In past years, the frequency of successful cyber attacks has increased significantly. As such, it isn’t surprising that every day countless institutions get targeted by the adversaries. Here are the top cyber headlines from the previous week that might compel you to reconsider your phishing prevention measures.
Data Breach Risks 36,000 Jail Inmates’ Data
Recently, data belonging to 36,077 jail inmates at Florida, Kentucky, Missouri, Tennessee, and West Virginia center were compromised because of the neglect of phishing protection by a cloud management platform for US correctional facilities.
This happened because of a misconfigured Amazon S3 bucket of JailCore and even exposed confidential data related to a patient’s acceptance of the drug. Other compromised details include their names, mugshots, IDs, booking numbers, activity logs, and personal health information. The names of drug administrators and signatures of correctional officers too were exposed. Although phishing attack prevention measures have now been taken, the exact number of victims hasn’t been updated.
Data Breach At Enrichment Systems, Inc
The San Diego, California-based preschool education provider Enrichment Systems, Inc (EES) recently announced that they were a victim of a data breach, which led to the compromise of personal details of parents and students. Unauthorized access of an employee email account on August 30, 2019, enabled the attacker to view details in the email account from May 27, 2019, to July 15, 2019.
The compromised details include the names, social security numbers, addresses, health insurance information, student education records, financial information along with medical history and treatment information of the parents, and wards. EES is now adopting phishing email prevention measures and also providing free credit monitoring and identity protection services to the affected people.
Ransomware Hits Miami Police Department
The police department of North Miami Beach recently underwent a ransomware attack, and the attackers are now demanding a ransom of millions to decrypt the locked files.
All affected computers were immediately shut down, and no disruptions to public safety services were reported. To ensure protection from phishing, the police department is collaborating with federal partners, the county police department, and a third-party forensic investigator.
Security Breach At Grundy County Courthouse
The Grundy County Courthouse in Trenton reported a security breach it underwent on 30th January 2020. Betty Spickard – Clerk at the County, said that the attack brought down their computers. Affected offices include those of the county clerk, collector-treasurer, and assessor. However, the court offices, the prosecutor’s office, and the law enforcement center remained unaffected.
Thanks to cloud backup, IT could retrieve some files, but the depths of the breach are yet to be analyzed. As they endeavor to establish protection from phishing attacks, the county offices are working manually and have asked residents to pay their taxes by producing their bills.
Danish Govt Exposes Citizens’ Data
For five years, TastSelv, the e-tax portal of Denmark, had a bug which has exposed the personal identification (CPR) number of 1.26 million citizens. The vulnerability was recently brought to light by UFST, who informed citizens that there are no direct or immediate threats to their safety.
CPR numbers in Denmark are needed to open a bank account, or own a phone number, and for other such basic operations. Although the leaked data is accessible only to two analytics companies – Adobe and Google, measures should still be taken to prevent phishing attacks.
Data Breach At Altice USA Inc.
Optimum cable television and internet services provider Altice USA Inc recently announced that it underwent a data breach that exposed the details of all its 12,000 employees, some of its former employees and a few customers as well. The compromised data includes social security numbers, birth dates, and other personal information. However, there is no evidence or record of any misuse of these details so far.
Unauthorized access to the email account credentials of employees instigated the breach. The attackers probably used stolen credentials to access and download the contents of mailboxes. They are now taking steps to ensure email phishing prevention and are offering free identity and credit monitoring for one year to all affected persons.
Poor Privacy Policy: Wacom
Mostly used by artists as a mouse to realistically draw on computers using a pen on a flat surface, Wacom drawing tablets come with a faulty privacy policy that enables them to track every app you open or close on your computer.
This vulnerability was found by software engineer Robert Heaton, who says that the security flaw collects our data through a Google Analytics account. However, you can still protect yourself from phishing attempts induced by Wacom’s shady privacy policy by simply refusing to accept the policy. Since the driver gets installed even if you do not allow the policy, Heaton advises users to opt-out of the policy in the first place.
Indian Cards Sell On Dark Web
A new database is now trending on Joker’s Stash (the underground card shop on the dark web), wherein 461,976 payment card details have been listed. This database was first noticed by the Singaporian cybersecurity company Group-IB who claims that Indian banks have issued a vast majority of the card details listed on the database.
The card records were uploaded on 5th February, the details of the database are selling at a rate of USD 9 per card, and hence the total estimated value goes up to USD 4.2 million. Although the adversaries behind this haven’t yet been identified, it is reported that sixteen cards have already been sold! These will probably be used for launching payment card frauds.
The database includes card numbers, expiration dates, CVV/CVC codes, full names, emails, phone numbers, and addresses of the victims. India’s Computer Emergency Response Team (CERT-In) has been notified to adopt the required anti-phishing solutions.
Dell Patches Security Flaws In SupportAssist
Dell recently notified its users of a patch for a flaw in its SupportAssist Client software. This flaw in Dell’s preinstalled SupportAssist for Windows operating systems allows even a locally authenticated hacker to load arbitrary code on vulnerable computers.
The bug affects the following Dell SupportAssist versions:
- Dell SupportAssist for business PCs version 2.1.3 or earlier.
- Dell SupportAssist for home PCs version 3.4 or earlier.
To ensure protection, Dell has released the Dell SupportAssist version 2.1.4 for business PCs and Dell SupportAssist version 3.4.1 for home PCs. Dell recommends customers to download these patched versions at the earliest.
Singaporean Organizations Fined For Security Negligence
The Singaporean security watchdog Personal Data Protection Commission (PDPC) has been warning, directing, and fining organizations for the last four years to take necessary anti-phishing measures. As a result of ignoring these reminders, Singtel, SPH Magazines, and Royal Caribbean Cruises (Asia) and four other organizations have been recently fined $66,000 in total for not complying with the necessary protocols.