Hornetsecurity IT Security Incident Center

» Get Updates

Latest IT Security Incident Reports

August 16, 2019 - Camp Verde Unified School District in Arizona hit with Ransomware Attack

Camp Verde Unified School District – Ransomware 

  • Date Issued:  August 16, 2019
  • Method:  Ransomware
  • Target:  Employees of School District

Report Details

 

Camp Verde Unified School District in Arizona was hit with a Ransomware that reportedly struck on July 19th. When school systems went to boot up they were immediately locked and encrypted. A bitcoin ransom was held on the school district’s system. The school district has yet to pay the ransom and is working with authorities and forensic analysts to find the best solution to the problem. The new school year is still on schedule, and they will notify if any updates occur.

 

August 14, 2019 - 700,000 Choice Hotels Customer Records Compromised

Choice Hotels – 700,000 Customer Records Stolen, and held for $3,800 Ransom 

  • Date Issued:  August 14, 2019
  • Method:  Unsecured server(s)
  • Target:  Customer records of Choice Hotels

Report Details

 

Cybercriminals took advantage of an open MongoDB database containing data from Choice Hotels and stole 700,000 customer records and then demanded a $3,800 ransom payment for their return.

Malicious actors found the database and removed the data and left a ransom note demanding 0.4 Bitcoin, or about $3,856. The database actually contained 5.6 million records, but Comparitech reported that Choice said the vast majority were test data.  However, 700,000 were true records containing customer names, email addresses, and phone numbers.

 

August 14, 2019 - New Variant of the Troldesh Ransomware Spreading via Compromised Websites

Ransomware Attacks on Compromised Websites

  • Date Issued:  August 14, 2019
  • Method:  New variant of the Troldesh ransomware,  threat actors used at least two malicious URLs from compromised websites considering the case if one of them stops working
  • Target:  The malware is found to target Windows OS

Report Details

 

A new variant of the Troldesh ransomware is observing a rise in the past couple of weeks and spreading via compromised websites. The threat actors involved in spreading the malware trick victims into visiting malicious URLs by sending emails and messages on social media platforms.

The newer variant initially downloads a JavaScript host file, which when executed, downloads the actual ransomware file.  The threat actors use TOR for data transmission and communication with victims, and two malicious URLs for ransomware file delivery.

The malicious JavaScript file that acts as the host has a 57% detection rate with antivirus software. Additionally, the actual ransomware file downloaded to the victims’ computer has a detection rate of 82%.

If the antivirus program installed on the victims’ computer does not detect the malicious host file or the ransomware executable file, then the ransomware starts encrypting files from the victims’ computer using a notable method.

 

August 14, 2019 - Four Major Dating Apps Expose Precise Locations of 10 Million Users

3Fun, Grindr, Romeo, and Recon – Users can be Victims of GPS Spoofing and Trilateration

  • Date Issued:  August 14, 2019
  • Method:  GPS spoofing and trilateration
  • Target:  3Fun, Grindr, Romeo, and Recon

Report Details

 

Four popular mobile applications offering dating and meetup services (3Fun, Grindr, Romeo, and Recon) have security flaws which allow for the precise tracking of users,  it’s been possible to develop a tool able to collate the exposed GPS coordinates.  By supplying spoofed locations (latitude and longitude) it is possible to retrieve the distances to these profiles from multiple points, and then triangulate or trilaterate the data to return the precise location of that person,

3Fun was not only leaking the locations of users but also information including their dates of birth, sexual preferences, pictures, and chat data. 

 

August 14, 2019 - NetWiredRC Trojan Attacks Target Hotel Industry in North America

North American Hotel Industry – Phishing Attacks

  • Date Issued:  August 14, 2019
  • Method:  Phishing attacks, NetWiredRC Trojan

Report Details

 

A series of phishing email attacks have been targeting the hotel industry in North America. The attackers are leveraging these attacks to distribute a powerful trojan named NetWiredRC.

Attackers are sending malicious attachments through emails to the finance department of the target company.

The malware steals credentials stored in IE, Comodo Dragon, Yandex, Mozilla Firefox, Google Chrome, Chromium, Opera browser and Outlook.

 

 

August 14, 2019 - Hackers Deface Minnesota State & County Websites

Minnesota State & County Websites – Webpage Defacement 

  • Date Issued:  August 14, 2019
  • Method:  Webpage Defacement 
  • Target:  Minnesota Department of Human Services refugee services page and administrative portal and the homepage of Stearns County, a part of the larger Minneapolis metro area

Report Details

 

Hackers vandalized two of the state of Minnesota’s webpages last week, for a brief time on Aug. 5, messaging that officials have described as “anti-government” covered a Minnesota Department of Human Services refugee services page and administrative portal, according to reports. Minnesota’s Security Operations Center quickly pulled them down and as of Friday was still investigating the incident.  There was no loss of information.

