Cybersecurity Updates For The Week 22 of 2022

Cybersecurity Updates For The Week 22 of 2022

These days, ransomware attacks and data breaches target organizations even when they have anti-phishing solutions in place. That is why it is essential to be abreast of the latest cyber updates and think critically to predict and mitigate cyberattacks before they can cause damage. Here are the newest cyber attack headlines from the bygone week: Continue reading “Cybersecurity Updates For The Week 22 of 2022” »

Cybersecurity Updates For The Week 13 of 2022

Cybersecurity Updates For The Week 13 of 2022

Phishing attacks and social engineering tactics are only the first steps involved in a threat actor’s modus operandi, which are deployed to lure the end-user into divulging a crucial piece of information, which malicious actors can misuse for nefarious purposes. Thus, if only you stay abreast of the latest phishing hacks and adopt measures for protection against phishing, you would be able to thwart a significant portion of cyberattacks on your business. To this end, here are the top phishing headlines this week.


Data Breach Hits Jefferson Dental and Orthodontics, Texas

Over a million Texans may have their data exposed owing to a breach at Jefferson Dental and Orthodontics – one of Texas’s largest dental care providers. Jefferson Dental has around 72 offices across Texas, and the latest breach has reportedly compromised the details belonging to 1,026,820 Texans. As part of its measures for phishing attack prevention, the dental care provider reported the incident to the Texas Attorney General’s Office. The episode also made it to the state’s website. This breach is significant because it is the largest cyber-attack reported to the Texas Attorney General since the new notification law was implemented in September 2021.

The new law mandates organizations to report data breaches impacting over 500 individuals to the Texas Attorney General’s Office, and the state then publishes the list of these data breaches online. Jefferson Dental and Orthodontics also sent out breach notifications to its affected patients, informing them that there is no evidence showing the misuse of the exposed information. The notice also mentioned the type of patient information disclosed, including driver’s license numbers, Social Security numbers, financial information, health insurance information, etc.

The malware attack was first discovered on 9th August 2021, and Jefferson Dental began its investigation soon after. The breach notification was released after the analysis was complete in January 2022.


Iranian Hackers Leak Personal Details of Mossad’s Director

Israel’s national intelligence agency (Mossad) director David Barnea recently became the target of a Telegram scam where Iranian hackers claimed to publish videos, photos, and documents obtained from a phone used by Barnea’s wife. The adversaries posted the said files on an anonymous Telegram channel which had less than a hundred followers and was created just a day before the Barnea dump.

Later reports confirmed that the video was posted on a Telegram channel called ‘Open Hands’ and was part of a lengthy intelligence operation against Barnea (who became the head of Mossad in June 2021) that started in 2014. A post on the channel read, “We’ve got a small gift for the Mossad; ‘With LOVE for David.’ Happy Purim.” The Mossad continues to investigate the incident. It further mentioned that the information leaked is old (hence irrelevant), but the leak exposed information on Barnea, including a copy of his ID card, plane tickets, tax documents, satellite pictures of his home in central Israel, photos from one of his family vacations at Copenhagen in 2014 and a video with captions in English, Arabic, and Hebrew.


Electoral Services Department of Wandsworth Council Exposes Residents’ Email IDs

The electoral services department of Wandsworth Council in the southwest of London recently sent out a routine email to registered voters but exposed their personal details in the process. This negligence by the council culminated in sending voter identity details to the wrong recipients. Resultantly, around 13% of local residents (43,000 voters) received the names, voting instructions, and addresses of people outside their households.

The council sent an apology email to affected victims and assured them that no electoral fraud could be conducted using the exposed data. In a follow-up email, the council asked recipients to delete the erroneously sent email and justified its own negligence by saying that the leaked data was available on a public electoral register anyway. This concluding comment does nothing to address the concerns and fears of voters and instead evokes the unreliability of the Conservative majority council, opines Fleur Anderson (Labor MP for Putney).

At this point, we can only hope that such incidents do not happen again and that the council adopts necessary phishing prevention measures. It is unlikely that the Information Commissioner’s Office (ICO) will launch any formal investigation on this.


Ransomware Hits Greek Postal Services ELTA

The state-owned postal services provider in Greece – ELTA, recently underwent a ransomware attack that brought down most of its services. ELTA announced the attack soon after discovering it and mentioned that the organization could contain the attack’s spread by adopting immediate phishing protection measures and isolating the entire data center.

ELTA eventually shared further details of the attack and claimed that the adversaries entered one of its workstations using an HTTPS reverse shell and exploiting an unpatched vulnerability. It is assumed that the adversaries wanted to encrypt systems critical to ELTA’s business operation. However, ELTA has not shared whether any ransom demands were made.

