Phishing is once again at the top of all cyber news, and there is nothing we can do to change that except taking phishing attack prevention measures. The following top headlines from the cyber world prove just how crucial cyber hygiene is to keep your digital assets from falling into the hands of threat actors.

Premier Diagnostics In Utah Leaks Sensitive Patient Data

Premier Diagnostics – a Utah-based COVID-19 testing facility, has been handling patients’ information carelessly. The testing service has exposed the sensitive information of over 52,000 people by leaving it publicly available on two unprotected Amazon S3 buckets. The compromised data includes the passports, medical insurance cards, driver’s licenses, etc., of patients and their names, addresses, age, photos, ID number, gender, etc.

The affected people are likely to be from Nevada, Utah, and Colorado. The breach, however, did not leak any COVID-19 test reports. Those who are associated with Premier Diagnostics are advised to take measures to protect themselves from phishing, especially when it comes to unsolicited emails or emails from the testing service.

 

Ransomware Hits Buffalo Public Schools

A ransomware attack on the Buffalo Public Schools has brought down its systems and delayed its plan for beginning remote and in-person classes. The shift to in-person learning has been slow but consistent for the school so far, but the attack compelled the school to cancel all classes from Monday onwards. It is now focusing on identifying and removing the vulnerability leading to the attack. But the FBI and cybersecurity firm GreyCastle are working on the investigations. Though no teacher or student information was leaked, it’s speculated that the ransom demanded will be between $100,000 and $300,000.

The school system has shared no further details. As they take phishing protection measures, efforts continue to restore the school’s critical systems so that teaching and learning can be resumed at the earliest.

 

Descartes Aljex Software Leaves AWS S3 Bucket Unsecured

The US-based software company Descartes Aljex Software was recently discovered exposing 103 GB of data through a misconfigured AWS S3 bucket. Researchers at Website Planet found the breach and informed Descartes Alijex of the same. Aljex denied ownership of the bucket, but it was eventually secured, which means they probably took anti-phishing measures.

Over 4000 people, including Alijex customers, sales representatives, employees, and third-party workers, were affected by the breach, which let anyone with the correct URL view, alter, use or misuse the data stored on the bucket. The compromised information includes the names, contact numbers, usernames, plaintext passwords, and users’ email addresses. The names, official email addresses, usernames, and IDs of sales representatives, along with shipment details, were also exposed in the breach. Since such information can be misused for identity theft and other serious crimes, Alijex, and its associates must take necessary measures to prevent phishing attacks.

 

Major Ransomware Attack Hits The South And City College Birmingham

After just a week of resuming offline classes, the South and City College Birmingham and its eight sites were forced to shut their online systems by a major ransomware attack. The attack is said to have encrypted and disabled the college’s core IT systems. As teachers and students go back to the online classes, the college computer forensic specialists are working to fix the issue. The Information Commissioner’s Office and government have been informed as well.

The college announced the attack on its website and Twitter page on 13th March, along with the adversaries’ threatening of decrypting systems only when the ransom is paid. Students are requested to be patient and cooperative as the college figures what needs to be done next. They have already recovered some data from their servers and removed several systems from the network.

Since the email system remains unaffected, students and teachers have been asked to continue with online classes. The college IT experts are taking phishing prevention measures to investigate the attack and restore systems at the earliest.

 

Are Users Of The Japanese Messaging App Line Safe?

Japanese privacy regulations state that no company can share user information with third parties overseas without the user’s prior consent. But the Japanese messaging app Line was recently found sharing sensitive information of users with four Chinese engineers (in charge of Line’s system maintenance) at a Shanghai-based Company. These engineers had access to Line’s servers from 2018 and could view users’ names, contact numbers, and email addresses.

Line says that it hasn’t done anything to defy legal or regulatory boundaries and take measures for protection from phishing. It is cooperating and corresponding with authorities as well. Line has restricted the Chinese affiliate’s access to user data and ensured that the messages sent on Line are secured with end-to-end encryption.

 

Beware Of CopperStealer Hacks

Proofpoint researchers have found a new malware strain in the family of the Chinese malware Silent Fade (first reported in 2019 by Facebook). CopperStealer is believed to be a previously undocumented malware that steals the passwords to Instagram, Facebook, Google, and other social media accounts. The compromised accounts are then used for running malicious ads and spreading malware

The current targets of CopperStealer are the users of the social media and search engine giants. Hence, users are advised to enable MFA on all their online accounts and take adequate phishing prevention measures. Researchers were first made aware of CopperStealer in January 2021. They then found the malware sample in other major service providers such as Apple, Facebook, Instagram, Google Tumblr, PayPal, Twitter, Amazon, etc.

 

New Office 365 Phishing Scams To Look Out For

C-suite executives, their assistants, and financial department employees are becoming the target of a sophisticated Microsoft Office 365 phishing campaign. The attackers presumably made their way into the organization’s email system via an initial attack and then targeted these C-level executives.

Since December last year, this attack campaign is believed to be in action with the use of phishing kits and other techniques at the adversaries’ disposal. Most of the phishing emails are sent from addresses with Microsoft-themed sender domains. The emails are constructed with fake alert messages like Important Security Policy Update or Important Service Changes, giving them the look of official company emails.

These fake emails lead victims to a rough, spoofed Microsoft-themed notice and a fake Office 365 login page. Entering your email ID in such pages lets attackers verify whether it’s a valid Office 365 address. Such attacks are widespread these days, mainly because people are unlikely to invite a noncompliance issue by being unresponsive to a seemingly real official email. Hence, employees, particularly those at executive levels, must be critical in evaluating emails (even from official domains) and adopt necessary anti-phishing solutions for enhanced online security.