for doing so. ESET, an IT security company, and Kingston Technology, a leading … Read more
Oracle WebLogic Server Vulnerability Exploited Using Sodinokibi Ransomware
A vulnerability in Oracle WebLogic Server is being exploited in the wild by a new ransomware variant named Sodinokibi. On April 26, Oracle released an out-of-band patch to address the vulnerability (CVE-2019-2725). There have been … Read more
Touchstone Medical Imaging Agrees to £3 million Settlement with OCR
The Department of Health and Human Services’ Office for Civil Rights (OCR) has reached a $3 million settlement with Touchstone Medical Imaging following a 2014 data breach. The Franklin, TN-based diagnostic medical imaging services company … Read more
Inmediata Breach Notification Letters Sent to Incorrect Addresses
A mailing error at Inmediata has seen breach notification letters being sent to the incorrect addresses. Inmediata was sending the breach notification letters after it was discovered that a webpage that should have only been … Read more
Denmark’s DPA Recommends Fine for Taxi Company GDPR Violation
Denmark’s Data Protection Authority Datatilsynet has recommended that taxi company Taxa 4×35 be fined for violating the General Data Protection Regulations (GDPR). The DPA approved a fine of 2.8% of the company’s revenue, amounting to … Read more
Microsoft Customer Email Information Compromised Following Support Agent Breach
Microsoft has announced that customer email information has potentially been accessed by an unauthorised third-party following a security incident at a support agent. The hacker used compromised support agent credentials to access customer data and … Read more
New Sextortion Scams Identified Following Record Numbers Reported in 2018
Sextortion scams have become increasingly common in recent years, with record numbers being reported in 2018. These types of attacks are potentially very lucrative for an attacker, due to the highly embarrassing or compromising nature … Read more
OpenVPN Study Highlights Risks Posed by Remote Workers
A recent survey conducted by OpenVPN highlights the potential cybersecurity risks posed by remote workers. OpenVPN is a virtual private network solution provider that allows businesses to extend their VPNs securely. They surveyed 250 IT … Read more
DC Attorney General Proposes Stricter Data Breach Notification Laws
Washington D.C. Attorney General Karl. A. Racine has proposed stricter data breach notification laws. He anticipates that the new laws would provide greater protection to DC residents should their data be compromised in a data … Read more
14,000 Main Line Endoscopy Center Patients Affected by Phishing Attack
A phishing attack at Main Line Endoscopy Centers has compromised the sensitive data of over 14,000 patients. Main Line Endoscopy Centers, a network of outpatient endoscopy facilities in the Malvern, Bala Cynwyd, and Media regions … Read more
Hacker Compromises Employee Email Accounts at Rutland Regional Medical
Rutland Regional Medical has revealed that a hacker compromised nine employee email accounts following a cyber attack on their systems. Rutland Regional Medical, based in Rutland City, is the biggest community hospital in Vermont. A … Read more
Bundeskartellamt Rules on Facebook’s Practices in Germany
Bundeskartellamt has released a ruling outlining its decision on how Facebook operates in Germany. Bundeskartellamt, Germany’s national competition regulator, had been investigating Facebook’s business practices for three years. The organisation has revealed that it has … Read more
Threat of Exposure & Multiple Malware Infections being Combined with Sextortion Scams
Sextortion scams have proven popular with hackers in 2019. A well-composed email and an email list are all that is necessary. The latter can easily be bought for next to nothing via darknet marketplaces and … Read more
New Trojan Horse Malware Campaign Targeting Linux Servers Identified
Security researchers have discovered a new Trojan horse malware campaign used by hackers to launch attacks on Linux servers. Trojan horses are malware variants that are disguised as benign or useful pieces of software. They … Read more
Anatova Ransomware: A Serious New Malware Threat for 2019
Anatova ransomware is a new cryptoransomware variant that appears to have been released on January 1, 2019. It is stealthy, can infect network shares, has already been used in attacks in many countries around the … Read more
How Small Businesses Can Improve Wi-Fi Security
Hackers are taking advantage of poor Wi-Fi security to attack small businesses. This post covers simple steps to take to improve Wi-Fi security to block cyberattacks. Small businesses can implement a robust firewall to protect … Read more
10 Cybersecurity Tips for Small Businesses
Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches. Many small business owners misguidedly think that their … Read more
Mozilla Official Predicts Stricter GDPR Enforcement in 2019
A senior official at Mozilla has predicted that 2019 will see much stricter enforcement of GDPR across Europe. The Senior Policy Manager and European Union Principal for Mozilla, Raegan MacDonald, has said that she believes that 2019 will … Read more