Since cyberattacks usually involve data theft, ELTA has informed the Greek consumer data protection authority about the incident. Its services largely remain disrupted, and ELTA is uncertain when it can resume services again. Further, users have taken to the ELTA Facebook page to report their failed attempts at tracking parcels or accessing its web labeling services.

ELTA’s IT team is currently working hard to scan its computers (over 2,500) for malware and is installing security tools to prevent such an incident from happening again. ELTA recommends that customers use its subsidiary ELTA Courier until all services are restored.


Anonymous Targets Omega Company

Omega Company is the in-house R&D unit of the Russian oil pipeline giant – Transneft. The ransomware gang Anonymous recently targeted Omega Company and stole its confidential data. The threat actor reportedly stole 79 GB of emails belonging to Transneft, the largest global oil pipeline company. The stolen data was then published on a data leak site – Distributed Denial of Secrets.

The data stolen from Transneft’s Omega Company contains the email accounts data of employees, technical equipment configurations, invoices, and product shipment information. An analysis of the leaked data revealed that some of the emails were as recent as 15th March 2022. On a somewhat surprising note, Distributed Denial of Secrets said that it dedicated this breach to Hillary Clinton, who seemed to have made some comments in an interview in support of cyberattacks against Russia.


Data Breach Hits HubSpot

Customer relationship management (CRM) tool HubSpot recently underwent a data breach that affected some clients like Swan Bitcoin, BlockFi, NYDIG, and Circle. Companies commonly use HubSpot to onboard new users and manage marketing campaigns. Fortunately, the breach did not affect the operations of HubSpot’s clients in any significant way, and their treasuries remain risk-free.

Clients use HubSpot to store their users’ details such as names, email addresses, phone numbers, etc. While the hack compromised these user details, the involved companies assured that passwords and other internal information remained unaffected. HubSpot claimed that the breach occurred because adversaries could access one of its employee accounts and used it to target around 30 stakeholders in the crypto industry. The list of these companies has not been released so far.

As a result of this attack on HubSpot, some users are receiving an increased number of phishing emails leading them to a fake credential-stealing website. While HubSpot does its part in ensuring anti-phishing protection, users are recommended to do their bit for enhanced security.


Cyberattack Hits National Rifle Association (NRA)

The National Rifle Association’s political action committee (PAC) recently submitted a filing to the Federal Election Commission (FEC) informing of a cyberattack it underwent last year. While this may seem like a measure to prevent phishing attacks, this PAC filing comes after the organization failed to resolve a financial discrepancy related to donations.

A ransomware gang called Grief took ownership of this attack on the gun lobby’s servers in October 2021 and claimed to have stolen its sensitive internal documents. Grief actors also attached screenshots of the stolen data to prove its claim. When Grief disclosed the attack last year, the NRA did not comment on the issue, but now when things seem out of control, it has admitted the truth and accepted that it got pwned on 20th October 2021.

Cybersecurity Updates For The Week 12 of 2022

Cybersecurity Updates For The Week 12 of 2022

Social engineering attacks are an ever-present problem, and organizations worldwide are struggling to secure their systems against phishing attacks. Following are some of the most recent phishing headlines to help accelerate the process of ensuring phishing attack prevention for your organization.


Data Breach Hits South Denver Cardiology Associates

On New Year’s Day, South Denver Cardiology Associates (SDCA) was targeted by a cyberattack that was discovered only on 4th January 2022. The initial investigation revealed that adversaries accessed the SDCA network between 2nd January and 5th January. Consequently, patients’ protected health information (PHI) was compromised. These included patients’ names, social security numbers, DOBs, drivers’ license numbers, health insurance information, patient account numbers, and other clinical details.

Continue reading “Cybersecurity Updates For The Week 12 of 2022” »

Cybersecurity Updates For The Week 11 of 2022

Cybersecurity Updates For The Week 11 of 2022

It is essential to be abreast of the latest phishing news headlines to plan anti-phishing strategies better. Here are this week’s most significant phishing updates for your perusal.


Cyberattack Hits Japanese Animation Studio – Toei

The Japanese Anime giant Toei recently underwent a cyberattack that delayed the airing of new episodes of its popular anime series (including Delicious Party Precure and ONE PIECE). The hack brought in major disappointment for ONE PIECE viewers who were eagerly waiting for the release of the series’ chapter 1000. Toei first detected suspicious activities in its systems on 6th March 2022 and immediately issued an internal notice demanding the shut down of all internal systems to ensure protection from phishing attacks. Toei also launched an investigation into the breach to determine whether the adversaries stole data from its systems.