On July 30, the homepage of Stearns County, a part of the larger Minneapolis metro area, displayed a photo of an individual with a Guy Fawkes mask and a sign advertising crudely for “the revolution,” according to local news outlets. The county’s information services director, George McClure, told press that the company hosting the site took it down temporarily and it’s since been restored, sans Guy Fawkes.

 

August 14 2019 - Data breach exposes the PI of 18,500 Bismarck Public Schools Students

Bismarck Public Schools – Data Breach

  • Date Issued:  August 14, 2019
  • Method:  Data breach at the systems of third-party vendors
  • Target:  Bismarck Public Schools who uses the Pearson Clinical Assessment’s software called AIMSweb 1.0

Report Details

 

About 18,500 current and former Bismarck Public Schools students had some of their personal information exposed in a data breach at a company that provides a universal screening tool to the district.

The nationwide data breach involved Pearson Clinical Assessment’s software called AIMSweb 1.0, which Bismarck Public Schools uses as a screening tool for students in kindergarten through fifth grade, as well as to monitor progress for students receiving support intervention. About 13,000 schools and universities were impacted, according to a July 31 statement from Pearson.

The company said the exposed data was isolated to first name, last name, and possibly in some instances date of birth and/or email address. Pearson said it believes the breach occurred around November 2018, according to a letter to Bismarck Public Schools. The FBI is investigating.

 

August 13, 2019 - Over 800 Employees of Charleston County, SC Suffer From Data Breach

824 Employees Infected – Human Error?

  • Date Issued:  August 6, 2019
  • Method:  Error from HR Department

Report Details

 

824 employees of Charleston County, South Carolina were impacted by a data breach after a Human Resources employee somehow accidently shared a list to a former employee. The list included the employees’ names, DOB, SSN, Gender, Salary, Hire dates, and eligibility for health care and benefits. It has been stated no banking information has been leaked, according to Jennifer Miller the County’s Administrator.

 

 

August 12, 2019 - Over 51.7 Million Android Users Infected by Clicker Trojan

51.7 Million Android Users Infected – Clicker Trojan

  • Date Issued:  August 12, 2019
  • Method:  Embedded Clicker Trojan in Mobile Applications for Android Users
  • Target:  Android Users

Report Details

 

A new version of the Clicker Trojan dubbed the Android.Click.312.origin has been reported to have infected over 51.7 million Android users. The malicious trojan is embedded in over 34 apps in the Google Play store, ranging from dictionaries, barcode scanners, online maps, audio players, etc. One the app is downloaded and the trojan is activated, it sends the following information to the C2 Server.

  • Manufacturer and model
  • Operating system version
  • User’s country of residence and default system language
  • User-Agent ID
  • Mobile carrier
  • Internet connection type
  • Display parameters
  • Time zone
  • Data on apps containing the trojan

This is an highly sophisticated attack, as the applications are not only on the google store being advertised but by many third party websites. Google has removed and updated several apps with the malicious trojan.

 

 

August 7, 2019 - Vulnerability in SuperINN Plus Web Application Impacts Over 43,000 Customers

Sark Technologies’ reservation and management software – Database Breach

  • Date Issued:  August 7, 2019
  • Target:  Application vulnerability 

Report Details

A vulnerability in the image upload function of SuperINN plus web application allowed attackers to upload PHP web shells and export customer data from the database.  Apart from this, an attacker identified a SQL injection vulnerability in the web application and abused it to extract encrypted cardholder data.

Sark Technologies’ reservation and management software SuperINN had a vulnerability in its image upload function. This allowed attackers to extract customers’ personal information.

SuperINN became aware of the incident on May 26, 2019. After this, the organization launched an investigation and determined that a vulnerability in the image upload function of the application allowed attackers to upload PHP web shells.

The PHP web shells were uploaded on the web application on September 23, 2018.  Using the PHP scripts, the attackers were able to export customer data from the SuperINN plus database and obtain the decryption key.  The database was accessed between January 01, 2019, and May 30, 2019.  Apart from this, an attacker identified a SQL injection vulnerability in the web application and abused it to extract encrypted cardholder data from the database between June and July 2019

August 7, 2019 - 6.2 million Email Addresses Exposed by the Democratic Senatorial Campaign Committee

Democratic Senatorial Campaign Committee – Database Breach

  • Date Issued:  August 7, 2019
  • Target:  Misconfigured Amazon S3 storage bucket

Report Details

The UpGuard Data Breach Research Team can now disclose that approximately 6.2 million email addresses were exposed by the Democratic Senatorial Campaign Committee in a misconfigured Amazon S3 storage bucket. The comma separated list of addresses was uploaded to the bucket in 2010 by a DSCC employee.

