A new ransomware, dubbed “Ryuk,” has surfaced in the last few weeks that is said to be targeting large organizations in the United States. The attackers behind Ryuk have reportedly made over $640,000 in just two weeks, and are allegedly connected to the well-known hacking group out of North Korea—Lazarus. According to security company Check … Continue Reading
Just days after the FBI issued a private warning to the banking industry (read more here), the botnet network known as Necurs began a spamming campaign that targeted the banking industry. The activity was discovered by the security research firm Cofense. According to Cofense, the Necurs network started a concentrated spear phishing campaign against approximately … Continue Reading
The Department of Homeland Security (DHS) has indicated that Russian hackers successfully attacked the energy, nuclear, aviation and critical manufacturing sectors through targeted phishing campaigns throughout 2017. According to DHS, the coordinated attacks started in 2016 with one compromise that was dormant for a year until other infiltrations occurred. The hackers targeted real people by … Continue Reading
In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry. According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that … Continue Reading
As a frequent traveler, both personally and professionally, this bit of research unnerved me. Of course, it makes sense when you think about it, and none of us should be surprised, but it is a good reminder for those of us who are on the road a lot. Security researchers at F-Secure in Finland report … Continue Reading
In what is being called a systematic targeting of large health care organizations, pharmaceutical companies, and IT companies and equipment manufacturers that service the health care industry, Symantec has reported that a new hacking group, dubbed “Orangeworm,” is carefully selecting its targets and strategy prior to launching an attack. According to Symantec, the hackers have … Continue Reading
Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme. The incident illustrates how the manufacturing sector is continuing to … Continue Reading
Late last week, a joint statement by the Department of Homeland Security and the Federal Bureau of Investigation confirmed that the Russian government has been behind an ongoing targeted campaign to penetrate U.S. power plants and the electric grid. Of course, this fact has been well known and has been reported on repeatedly in the … Continue Reading
Orbitz, the travel booking entity that is owned by Expedia, has confirmed that it has “identified and remediated a data security incident affecting a legacy travel booking platform.” This means that one of its older websites that are used by customers to book their travel plans was hacked. The statement says that Orbitz uncovered evidence earlier … Continue Reading
The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were … Continue Reading
When talking to colleagues and friends, it appears that folks do not understand how their smartphones work and the data that can be accessed through them. This prompted me to again give basic steps that can be used to protect personal information that can be accessed, legitimately and in an unauthorized manner through the settings … Continue Reading
The U.S. Securities and Exchange Commission (SEC) updated guidance to public companies this week on how and when they are to disclose cybersecurity risks and breaches. The SEC suggests that public companies should disclose potential weaknesses that have not been targeted by hackers. There has always been a tension between the SEC and public companies … Continue Reading
Oklahoma State University Center for Health Sciences (OSUCHS) has notified 279,865 patients that their protected health information may have been compromised as a result of a hacking incident. OSUCHS has determined that an unauthorized individual gained access to its system housing Medicaid billing information on November 7, 2017, but it is unable to determine whether … Continue Reading
Our experience last year is consistent with the conclusion of a new report issued by Cryptonite in its 2017 Health Care Cyber Research Report—that the number of hacking events targeted at health care entities involving ransomware increased a whopping 89% from 2016. The report analyzed the self-reporting database of the Office for Civil Rights (OCR) … Continue Reading
The Federal Bureau of Investigation (FBI) issued a warning to parents in the past about the concerns with connected toys. Many parents recently bought the newest gadgets for their kids over the holidays, without realizing the capabilities of these toys to collect, maintain, sell and use personal information. As I chat with people about the … Continue Reading
The latest report regarding Russia stealing U.S. cyber secrets is yet again centered around the National Security Agency (NSA), using Contractors to gain access, in some cases, to classified data. It has been reported that a NSA Contractor (fired back in 2015) put highly classified U.S. cyber secrets on his home computer, which included information … Continue Reading
The news about data breaches always seems to be dire lately. Some good news: data breaches in the healthcare industry were lower in October than in September, based upon reportable data breaches to the Office for Civil Rights (OCR). Note that only breaches involving more than 500 records have to be disclosed to the OCR … Continue Reading
On November 24, 2017, image-sharing website Imgur disclosed that email addresses and passwords of 1.7 million users were stolen in a 2014 hack on the company. Imgur became aware of the breach on November 23, 2017 when a security researcher alerted the company about the potential issue. The breach was confirmed on November 24th and … Continue Reading
A new study by Google, the University of California Berkeley and the International Computer Science Institute has concluded that email users are being threatened by massive credential theft and phishing schemes are the primary way hackers are stealing credentials. According to the study, phishing victims are 400 times more likely to have their email accounts … Continue Reading
Beazley has published a report outlining data breaches in the first nine months of 2017. The report notes that the highest cause of a data breach in 2017 so far are unintended disclosures, which accounted for 41 percent of all incidents. Beazley stated: “We urge organizations not to ignore this significant risk and to invest … Continue Reading
Security researchers at Check Point discovered software vulnerabilities in LG IoT devices which allowed them to potentially gain control over LG refrigerators, ovens, dishwashers and a live feed from a robot vacuum cleaner. A vulnerability in the mobil app and cloud app allowed them to remotely gain access to LG IoT devices with just an … Continue Reading
Unfortunately, September was another banner month for data breaches involving the health care industry. According to the Office for Civil Rights (OCR) website, 39 data breaches involving over 500 records were reported to the OCR in the month of September. This does not include all records breached, as health care entities have until February 2018 … Continue Reading
Fax machines are still used in the medical community, and these days, faxing may be more secure than emailing as hackers have not yet cracked the task of hacking into old fax machines. All kidding aside, fax machines have been, and continue to be a risk to organizations as they have the ability to store … Continue Reading
Hackers working on behalf of the Iranian government have been targeting the aviation and petrochemical industries in the United States, Saudi Arabia, and South Korea since 2013, according to a report released by FireEye last week. According to the report, APT33, a hacking group working for the Iranian government, have sent phishing emails to aviation … Continue Reading
