Cyber Security Threats

British Airways (BA) has been hit by a GDPR fine of £183.39 million by the UK Information Commissioners Office (ICO) for a 2018 data breach. The ICO investigation revealed that hackers stole the data of … Read more

Summa Health is in the process of notifying 10,000 patients of a data security incident which resulted in sensitive data being compromised. On May 1, 2019, Summa Health, based in Akron, Ohio, noticed suspicious activity … Read more

A newly-identified privilege escalation flaw in Dell SupportAssist could leave millions of Dell PCs and laptops vulnerable attack. Threat actors could employ malicious software to elevate their privileges to administrator level and hijack the device … Read more

Franciscan Health is notifying 2,200 patients that their sensitive data may have been compromised in a security incident involving a former employee. Franciscan Health, a health system operating 14 hospitals in Indiana and Illinois, discovered … Read more

Her Majesty’s Revenue and Customs (HMRC) has agreed to delete more than five million voice recordings after the UK Information Commissioner’s Office (ICO) declared the data had been unlawfully obtained. HMRC collected for use in … Read more

The medical records of Today’s Vision patients have been found in a dumpster in Tomball, Texas. Today’s Vision is an optometry services provider with over 50 independently owned clinics. More than 20 boxes of records … Read more

Medical Informatics Engineering Inc (MIE) has agreed to a $100,000 settlement with HHS’s Office for Civil Rights for a 2015 data breach affecting 3.5 million individuals. MIE, an Indiana-based provider of electronic medical record software … Read more

It has been revealed that businesses are still storing data on unencrypted USB devices despite the risk of incurring significant GDPR fines for doing so. ESET, an IT security company, and Kingston Technology, a leading … Read more

A vulnerability in Oracle WebLogic Server is being exploited in the wild by a new ransomware variant named Sodinokibi. On April 26, Oracle released an out-of-band patch to address the vulnerability (CVE-2019-2725). There have been … Read more

The Department of Health and Human Services’ Office for Civil Rights (OCR) has reached a $3 million settlement with Touchstone Medical Imaging following a 2014 data breach. The Franklin, TN-based diagnostic medical imaging services company … Read more

A mailing error at Inmediata has seen breach notification letters being sent to the incorrect addresses. Inmediata was sending the breach notification letters after it was discovered that a webpage that should have only been … Read more

Denmark’s Data Protection Authority Datatilsynet has recommended that taxi company Taxa 4×35 be fined for violating the General Data Protection Regulations (GDPR). The DPA approved a fine of 2.8% of the company’s revenue, amounting to … Read more

Microsoft has announced that customer email information has potentially been accessed by an unauthorised third-party following a security incident at a support agent. The hacker used compromised support agent credentials to access customer data and … Read more

Sextortion scams have become increasingly common in recent years, with record numbers being reported in 2018. These types of attacks are potentially very lucrative for an attacker, due to the highly embarrassing or compromising nature … Read more

A recent survey conducted by OpenVPN highlights the potential cybersecurity risks posed by remote workers. OpenVPN is a virtual private network solution provider that allows businesses to extend their VPNs securely. They surveyed 250 IT … Read more

Washington D.C. Attorney General Karl. A. Racine has proposed stricter data breach notification laws. He anticipates that the new laws would provide greater protection to DC residents should their data be compromised in a data … Read more

A phishing attack at Main Line Endoscopy Centers has compromised the sensitive data of over 14,000 patients. Main Line Endoscopy Centers, a network of outpatient endoscopy facilities in the Malvern, Bala Cynwyd, and Media regions … Read more

Rutland Regional Medical has revealed that a hacker compromised nine employee email accounts following a cyber attack on their systems. Rutland Regional Medical, based in Rutland City, is the biggest community hospital in Vermont. A … Read more

Bundeskartellamt has released a ruling outlining its decision on how Facebook operates in Germany. Bundeskartellamt, Germany’s national competition regulator, had been investigating Facebook’s business practices for three years. The organisation has revealed that it has … Read more

Sextortion scams have proven popular with hackers in 2019. A well-composed email and an email list are all that is necessary. The latter can easily be bought for next to nothing via darknet marketplaces and … Read more

Security researchers have discovered a new Trojan horse malware campaign used by hackers to launch attacks on Linux servers. Trojan horses are malware variants that are disguised as benign or useful pieces of software. They … Read more

Anatova ransomware is a new cryptoransomware variant that appears to have been released on January 1, 2019. It is stealthy, can infect network shares, has already been used in attacks in many countries around the … Read more

Hackers are taking advantage of poor Wi-Fi security to attack small businesses. This post covers simple steps to take to improve Wi-Fi security to block cyberattacks. Small businesses can implement a robust firewall to protect … Read more

Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches. Many small business owners misguidedly think that their … Read more