The bucket and file name both reference “Clinton,” presumably having to do with one of Hillary Clinton’s earlier runs for Senator of New York. The list contained email addresses from major email providers, along with universities, government agencies, and the military. 

At approximately 4PM on Thursday, July 25th, 2019, UpGuard researchers discovered an Amazon S3 storage bucket named “toclinton.” This bucket was available to globally authenticated AWS users, one of the two public groups available in S3 permissions. This means that anyone with a free AWS account could access the bucket and its contents. The bucket contained a single file, EmailExcludeClinton.zip. 

August 7, 2019 - Kern County, CA suffers Data Breach compromising over 15,000 Employees’ Personal Information

Personal Informaton of Kern Medical Center – Data Breach

  • Date Issued:  August 5, 2019
  • Method:  Data breach at the systems of third-party vendors
  • Target:  Personal Informaton of Kern Medical Center employees, their dependents, and medical staff

Report Details

 

A data breach at the systems of third-party vendors might have impacted the health benefits program run by Kern County on behalf of its employees.  This could have exposed the personal information of current and former Kern County employees, their dependents, and medical staff at Kern Medical Center.

A potential security incident at a third-party vendor could have exposed the personal information of current and former Kern County employees, their dependents, and medical staff at Kern Medical Center.

A spokeswoman for Kern County, Megan Person said that a data breach at the systems of third-party vendors might have impacted the health benefits program run by the County on behalf of its employees.  Person confirmed that the data breach did not occur on the county networks and systems.  County officials have launched an investigation to determine if any data was compromised.  She added that if a data breach is confirmed, then all affected employees will be provided with complimentary credit-monitoring services.

The security of our plan participants and their information is our primary concern, and we remain vigilant in monitoring the situation. We want to assure our employees and our constituents this did NOT affect our county networks and systems. It’s a reminder that all of us should be cautious and take extra measures when it comes to our online security,” Person said, Techwire reported.

 

August 6, 2019 – CafePress Hacked, 23 Million Accounts Compromised

CafePress – Data Breach

  • Date Issued: August 6, 2019
  • Target: 23,205,290 accounts targeted/breached
  • Passwords exposed encoded in base64 SHA1, a very weak encryption method

Report Details

CafePress, the custom T-shirt and merchandise company has been hacked, the breach that compromised more than 23 million accounts happened on February 20, 2019.

The breach itself took place on Feb 20 and compromised a total of 23,205,290 accounts, it was barely mentioned online or in the press, a brief mention on the “pwned” subreddit did appear on July 13th.

The exposed data included 23 million unique email addresses; some of the compromised records also included names, physical addresses and phone numbers. It has been mentioned that passwords were also amongst the compromised data.

August 5, 2019 - Hackers replace customer data on unprotected MongoDB with ransom note

Bookseller in Mexico, Librería Porrúa – Database Breach

  • Date Issued:  August 5, 2019
  • Target:  Unprotected MongoDB instance

Report Details

Hackers who found an unprotected MongoDB instance which was publicly accessible without any authentication erased all the contents of the database and replaced them with a ransom note.

The open database belongs to a bookseller in Mexico named Librería Porrúa, it contained almost 1.2 million customer records, including:

  • Customers’ personal details such as names, dates of birth, email addresses, and phone numbers
  • Purchase details such as shopping cart ID, discount codes, activation codes and token, invoices, and payment card details.

Additionally, the database stored 958,000 personal data records including client ID, names, dates of birth, email addresses, phone numbers, user tokens, discount card activation codes, and discount card activation dates.

The people whose information was exposed could be at risk of spam, targeted phishing, and fraud. For example, affected users might receive emails claiming to be from Librería Porrúa with a link to a fake Librería Porrúa website. Users might be directed to enter login details on the identical fake website, giving hackers their passwords.

August 5, 2019 - Broken Arrow Public Schools, OK. hit with Ransomware Attack

Broken Arrow Public Schools (Oklahoma) – Ransomware Attack

  • Date Issued:  August 5, 2019
  • Target: Broken Arrow Public Schools in Oklahoma
  • Method:  Malware which launched a ransomware varietal

 

Broken Arrow Public Schools suffered a ransomware attack that caused network and server issues, thereby disrupting operations of the school district.

Upon experiencing network and server issues, the school launched an investigation on the situation and notified its cyber insurance carrier.  The school also hired cybersecurity experts to assist them with the investigation.

The investigation revealed that the school has been a victim of a ransomware attack.  After discovery, the school district began recovery efforts which included enhancing the security of its digital environment.  It promptly notified the FBI about the incident and began working with the vendors to restore normal operations.  The school’s superintendent noted that the district will not pay the ransom.

We are aware of the ransomware incident that has affected Broken Arrow Public Schools and have offered to support the district in any way we can,” said Executive Director of Communications Steffie Corcoran, a local media reported.