Continue reading “Cybersecurity Updates For The Week 11 of 2022” »

Cybersecurity Updates For The Week 10 of 2022

Cybersecurity Updates For The Week 10 of 2022

Threat actors are leveraging the ongoing Russian-Ukrainian tensions to launch cyberattacks worldwide. Organizations need to be more vigilant than ever to keep their information assets from falling into the hands of cyber adversaries. Here are this week’s phishing and data breach updates from around the world.


Avast Release Free Decrypter For Files Encrypted By The HermeticRansom

Avast has finally released a decryptor for the HermeticRansom, which recently launched several attacks on Ukraine. The free decryptor released by Avast is one of the many attempts security firms make to help Ukrainians recover their files from these attacks for free.

Continue reading “Cybersecurity Updates For The Week 10 of 2022” »

Cybersecurity Updates For The Week 9 of 2022

Cybersecurity Updates For The Week 9 of 2022

As a small business owner, one should be aware of the latest attack vectors targeting SMBs and SMEs to prevent phishing attacks. To that end, here are the latest updates on the most notable phishing updates of this past week.


Russian DDoS Attacks Repeatedly Target Ukrainian Institutions

Distributed Denial-of-Service (DDoS) attacks are targeting the websites of many Ukrainian government agencies and state-owned banks. Ukraine’s largest banks – Privatbank and State Savings Bank were among the affected institutions. Consequently, some of the affected systems remain temporarily unavailable.

Continue reading “Cybersecurity Updates For The Week 9 of 2022” »

Cybersecurity Updates For The Week 8 of 2022

Cybersecurity Updates For The Week 8 of 2022

While breaches and attacks are very common, not many people are aware of the impact these have on organizational networks and the information stored and shared therein. Here are the most significant phishing news headlines this week to help plan your anti-phishing measures.


Data Breach Hits Extend Fertility

New York City (NYC) based fertility clinic – Extend Fertility recently underwent a cyberattack. Now it is notifying patients of the probability of the compromise of their data. Specializing in IVF and freezing embryos and eggs, Extend Fertility was attacked on 15th December 2021, and the clinic had hired external forensic experts to investigate the nature of the attack then. Its servers and networks containing patients’ personal and protected health information (PHI) were affected.

Continue reading “Cybersecurity Updates For The Week 8 of 2022” »

Cybersecurity Updates For The Week 7 of 2022

Cybersecurity Updates For The Week 7 of 2022

Cyberattacks can be curbed significantly by adopting effective phishing prevention measures. This week’s news headlines demonstrate the importance of effective cybersecurity measures and re-emphasize the need for organizations to incorporate them to safeguard their information assets.


Ransomware Hits Swissport International

The aviation services company – Swissport International Ltd. recently underwent a ransomware attack that disrupted its operations across its 307 locations in 50 countries. Though the ransomware operator’s name has not been disclosed, Swissport International said that the attack caused a delay in operations and flight departures. Reportedly, limited sections of the company’s IT system were affected, and Swissport’s Twitter post confirms that most of the attack has been contained already.

Continue reading “Cybersecurity Updates For The Week 7 of 2022” »

Cybersecurity Updates For The Week 6 of 2022

Cybersecurity Updates For The Week 6 of 2022

Phishing continues to be a primary contributor to cyber news headlines. Following are the most significant phishing news headlines this week to help you plan your phishing prevention measures.


Ransomware Hits Swissport

A ransomware attack recently targeted Swissport – the Swiss airport management service that affected its IT infrastructure. In its statement, Swissport said that most of the attack had been contained and mentioned that it is taking necessary anti-phishing measures to restore systems, particularly its delivery system.

Continue reading “Cybersecurity Updates For The Week 6 of 2022” »

Cybersecurity Updates For The Week 5 of 2022

Cybersecurity Updates For The Week 5 of 2022

Being abreast of the latest phishing tactics and updates is pivotal to establishing effective anti-phishing solutions to safeguard critical organizational information. Here are the phishing news headlines in the limelight this week.


Cyberattack Targeting Global Energy Firms

A cybersecurity expert recently discovered a cyber-espionage campaign that has been active since 2019 and has targeted over 15 industrial technology and renewable energy entities so far. The researcher further revealed that the adversaries used a custom Mailbox toolkit for the attacks. The campaign steals the login credentials of employees of renewable energy and industrial technology firms and environmental protection organizations. Its victims include Huawei, Schneider Electric, HiSilicon, Honeywell, Telekom Romania, CEZ Electro, Taiwan Forestry Research Institute, Sorema etc. Investigations traced most compromised sites back to *[.]com[.]br (Brazil) and the phishing pages were primarily hosted on domains like *[.]eu5[.]net, *[.]eu3[.]org and *[.]eu3[.]biz.

Continue reading “Cybersecurity Updates For The Week 5 of 2022” »