Phishing attacks continue to create havoc in the cyber world. This week’s cyber headlines are all about data breaches and the phishing prevention measures adopted by the victim organizations. Reading such news sure gives some perspective into what should go into the business continuity plan we have for our organization, and that is why we bring you the top cybersecurity headlines

East London Council Forgets To BCC Email Recipients, Exposes Thousands Of Addresses

In a recent technical blunder, a local authority at East London sent out an email to thousands of residents without using the BCC field. Thus, all residents of Tower Hamlets could see the email addresses of the fellow email recipients. One of the Register readers by the name of Patrick questions why the council couldn’t use some email marketing platform like Mailchimp. Patrick received an email with 400 other addresses in the To field.

There wasn’t much the council could do after the email was sent. However, it apologized to all affected email recipients in a follow-up email that was BCC’d correctly. The council assured recipients that such blunders wouldn’t be repeated, and they’ll take all anti-phishing measures from now on.

 

Data Breach At Third Party Vendor Exposes Faxton St. Luke’s Healthcare’s Patient Data

Capture RX is a third-party business associate that assisted Faxton St. Luke’s Healthcare (FSLH) to reduce prescription drug costs. The FSLH was notified of a data breach at Capture RX recently, which impacted the PHI of 17,655 of its patients.

Capture Rx noticed some unusual activity in its systems on 6th February and immediately began investigations into the attack. It notified that all affected clients and patients would be sent breach alert letters individually. Around 19th March, FSLH was informed that some of its patient data were compromised in the security incident. However, there has been no evidence of misuse of this exposed data so far.  The leaked patient information includes their full names, DOBs, prescription details, and medical record numbers. Capture Rx has been acting proactively ever since the attack was detected. It has also reviewed its policies and procedures and would provide training to its workforce to prevent phishing attacks in the future. It advises all patients to look out for phishing attacks and monitor their financial accounts for suspicious activities.

 

ShinyHunters Attacks Indian Company WedMeGood

It’s just been over a week since we talked about the ShinyHunters attack on Big Basket, and now the notorious hacker group is back in the headlines for another attack. This time, the adversaries have targeted the Indian wedding planning site – WedMeGood. WedMeGood was reportedly involved in another security incident last October, and now it has been attacked by ShinyHunters. Over 41.5GB of the website’s customer data has been compromised in the breach. The platform is renowned for its services in the wedding industry, right from finding and decorating venues to getting outfits and photographers for the event.

The exposed user data includes their cities, gender, names, contact numbers, email addresses, and password hashes, and booking details, among other information. Since it’s the second known attack on WedMe Good in seven months, users are advised to change their account passwords and adopt necessary measures to protect themselves from phishing. If users have the habit of using the same password for multiple accounts, they must change their passwords for all other accounts.

 

Conti Ransomware Hits U.S. Defense Contractor Blueforce

The Conti ransomware gang has recently attacked the U.S. defense contractor BlueForce. The attack was confirmed by the Hatching Triage page, which also shared a copy of the ransom note left by the adversaries. Conti asks BlueForce to contact them to decrypt files and warns that any attempts to recover files using external software might damage files.

As per the shared evidence, Conti operators first approached BlueForce with offers to negotiate on 9th April. The victim company responded two weeks later, asking for ways to recover files. The ransomware operators are demanding around $969,000 (17 bitcoins) for the decryption key. The Conti ransomware is renowned for encrypting files as well as publishing the stolen data. We haven’t heard BlueForce’s side of the story yet, but this is another attack that reminds us to take adequate phishing protection measures.

 

Security Vulnerabilities Discovered In Peloton’s API

Researchers at Pen Test Partners recently discovered some vulnerabilities in Peloton’s bike software. The loophole in its API enabled unauthorized users to view sensitive user data, such as their age, gender, location, class attendees, etc., even when the private mode was enabled for their accounts.

Pen Test Partners gave Peloton three months to patch the identified vulnerabilities before they went public about these security flaws. Peloton did acknowledge the notification but didn’t update anything about fixing the vulnerability. Resultantly, Pen Test Partners made the vulnerability public, and TechCrunch was the first to report the vulnerabilities. The incident coincided with the recall of a Peloton treadmill that used the vulnerable API and led to a child’s death and other injuries among users.

In its defense, Peloton said that the existence of the vulnerabilities doesn’t equate to their exploitation. It has accepted and apologized for the delay in corresponding the patch update to Pen Test Partners. It says that protection against phishing is one of its primary cybersecurity goals, and there won’t ever be a compromise on that. In the future, Peloton promises to be faster in responding to security incidents as and when they happen.

 

DDoS Attack Hits Belgian Internet Provider Belnet

The Belgian Education Network and National Research were recently brought down by a major distributed denial of service (DDoS) attack. The attack affected most of the Belgium government’s IT network and internal systems. The government and police services websites were down too. Since Belnet services are availed by research centers, educational institutions, government services, and scientific institutes, there was a general disruption in user activities and communication.

Belnet is doing everything in its capacity to restore services for people and has opened up a customer service desk to help those in distress. It successfully implemented many of its anti-phishing solutions by 4th May and believes that the impact of the DDoS attack has diminished to a great extent.

 

Cyber Attack Hits Spanish Delivery Startup Glovo

Glovo is a Spanish rapid-delivery start-up that came up and flourished during the COVID-19 pandemic. With a market value of more than $1 Billion, Glovo does a good job delivering everything from groceries to other essentials at the doorsteps of over 10 million customers across 20 nations.

Glovo notified of a data breach recently where the adversaries gained access to its system. The incident took place on 29th April but could be regulated at the entry point because of Glovo’s robust anti-phishing protection strategies.

No personal data or payment card details of users were involved in the incident. However, the adversaries were selling and changing the login passwords of customers and courier personnel. As more start-ups and small-scale enterprises populate the gig economy, there should be an equal emphasis on ensuring protection from phishing attacks.