School officials said they’re not aware of any personal data or financial information that has been leaked.

August 5, 2019 – Murfreesboro, Tenn. City Water Department’s Bill Payment Website Hacked by Iranian Hackers

Murfreesboro City Water Dept. – Online Portal Page Hacked

  • Date Issued: August 5, 2019
  • Target: Murfreesboro, Tenn. City Water Dept. 
  • Method:  Online hack of website/compromised webpage displayed 

Report Details

 

Murfreesboro City’s payment website for the water and sewage department has been hacked. The hacked site appears when users try to access their LINK account from the Water Department site.

The compromised webpage displayed an image of the Iranian flag and the Guy Fawkes mask. A message below the image says “Hacked by Iranian Hackers” and “Hacked by Mamad Warning.”

We are always closer to you. Your idenity is known to us. Your information is for us ;) take care,” the message read.  The department immediately shut down the website and launched an internal assessment to determine the source and extent of the hack.  The assessment determined that the compromise was limited to the online portal page.

After a fuller assessment, Information Technology for the City of Murfeesboro indicates that a compromise this morning to link to an online portal of the Water Resources Customer webpage was limited to one script page. No customer info was accessed in the propaganda attack,” the City tweeted.

August 5, 2019 – Presbyterian Healthcare Services Suffers Data Breach Impacting 183K Patients

Presbyterian Healthcare Services – Data Breach

  • Date Issued: August 5, 2019
  • Target: Presbyterian Healthcare Services
  • Method:  Phishing scam compromising employee’s email accounts

Report Details

 

Presbyterian Healthcare Services suffered a data breach impacting nearly 183000 patients and health plan members after a few of its employees fell victim to a phishing scam.

On June 6, 2019, Presbyterian Healthcare Services discovered that an unauthorized third-party gained access to some of Presbyterian’s employee email accounts sometime around May 9, 2019.

After this, Presbyterian secured the compromised email accounts and began a thorough review of the impacted emails. The healthcare center also notified the appropriate federal law enforcement about the incident.

With any such event, it takes time to investigate what happened, identify the affected individuals and arrange for the assistance services that are being offered. Once we became aware of this incident, Presbyterian secured these email accounts and alerted federal law enforcement,” stated Melanie Mozes, Presbyterian Communications Director.

The compromised email accounts contained patient and/or health plan member names, dates of birth, Social Security numbers, and clinical and information.

Dale Maxwell, the President and CEO of Presbyterian, said in a statement that there is no evidence that electronic health record or billing information has been accessed.

 

August 2, 2019 – Deer Valley Restaurants Mariposa and the Royal Street Café suffered a Security Breach Leaking Customer Payment Information

Deer Valley Restaurants – Data Breach

  • Date Issued: August 2, 2019
  • Target: Mariposa and Royal Street Cafe
  • Method:  Breach through POS (Point-of-Sale)

Report Details

 

Two restaurants in Deer Valley, Mariposa and the Royal Street Café were hit by a data breach when an unauthorized third party hacked their POS and deployed a malicious malware. The malware was engineered to search track data, and copy the magnetic strip of credit cards. From what we know, card information of customers had been stolen from January 10 to January 28th. An investigation began in early May, where the malicious malware was found and removed. The restaurants are currently upgrading security features to prevent this from occurring again.

August 1, 2019 – Pearson Hit With Data Breach Exposing Thousands of Educational Institutions Accounts Across the US

Pearson – Data Breach

  • Date Issued: July 31, 2019
  • Target: Pearson
  • Method:  Breach through third party web portal

Report Details

 

The UK-Based Educational Company, Pearson, was hit by data breach that exposed students’ personal information. The information comprised included names, date of births, and email addresses. It is believed that roughly 13,000 school and university AIMSweb 1.0 accounts in the US were affected by the incident. Hackers were able to gain unauthorized access through the AIMSweb portal. It is important to note that this breach actually took place back in November of 2018, but only became aware of the incident by March 2019. Yesterday, Pearson notified customers about the incident and is offering free credit monitoring services for those who fell victim to the data breach. The vulnerability has been repaired, and Pearson is keeping an eye out to stop this from happening again.

July 31, 2019 – Washoe County School District Hit with Breach Exposing 114,000 Students

Washoe County School District – Data Breach

  • Date Issued: July 31, 2019
  • Target: Pearson – Washoe County
  • Method:  Pearson Hack

Report Details

 

Washoe County School District was hit with cyber attack that impacted 114,000 students who attended Washoe Schools between 2001 and 2016. This breach came from the Pearson data breach which exposed 13,000 schools and universities. The incident occurred from a vulnerability in an older version of Pearson Clinical Assessment’s Program. The information included students names, dates of birth, addresses, as well as some staff information as well. The school is currently working with Pearson to handle the situation.