A senior official at Mozilla has predicted that 2019 will see much stricter enforcement of GDPR across Europe. The Senior Policy Manager and European Union Principal for Mozilla, Raegan MacDonald, has said that she believes that 2019 will … Read more

A new form of MongoLock ransomware is actively being used in a global campaign. A 0.1 BTC ransom is demanded, although file recovery may not be possible. The ransomware immediately deletes files and formats backup … Read more

Following the leaking of the master key for the FilesLocker ransomware on Pastebin, a decryptor has been made available to allow a victim’s files to be recovered for free. The master key is the key … Read more

Home purchasers and real estate agents in the United Kingdom and Ireland are being targeted by cybercriminals using a new solicitor email campaign. The scam, which includes mimicking a solicitor, is costing victims thousands. Additionally, … Read more

A new global phishing scam has been identified in which hackers target customers of Netflix, the world’s largest streaming organisation. The U.S. Federal Trade Commission, an independent agency of the United States government, issued a … Read more

The final weekend of 2018 has seen a significant newspaper cyberattack in the United States that has disrupted production of several newspapers published by Tribune Publishing. The attacks were malware-related and impacted the Saturday editions … Read more

The Center for Vitreo-Retinal Diseases in Libertyville, IL, has announced that it was recently the victim of a ransomware attack. The attack was first noticed on September 18, 2018, and resulted in the encryption of … Read more

On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player. The vulnerability had been identified in late November by Gigamon, held network visibility and traffic monitoring technology vendor. … Read more

Police in Iceland have said a highly complex phishing attack is the biggest ever cyberattack the country has ever witnessed. The campaign saw thousands of messages sent that tried to get Icelanders to download a … Read more

Hackers have been targeted universities extensively in the last year according to figures recently released by Kaspersky Lab. Universities store very valuable information. As research group collate valuable proprietary data. The results of research studies … Read more

The Jones Eye Clinic and its affiliated surgery, CJ Elmwood Partners, based in Sioux City, Iowa, has announced that up to 40,000 patients may have had their data compromised following a ransomware attack on their … Read more

The Radisson Hotel Group may be fined for non-compliance with the General Data Protection Regulation (GDPR) following a data breach earlier this year. The Radisson Hotel Group is a chain with over 1,400 hotels in … Read more

Catawba Valley Medical Center (CVMC), a medical center serving the greater Catawba County area based in Hickory, North Carolina, has recently announced that an unauthorised individual gained access to their systems following a successful phishing … Read more

A new ransomware threat has been detected called FilesLocker which is currently being offered as ransomware-as-a-service (RaaS) on a TOR malware forum. FilesLocker ransomware is not a particularly sophisticated ransomware variant, but it still poses … Read more

The Employees Retirement System of Texas (ERS) has discovered a flaw in its ERS OnLine portal which allowed some users to view other members’ details upon logging into the portal. Up to 1.25 million records … Read more

FirstCare Health Plans, a Texan health insurance organisation, has revealed that more than 8,000 of its members may have had some of their personal data breached due to an email error made by one of … Read more

The General Data Protection Regulations (GDPR) came into effect in the European Union in May 2018. The regulations served to replace the existing regulations covering data protection, which were woefully out-of-date with modern technology and … Read more

The past few months have seen an increase in new, versatile malware downloaders that gather a significant amount of data about users’ systems before deploying a malicious payload. That payload is determined on the users’ … Read more

Using fake software updates to spread malware is not a new phenomenon, but a new malware campaign has been discovered that is quite different. Fake Adobe Flash updates are being spread that actually do update … Read more

SecureWorks has discovered Cobalt Dickens, an Iranian threat group, has launched a URL spoofing campaign targeting universities in more than a dozen countries. On their website, SecureWorks stated that security researchers working in their Counter … Read more

Kroll, a data security company, has released the results of a survey which shows that the number of data breaches reported to the UK’s Information Commissioner has increased by 75% since the introduction of the … Read more

Spam or junk email may be the primary method of sharing delivering banking Trojans, however there are many other ways of convincing employees to download and install malware on their computers. The CamuBot Trojan the … Read more

The CamuBot Trojan is a new malware variant that is being used in vishing campaigns on employees to obtain banking credentials. Cybercriminals Use Vishing to Convince Employees to Install CamuBot Trojan Spam email may be … Read more

Hotels, restaurants, and telecommunications businesses are being focused on in  a new spam email campaign that sends a new variety of malware called AdvisorsBot. AdvisorsBot is a malware downloader which, like many malware variants, is … Read more

A massive MagnetoCore malware campaign has been uncovered that has seen thousands of Magneto stores compromised and loaded with a payment card scraper. As visitors pay for their purchases on the checkout pages of compromised … Read more

Hotels, restaurants, and telecommunications companies are being focused on with a new spam email campaign that sends a new form of malware called AdvisorsBot. AdvisorsBot is a malware downloader which, like many strains of malware, … Read more