We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. This month we’re highlighting vendor risk, cloud risk, critical-infrastructure risk, security flaws, and the usual suspects – hackers, malware and ransomware. Don’t miss the items in ORANGE below.
Attunity Ltd., a company that manages and safeguards data, left internal files exposed on the internet for clients including Ford Motor Co., and the Toronto-Dominion Bank, in the latest example of sensitive information being publicly accessible on the web. The incident revealed passwords and network information about Attunity as well as emails and technology designs from some of its high-profile customers. Click to read entire article.
At least 10 cell networks have been hacked over the past seven years
Security researchers say they have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest. Click to read entire article.
Last week, Colorado-based NEO Urology paid a $75,000 ransom to unlock its systems; since then, another five providers reported ransomware attacks that drove many to pen and paper. Click to read entire article.
Maryland patients whose medical bills were handled by a collection agency may be among 20 million patients who have had their personal information exposed in a data breach, Attorney General Brian E. Frosh said Friday. Medical and other private information may have been compromised by a cyberattack against American Medical Collection Agency, a third-party collection agency for laboratories, hospitals, physician groups, medical providers and others. Click to read entire article.
More than 500 patient medical records and other personal information are at-risk as a result of an email phishing incident that targeted Summa Health employees. Click to read entire article.
The flaw, according to Dell’s advisory, sits in a system health-check utility tool that comes bundled in with millions of Dell machines, and if left unpatched could result in privilege escalation vulnerabilities being available for cyber criminals to exploit. The vulnerability exploits a security hold in software manufactured by PC-Doctor that is used as part of Dell SupportAssist software. Click to read entire article.
Remember the BrickerBot malware attack back in 2017? Well, that is back, in what is estimated in a larger scale, in a new form of malware created by a 14-year-old teenager known as “Light Leafon”. Click to read entire article.
Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks. Click to read entire article.
Key Biscayne officials identified a data security “event” earlier this week, City Manager Andrea Agha told CBS Miami. They are working with outside counsel and third-party forensic experts to analyze the data breach and protect the village’s systems against future security incidents. Click to read entire article.
Cybersecurity problems are distressingly apparent in the City of Brotherly Love these days. The city court’s website has been shut down by a virus since May 21 (the website went back online Monday, July 1). Click to read entire article.
A new analysis of 10 years’ worth of figures on data breaches reveals that California by far holds the dubious distinction of suffering the most breaches as well as leaking the most records. Meanwhile, a Florida city has agreed to pay hackers about $600,000 in Bitcoin to be released from ransomware that gummed up its online systems. Click to read entire article.
City officials here confirmed this week that the city’s computer server was infiltrated by hackers and held for ransom in the form of a cryptocurrency known as Bitcoin. Click to read entire article.
The Lewes Board of Public Works announced to customers this week that their information may have been compromised as part of a hacking attempt of their customer information system. Click to read entire article.
According to Clark, the privacy incident occurred in the beginning of May when an OSU employee’s account was hacked and used to send phishing emails nationally. Click to read entire article.
A mysterious hacker (or group of hackers) managed to steal over $4.5 million worth of cryptocurrency from Bitrue, a Singapore-based trading platform. Click to read entire article.
An EA Games vulnerability allowed anyone to hijack a registered player’s account giving them full access and control without the player knowing, or having to interact with the hacker in any way. Some 300 million may have been affected. Click to read entire article.
In a statement it said police confirmed to the credit union that the personal information of 2.9 million members “had been shared with individuals outside the organization”. The organization said the incident was not a cyberattack, and its computer systems were not breached. Click to read entire article.