July 31, 2019 – Cabarrus County Targeted in Business Email Compromise Scam

Cabarrus County, North Carolina – Data Breach

  • Date Issued: July 31, 2019
  • Target: Employees of Cabarrus County’s schools and government
  • Method:  Phishing Email

Report Details

Cabarrus county officials have released details of the BEC scam that diverted nearly $2.5 million to scammers. Out of this, $1,728,082.60 remains missing.

Officials said that the County had intended to send the money to Roanoke, Virginia-based Branch and Associates Inc. Roanoke serves as a general contractor for the construction of West Cabarrus High school.

The investigation revealed that scammers posed as a representative of the Roanoke Branch and Associate and targeted employees of the County’s schools and government through a series of phishing emails. The scam had begun in November 2018.

The phishing email that was sent under the name of Roanoke, stated that the bank account for the Branch and Associates had been changed and the County should use it for future invoice payments.

The email also included documents that looked legitimate. This tricked the County officials into believing that updated banking information was real and allowed the scammers to steal a sum of $2,504,601.

The County has notified SunTrust bank about the fraud transaction. On the other hand, Branch and Associates have also informed Bank of America about the fraudulent wire transfer of $2.5 million. Following this, Bank of America has frozen $776,518.40 of the $2,504,601.

The recovered amount of $776,518.40 was paid to Branch and Associates on March 20, 2019. The County paid the remaining balance on May 22, 2019.

July 31, 2019 – Watertown City School District (NY) hit with ransomware attack

Watertown City School District – Ransomware Attack

  • Date Issued: July 31, 2019
  • Target: Watertown City School District, New York
  • Method:  Ransomware

Report Details

Watertown City School District in New York suffered a ransomware attack crippling the district’s computer network and systems. The attack jeopardized all computers and disabled access to files.

School Superintendent Patricia LaBarr became aware of the attack after she couldn’t access her email. Later, security experts from the Mohawk Regional Information Center (MORIC) launched an internal investigation and confirmed the ransomware attack.

The attack jeopardized all computers and disabled access to files. Staff were asked not to log in any computer. LaBarr said that the attackers behind this incident did not demand a ransom amount from the district.

July 31, 2019 - Insurance Firm Ameritas Suffers Data Breach Compromising Customer Data

Insurance Firm Ameritas – Phishing Attack – Data Breach

  • Date Issued:  July 31, 2019
  • Target:  Ameritas
  • Method:  Phishing attack via email

Report Details

 

Lincoln-based insurance company, Ameritas suffered a data breach incident compromising its customers’ personal information including Social Security numbers.

The data breach occurred after Ameritas’ employees fell victim to a phishing attack providing their email credentials.  Upon discovery, Ameritas immediately responded by disabling the unauthorized access and deploying an enterprise-wide password reset.

The data breach occurred after Ameritas’ employees fell victim to a phishing attack providing their email credentials. Upon learning about the incident, it launched an internal investigation to accurately determine the impacted customers. After this, it notified the customers about the incident.

Ameritas is committed to our customers and we work hard to earn their trust. Protecting customer privacy is the cornerstone of that commitment,” Ameritas said in a statement, Lincoln Journal Star reported.

July 31, 2019 – Los Angeles Police Department hit by Data Breach that Leaked Private Data of 2,500 Police Officers and 17,500 Applicants

Los Angeles Police Department – Data Breach

  • Date Issued: July 25, 2019
  • Target: LAPD 
  • Old Database Hacked

Report Details

 

The Los Angeles PD has reported that a breach occurred exposing personal information such as names, dates of birth, email addresses, and passwords of 2,500 LAPD police officers and 17,500 police office applicants. When made aware of the breach an investigation was unleashed, and additional security measures were taken/implemented. The Office of Mayor Eric Garcetti stated the breach took place due to an unused old database that contained the personal information.

July 30, 2019 – Capital One impacted by data breach that exposed over 106 million people in the USA and Canada

Capital One – Data Breach

  • Date Issued: July 17, 2019
  • Target: Capital One
  • Misconfigured Web App Firewall

Report Details

 

Capital One suffered a data breach after hackers exploited a configuration vulnerability. The intrusion occurred through a misconfigured web application firewall that enabled access to the data Personal information that had been leaked included personal information, credit card data, transaction data, Social Security numbers, Social Insurance numbers for people and SMBs who applied for credit card products between 2005 and 2009, as well as linked bank account numbers. The breach took place back in March between the 22 – 23. The incident was immediately reported to the FBI, and had arrested the person responsible. A software engineer by the name of Paige. A Thompson, who went by the alias ‘erratic’ was the hacker who posted the data theft info on GitHub.

