We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting vendor risk, cloud risk, critical-infrastructure risk, security flaws, and the usual suspects – hackers, malware and ransomware. Don’t miss the items in ORANGE below.

CLOUD
Ford, TD Bank Files Found Online in Cloud Data Exposure

Attunity Ltd., a company that manages and safeguards data, left internal files exposed on the internet for clients including Ford Motor Co., and the Toronto-Dominion Bank, in the latest example of sensitive information being publicly accessible on the web. The incident revealed passwords and network information about Attunity as well as emails and technology designs from some of its high-profile customers. Click to read entire article.

TELECOM
Hackers are stealing years of call records from hacked cell networks

At least 10 cell networks have been hacked over the past seven years
Security researchers say they have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest. Click to read entire article.

HEALTHCARE
5 More Healthcare Providers Fall Victim to Ransomware Attacks

Last week, Colorado-based NEO Urology paid a $75,000 ransom to unlock its systems; since then, another five providers reported ransomware attacks that drove many to pen and paper. Click to read entire article.

—VENDOR RISK—
Massive Medical Data Breach Could Put Md. Consumers at Risk

Maryland patients whose medical bills were handled by a collection agency may be among 20 million patients who have had their personal information exposed in a data breach, Attorney General Brian E. Frosh said Friday. Medical and other private information may have been compromised by a cyberattack against American Medical Collection Agency, a third-party collection agency for laboratories, hospitals, physician groups, medical providers and others. Click to read entire article.

More than 500 Summa Health patients’ information at risk after possible data breach

More than 500 patient medical records and other personal information are at-risk as a result of an email phishing incident that targeted Summa Health employees. Click to read entire article.

TECHNOLOGY
Major security flaw hits Dell PCs – and potentially millions of other laptops

The flaw, according to Dell’s advisory, sits in a system health-check utility tool that comes bundled in with millions of Dell machines, and if left unpatched could result in privilege escalation vulnerabilities being available for cyber criminals to exploit. The vulnerability exploits a security hold in software manufactured by PC-Doctor that is used as part of Dell SupportAssist software. Click to read entire article.

This ‘virus’ created by 14-year-old is destroying modems, smart TVs and other devices globall

Remember the BrickerBot malware attack back in 2017? Well, that is back, in what is estimated in a larger scale, in a new form of malware created by a 14-year-old teenager known as “Light Leafon”. Click to read entire article.

UTILITIES/ENERGY
The Highly Dangerous ‘Triton’ Hackers Have Probed the US Grid

Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks. Click to read entire article.

PUBLIC ENTITY
3rd Florida Cyberattack: Village of Key Biscayne, Florida last week reported a data breach.

Key Biscayne officials identified a data security “event” earlier this week, City Manager Andrea Agha told CBS Miami. They are working with outside counsel and third-party forensic experts to analyze the data breach and protect the village’s systems against future security incidents. Click to read entire article.

Malware Shuts Down Philadelphia Courts Computer System

Cybersecurity problems are distressingly apparent in the City of Brotherly Love these days. The city court’s website has been shut down by a virus since May 21 (the website went back online Monday, July 1). Click to read entire article.

Eye on Security: California Is the Golden State for Data Breaches; Florida City Pays Bitcoin Ransom

A new analysis of 10 years’ worth of figures on data breaches reveals that California by far holds the dubious distinction of suffering the most breaches as well as leaking the most records. Meanwhile, a Florida city has agreed to pay hackers about $600,000 in Bitcoin to be released from ransomware that gummed up its online systems. Click to read entire article.

Edcouch server hit by ransomware

City officials here confirmed this week that the city’s computer server was infiltrated by hackers and held for ransom in the form of a cryptocurrency known as Bitcoin. Click to read entire article.

Lewes Public Works customers may have had their information stolen

The Lewes Board of Public Works announced to customers this week that their information may have been compromised as part of a hacking attempt of their customer information system. Click to read entire article.

HIGHER EDUCATION
Oregon State experiences security breach

According to Clark, the privacy incident occurred in the beginning of May when an OSU employee’s account was hacked and used to send phishing emails nationally. Click to read entire article.

CRYPTOCURRENCY
Hacker steals $4.5 million from Bitrue cryptocurrency exchange

A mysterious hacker (or group of hackers) managed to steal over $4.5 million worth of cryptocurrency from Bitrue, a Singapore-based trading platform. Click to read entire article.

ONLINE GAMING
EA Games Vulnerability Could Leave 300m Open to Account Hijacking

An EA Games vulnerability allowed anyone to hijack a registered player’s account giving them full access and control without the player knowing, or having to interact with the hacker in any way. Some 300 million may have been affected. Click to read entire article.

CANADA
Desjardins suffers data breach affecting 2.9 million members after inside job

In a statement it said police confirmed to the credit union that the personal information of 2.9 million members “had been shared with individuals outside the organization”. The organization said the incident was not a cyberattack, and its computer systems were not breached. Click to read entire article.