A quick summary of what happened this week in the space of cyber security:
This week has been dominated by ransomware attacks. City of Dallas suffered a ransomware attack that impacted their IT services The City of Dallas has confirmed they have been hit by a ransomware attack, causing them to shut down some of their IT systems and the City’s police communications to prevent the spread of the attack. This resulted in 911 dispatchers having to write down received reports for officers. Due to the attack, the Dallas County Police Department’s website had to be offline for a while, but has since been restored. Furthermore, all courts were closed on Wednesday and Thursday due to this attack. BleepingComputer has learned that the Royal Ransomware operation is behind the attack. Numerous sources stated that printers on the City of Dallas’ network started printing out ransom notes in the morning. Brightline data breach led to 783K paediatric mental health patients’ information stolen Brightline, a paediatric mental health provider, suffered a data breach which impacted 783,606 patients via vulnerabilities in its Fortra GoAnywhere MFT secure file-sharing platform. They have confirmed that protected health information has been stolen. Personal information stolen includes full names, physical address, birth dates, member identification numbers, health plan coverage date, and employer names. Clop ransomware gang conducted the attacks, and has listed them on Clop’s extortion portal. Update: Clop ransomware operations have deleted Brightline’s data from their store after finding out what this company does. T-Mobile suffers another data breach since January T-Mobile has suffered another data breach, which impacted 836 customers. Personal information breached includes but is not limited to customer’s names, driver’s licence, or identification card numbers, account PIN, social security number, birth date, balance due and phone plan. This follows a massive data breach in January which impacted 37 million post- and prepaid customers. This has prompted questions about T-Mobile’s cybersecurity track record. Samsung bans staffs from AI tools after ChatGPT data leak Samsung Electronics has banned employees from using AI tools on company-owned electronics and internal networks, after discovering staff uploaded sensitive code to ChatGPT. Earlier in April, Samsung engineers accidentally leaked internal source code via uploading it onto ChatGPT. Samsung is concerned about the security risk of AI generative services - as data transmitted to AI platforms is stored on external servers, making it tough to retrieve and delete, and data could be disclosed to other users. Bluefield University’s emergency broadcast system hacked by Avos. On 1st May, Avos ransomware gang hacked Bluefield University's emergency broadcast system to send staff and students SMS messages and email alerts that their data had been stolen and would be released. On 30th April, the University notified staff and students that a cyber attack had impacted the IT systems, causing postponement of all examinations. Constellation Software hit by ransomware attack Constellation Software, a Canadian diversified software company, confirmed on Thursday that some of their systems related to internal financial reporting and data storage by operating groups and businesses of Constellation, had been breached. Personal information and business data has been stolen. ALPHV ransomware gang has claimed for the attack, stating they had breached Constellation Software, and stole more than 1TB worth of files. They also threatened to leak the stolen data if the company did not respond to their ransom demand. Hong Kong’s OT&P Healthcare data breach exposes patients’ information Hong Kong’s OT&P Healthcare suffered a data breach, whereby a threat actor accessed their IT systems and stole patients’ data. CEO Robin Green stated on Friday that as of now, they are unsure of the kind of data breached, and how many of their clinics have been affected. After notification of irregularities in their system, patient data were taken offline. They have started an investigation into this incident with a third-party forensics firm. Akira - New ransomware operation that targets the enterprise Akira, launched in March 2023, has already claimed to have conducted attacks on 16 companies from various industries - education, consulting, manufacturing, finance and real estate. Akira will breach a corporate network and spread laterally to other devices. Before encrypting files, they will steal companies’ data to extort them for ransom. As of now, Akira has leaked data from 4 of their victims. This ransomware gang ransom ranges from $200,000 to millions. New Android Malware - Fleckpe downloaded 600k times on Google Play Kaspersky spotted a new Android subscription malware called Fleckpe that has been disguised as a legitimate app on Google Play. This malware has been downloaded over 620,000 times. This malware generates unauthorised charges via subscribing users to premium services. Most victims of this malware reside in Singapore, Malaysia, Indonesia,Thailand and Poland, but the rest can also be found across the globe. Kaspersky identified 11 Fleckpe apps that impersonate photo libraries, premium wallpapers, image editors and more on Google Play. All these apps have been removed from Google Play but there could be more undiscovered Fleckpe apps. It is highly recommended that Android users who have previously downloaded these apps remove them immediately and run an AV scan to root out any residue of the malicious code that could be hidden in the device. New Android malware - FluHorse steals passwords and 2FA codes CheckPoint Research discovered a new Android malware called FluHorse which targets users in Eastern Asia with malicious apps that emulate legitimate versions. This malware is distributed via email, and they steal the target's account credentials, credit card information, and 2FA codes. CheckPoint warns that this is an active threat for Android users, with new malicious apps and infrastructure appearing monthly. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|