July 29, 2019 –Multiple Local Government (North Carolina) Websites Attacked by Hackers and Ransomware attack

Lincoln County, Concord and Anson County (North Carolina – Data Breach

  • Date Issued: July 29, 2019
  • Target: Lincoln County, Concord and Anson County – North Carolina
  • Website hack and ransomware attack on Lincoln County Sheriff’s Office 

Report Details

 

Multiple local government websites have been attacked by hackers in the last few days, including, but not limited to, Lincoln County, Concord and Anson County (North Carolina).

According to the Lincoln County Sheriff’s Office, officials are working to recover from a ransomware attack that happened last Wednesday morning.

Deputies say the night shift noticed the system went down around 12:30 a.m. and contacted the IT Department.

It was not a security breach where the hackers retrieved information but they destroyed the recent system backup and encrypted the information on the main server preventing access,” Lincoln County Sheriff Bill Beam said.

The sheriff’s office contacted the FBI and they immediately started an investigation. IT personnel from the Sheriff’s Office are working to gain access to the files and update security. No information on the computers was compromised.

Officials say the sheriff’s office website had been taken down and will be put back up as soon as possible.

Anson County’s website appears to have been attacked as well as hackers have left vulgar language on the site last week.

The city of Concord’s website is working again after the site was attacked by hackers who apparently also targeted several other websites globally Thursday night.

According to the City of Concord, as of last Friday morning, concordnc.gov remained unavailable after it was defaced by a hacker that made similar attacks on a variety of websites around the world last Thursday evening.

(*via w.wbtv.com)

July 29, 2019 – Wallingford, CT school Suffers Data Breach

Wallingford School (CT) – Data Breach

  • Date Issued: July 29, 2019
  • Target: Wallingford school and a third party app (Pearson Clinical Assessment) the school used  to track student reading and math assessments
  • Data Breach

Report Details

Student information may have been exposed in what school administrators called a “security incident” involving a third-party vendor.

Danielle Bellizzi, assistant school superintendent, said in an email to parents last Thursday that Pearson Clinical Assessment, a vendor that “many school districts in Connecticut and nationwide use for assessment services,” notified the school district Tuesday about a security incident.

The incident affected a tool that the school district formerly used to track student reading and math assessments.

The affected information included “a limited number” of student names and, in some cases, dates of birth and email addresses,  Bellizzi wrote.

She added that the incident did not involve any Social Security numbers, credit card data, financial information, grades or other educational or assessment information. (*via myrecordjournal.com)

July 29, 2019 – Two Hospitals in Puerto Rico Suffer Ransomware Attack that Impacts 520,000+ Patients' Data

Bayamón Medical Center and its affiliated Puerto Rico Women And Children’s Hospital – Ransonware Attack

  • Date Issued: June 24, 2019
  • TargetMarin Community Clinics
  • Type:  Ransomware infection

Report Details

Bayamón Medical Center and its affiliated Puerto Rico Women And Children’s Hospital fell victim to a ransomware attack impacting over 520,000 patients’s data.

 

Bayamón Medical Center reported that 422,496 patients were potentially impacted, while Puerto Rico Women And Children’s Hospital reported that 99,943 patients were potentially impacted by the incident.

 

The ransomware infection encrypted all computer files that contained patients’ personal information.

“As a precautionary measure, Bayamon Medical Center y Puerto Rico Women And Children’s Hospital (collectively, the “Hospitals”) would like to notify the community that the Hospitals faced a recent security incident which potentially involves personal information of the Hospitals’ patients,” the press release read.

July 29, 2019 –Houston County Schools Hit with Ransomware Attack

Houton County Schools -Ransonware Attack

  • Date Issued: June 29, 2019
  • Target: Houston County Schools
  • Method:  Malware attack – ransomware

Report Details

 

Cyber criminals infected the school system’s servers impacting the computer functionality school-wide.  The school has postponed the re-opening date for the students to August 5, 2019.

 

Cyber-attackers infected the school system’s servers impacting the computer functionality school-wide.  The attack also disrupted the phone services at the Central Office.  The school ordered the teachers and staff to not use the school computers until further notice.

July 26, 2019 – Park DuValle Community Health Center (Louisville, KY) Pays $70,000 Ransom for Patient Records in Cyber-Attack

Park DuValle Community Health Center – Ransonware Attack

  • Date Issued: July 26, 2019
  • Target: Park DuValle Community Health Center
  • Location:  Louisville, Kentucky

Report Details

Park DuValle Community Health Center, a nonprofit that runs medical clinics for low-income and uninsured patients in western Louisville and other areas, has paid hackers nearly $70,000 in hopes of unlocking the medical records of some 20,000 patients that have been held hostage for nearly two months.  The ransom was paid in the form of 6 bitcoin, the digital crypto-currency.

Park DuValle, one of three federally qualified health centers in Louisville, provides primary care, dentistry, behavioral health, laboratory services and obstetrics-gynecology, among other services.

