Last week, breaches and cyberattacks occurred across several industries from the jewellery, discount retailer to the health industry. Devastating consequences have been uncovered from earlier data breaches and attacks, such as as 73 million AT&T customers’ data has been leaked on a hacker forum and that more than 2.8 million Point32Health customers’ personal information has been stolen in a breach. Additionally, 28 apps (including 17 free VPN apps) on Google Play have been found to turn Android devices into proxies, and that Google’s new AI search results encourage sites that push malware scams. Furthermore, new vulnerabilities and patches have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. New variant TheMoon malware infects 6,000 ASUS routers in 88 countries within 72 hours. Black Lotus Labs researchers have found a new variant of “TheMoon” malware botnet that has been infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries. The researchers have observed that 6,000 ASUS routers were targeted in under 72 hours during the latest TheMoon campaign which started in early March 2024. It is highly recommended to use strong admin passwords and upgrade your device’s firmware to the latest version to ensure that vulnerabilities are addressed. Common signs of malware infection on routers and IoTs include connectivity problems, overheating, and suspicious setting changes. Massachusetts health insurer has been hit by a data breach: More than 2.8 million individuals’ personal information stolen. Point32Health, the 2nd largest health insurer in Massachusetts, has announced that more than 2.8 million individuals’ personal information was stolen during an April 2023 ransomware attack. This ransomware attack impacted systems associated with Point32Health’s Harvard Pilgrim Health Care brand. In a notification letter, the company reports that they have identified signs that the data was copied and taken from Harvard Pilgrim systems from 28 March to 17 April 2023, and that these files may contain customers’ personal information. The stolen information includes names, addresses, birthdates, phone numbers, social security numbers, health insurance account information, financial account information, medical history, diagnoses, and treatment information. This week, the company filed a refreshed data breach notice to update the number of affected individuals to more than 2.86 million. The company is providing affected individuals with complimentary credit monitoring and identity protection services. Poh Heng Jewellery hit by data breach: Customers’ personal information could be compromised. Poh Heng Jewellery, a jewellery chain, notified their customers about a database breach that occurred on 25 March. The company has stated that the unauthorised access may have compromised their customers’ personal information. The compromised information could include customers’ names, telephone numbers, email addresses, residential addresses, member ID, birth dates and country of residence. Fortunately, no passwords and payment information were compromised. The company’s data protection officer, Ezekiel Chin, stated that once they discovered the breach, they immediately took action to secure their systems, and have reported the incident to relevant authorities. The company has recommended customers to be highly vigilant against phishing attempts, such as malicious links and websites whereby they request their passwords or other personal information. Giant Tiger, discount retailer, states customer data has been compromised in a 3rd party breach. Giant Tiger, a discount retailer, has announced that some of their customers’ contact information has been compromised in a third-party breach. The spokesperson for the company, Alison Scarlett, stated that the vendor would not be named, however the company was utilised by Giant Tiger to manage their customer communications and engagement. Furthermore, it was added that Giant Tiger is working to resolve the issue “as quickly and openly as possible”. In an email to customers, the retailer stated they discovered the security breach on 4 March, and concluded on 15 March that customer information was compromised. The compromised information varied between customers, and it included names and email addresses of those who subscribe to Giant Tiger emails. Furthermore, loyalty members and those who placed online orders for in-store pickups might have had their names, emails and phone numbers compromised. Some customers who placed online orders for home delivery may have had the same information and additionally their street addresses compromised. INC Ransom threatens to leak the stolen 3TB of NHS Scotland data. The INC Ransom extortion gang has threatened to publish 3 TB of data that is allegedly stolen after breaching the NHS of Scotland. In a post published on 27 March, the cybercriminals shared several sample documents with sensitive information about doctors and patients, including medical assessments, analysis results, and psychological reports. They stated that they would leak the data “soon” unless the NHS pays the ransom. A spokesperson for the Scottish Government has stated that the cyberattack only impacts NHS Dumfries and Galloway, which are one of the regional health boards that make up NHS Scotland. Furthermore, the government is working with multiple entities such as the health board, Police Scotland, National Crime Agency, and the National Cyber Centre, to determine the impact and plausible implications of the breach. NHS Dumfries and Gaolloway has confirmed that a ransomware group has leaked a small number of patients’ clinical data. All impacted patients will be informed by the NHS directly so that they can take appropriate measures to protect themselves. AT&T confirms 73 million customers’ data has been leaked on hacker forum. AT&T has now confirmed that 73 million current and former customers have been affected by a data breach after initially denying the leaked data originated from them. In a statement shared with BleepingComputer, AT&T stated that based on their preliminary analysis, the data set appears to be from 2019 or earlier, and has impacted approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. Furthermore, security passcodes used to secure accounts were also leaked for 7.6 million customers. AT&T are reaching out to all 7.6 million impacted customers and have reset their passcodes. The company will notify all 73 million former and current customers about the breach and the following steps they should take. Free VPN apps on Google Play found to turn Android devices into proxies used for cybercrime and shopping bots. 17 VPN apps on Google Play have been found to use a malicious software development kit that turned Android devices into residential proxies that are likely used for cybercrime and shopping bots. Residential proxies are devices that route internet traffic through devices located in homes. This makes traffic appear legitimate and less likely to be blocked. Cybercriminals tend to use them to conceal malicious activities such as ad fraud, spam, phishing, credential stuffing and password spraying. A report published by HUMAN’s Satori threat intelligence team lists 28 apps on Google Play that secretly turned Android devices into proxy servers. Out of these, 17 apps were free VPN apps. The 28 apps are:
For safety precaution, it may be the safest to remove any of these apps that you used via uninstalling them. A Google spokesperson has confirmed that all 28 malicious apps have been removed from Google Play. Google’s new AI search results encourage sites that push malware scams. Google’s new AI-powered ‘Search Generative Experience’ algorithm has been found to recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. Lily Ray, a SEO consultant, found that Google’s SGE is recommending malicious websites within their conversational responses, making it easier for people to fall for scams. As since SGE links the websites within the answers, this can make malicious sites seem more trustworthy and believable. It was found that most redirects lead users to fake captchas or Youtube sites that attempt to trick the visitor into subscribing to browser notifications. Browser notifications are a common tactic scammers use to send visitors unwanted ads directly to the operating system desktop, even when you are not on the website. Google has reported that they continuously update their systems and ranking algorithms to protect against spam, and have taken actions to remove these spam out of Search. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|