 

Besides its main clinic in the Park Duvalle neighborhood, it has locations in Russell, in Newburg and in Taylorsville., KY.

 

Elizabeth Ann Hagan-Grigsby, Park DuValle’s CEO, said in an interview Thursday that the organization has not been able to access its records or appointment scheduling system since June 7 because of a “ransomware” attack – the second such attack on Park DuValle’s computer system since April.

 

Park DuValle Community Health Center hasn’t been able to send patients in a mass letter or email about the situation – because as long as the data is held for ransomware, their contact information is not accessible.

Park DuValle Community Health Center is using encryption keys provided by the hackers to restore the data, and the organization hopes to have full access to the data by Aug. 1.

July 26, 2019 – Customers of Sprint Corporation Informed of Data Breach

Sprint Corporation – Data Breach

  • Date Issued: July 26, 2019
  • Target: Undisclosed amount of Sprint Corporation customers
  • Hackers breached Sprint customer accounts using Samsung’s ‘Add a Line” feature on their website

Report Details

Customers of the American telecommunications company Sprint Corporation received an email last week as the company sent a notification of a data breach to an undisclosed amount of network users.

 

Recent reports revealed that the hackers behind this data breach have gained access to the customers’ online logins and could see all data available in the accounts.

Sprint characterized the breach as not causing “a substantial risk of fraud or identity theft.” The credit of information and social security numbers aren’t visible in these accounts, but there is other sensitive information that can be used by a cyber attacker. The identity thief or phisher can access most of the information once they have the first and last name of a user, phone number, device type, home address, PIN, billing number, device ID and subscriber ID account number of a customer.

It is unknown exactly when the hackers started targeting Sprint or accessing the accounts or for how long they had access. Even though the breach window has been identified to be from June 22 to 25, it is possible that the cybercriminals could have targeted the company earlier too.

July 25, 2019 - Louisiana Governor declares emergency after ransomware attacks hit three school districts

Three School Districts – Ransomware 

  • Date Issued:  July 24, 2019

Report Details

On July 24, Louisiana Governor John Bel Edwards issued an emergency declaration after Monroe, Morehouse Parish, and Sabine Parish school districts were impacted by ransomware attacks. The declaration extends to August 21, and the Louisiana National Guard, State Police, and Office of Technology Services are working to resolve and prevent future attacks.

July 23, 2019 – AMCA Breach Update: 12 Additional Healthcare Firms Notify Patients of Data Breach

American Medical Collection Agency (AMCA) Data Breach Expands

  • Date Issued: July 23, 2019
  • Original Target: American Medical Collection Agency (AMCA) and two of its biggest customers, Quest Diagnostics and LabCorp
  • Data Breach accessing payment system

Report Details

 

The AMCA data breach came to light in early June 2019, the company’s investigation revealed that the hackers may have had gained accessed to its payment system since August 2018.  New details about the AMCA data breach have emerged, the breach has affected many more healthcare firms in the United States than previously known.

 

The firms that have been lately added to the list of providers affected by the data breach are:

  • American Esoteric Laboratories (534,500 impacted and another 7,400 with financial data);
  • Sunrise Medical Laboratories (412,000 impacted and 15,000 with financial data);
  • CBLPath (143,100 impacted and 4,200 with financial data);
  • Laboratory Medicine Consultants (143,400 impacted and 4,200 with financial data);
  • Austin Pathology Associates (44,700 impacted and 1,800 with financial data);
  • South Texas Dermatopathology (14,900 impacted and another 1,200 with financial data);
  • Pathology Solutions (12,700 impacted and 600 with financial data).

Victim firms that include less than 10,000 patients:

  • Laboratory of Dermatopathology ADX (4,000 impacted and another 240 with financial data);
  • Seacoast Pathology (9,200 impacted and 800 with financial data);
  • Western Pathology Consultants (4,200 impacted and 350 with financial data);
  • Arizona Dermatopathology (6,500 impacted and 500 with financial data);
  • Natera (unknown number of impacted patients).
July 22, 2019 - Town of Collierville, Tennessee hit with Ryuk Ransomware

Collierville, Tennessee – Ryuk Ransomware 

  • Date Issued:  July 22, 2019

Report Details

The Town of Collierville, Tennessee was the victim of a cyber attack last week, which launched the Ryuk Ransomware infecting town computers and servers. Once unleashed, the infection shut down the towns computer systems and encrypted files, denying access. The ransomware also was able to halt permit requests, public record requests, and business services. Immediately the towns IT staff were minimizing the damage, and attempting to restore their systems.

July 19, 2019 - Hackers make fake Office 365 website that launches TrickBot Trojan

Fake Microsoft Website  – TrickBot Trojan in Executable File 

  • Date Issued:  July 19, 2019

Report Details

It has been uncovered that hackers have been working on a new malicious campaign in which a fake Office 365 website was created to deceive users in updating their browsers. The website was an close-to-accurate design of Microsoft’s page, with many of their page links being hosted off of Microsoft’s server. When entering the site on Google Chrome or Firefox, a pop up would occur requesting the user update their browsers. Where the trojan TrickBot is then launched in an executable file on the update window. The executable file was named, ‘upd365_58v01.exe’. This specific trojan is disguised as a svchost.exe process to make it invisible in the Task Manager.

July 17, 2019 - Evite Application get hacked, exposes over 100 million user accounts

Evite  – Data Breach 

  • Date Issued:  July 17, 2019
  • Target Company: Evite

Report Details

July 14th  it was reported that 100,985,047 unique user accounts for Evite had been exposed in a data breach. The stolen data was put up for sale on Dream Market on the dark web. It has been determined that the hack was orchestrated by ‘Gnosticplayers’. The user information contained names, email addresses, passwords, date of birth, phone numbers. It was originally believed that only 10 million accounts were accessed, but Have I Been Pwned shows that over 100 million were breached.

July 16, 2019 - Syracuse City School District and Onondaga County Public Library Disabled by Ransomware

Syracuse City School District / Public Library – Ransomware 

    • Date Issued:  July 9, 2019

Report Details

Hackers launched a ransomware attack on Syracuse City School District which along with disabling their systems, also led to the shut down of Onondaga County Public Library’s online catalog and account network. Upon notice of the breach, the school began restoration of their back end, and filed an investigation immediately. The breach trickled to the library and all branches are currently shut down from accessing accounts and online catalogs still. Phone services were affected as well for both parties. The FBI has recommended that no ransom be paid, but the insurance company backing the parties says they should pay up!

July 12, 2019 - LaPorte County, Indiana dishes out $130,000 in Bitcoin for Ransom

LaPorte County, Indiana – Ryuk Ransomware 

  • Date Issued:  July 6, 2019
  • Target Company: LaPorte County, Indiana

Report Details

LaPorte County, Indiana suffered a data breach from a ransomware attack on July 6th. The breach disabled network services, and impacted computer networks, email accounts, and their website. LaPorte County worked with the FBI to attempt to decrypt the files, but the FBI decryption keys were unable to work. The failed decryption led to a Bitcoin ransom payout out of $130,000 USD. Luckily, an insurance policy for the county was able to cover $100,000 of the ransom. The policy was implemented just a year earlier after request by the county liability agent, John Jones. The ransomware that crushed LaPorte County’s systems was a form of Ryuk.

 

 

 

July 12, 2019 - KHSU Radio Station in Humboldt County, hit by Ransomware attack

KHSU Radio Station – Ransomware 

  • Date Issued:  July 1, 2019
  • Target Company: KHSU Radio Station

Report Details

KHSU Radio Stations owned by Humboldt State University, suffered a ransomware attack at the beginning of the month that shut down the station’s programming systems and storage servers. One positive thing to note, there was no important information on the compromised servers. They aren’t sure of the source for the attack, and there was no specific ransom requested. KHSU is currently in the process of rebuilding and reprogramming its security systems.

July 12, 2019 – K12.com MongoDB database exposes 7 million student records

K12.com MongoDB Database – Bug in Software 

  • Date Issued:  July 12, 2019
  • Target Company: K12.com 

Report Details

Over 7 million student records from K12.com were exposed due to a fault in a MongoDB database. The records were accessible for over a week before they were secured. The visible information included

  • Primary personal email address
  • Full name
  • Gender
  • Age
  • Birthdate
  • School name
  • Authentication keys for accessing ALS accounts & presentations

The database was visible to the public from June 23-July 1, but it is unknown whether or not the activity was malicious. K12.com came out and stated that they take data privacy extremely seriously, and that they are doing everything they can to make sure no malicious activity takes place.

 

 

 

July 11, 2019 - Philadelphia Federal Credit Union Customers hit with fraudulent transactions

Philadelphia Federal Credit Union – Malicious Hack

  • Date Issued: July 11
  • Target Company: Philadelphia Federal Credit Union
  • Undisclosed Email that led Department Chair to transfer funds 

Report Details

Nearly 400 customers of the Philadelphia Federal Credit Union fell victim to a breach over the weekend, in which hackers made fraudulent purchases of $200-$500 with customers debit cards. Something important to note is that the fraudulent funds were actually withdrawn from ATMs, meaning the hackers used the credit card date to make their own debit cards with the stolen numbers. PFCU has stated they will work to reimburse customers who were effected, and are working with security experts to find out what really occurred.

 

July 9, 2019 - Hackers exploit a pizza shop’s website to deliver diet pill scam campaigns

Pizza Shop Website – Website Hacked to Run Spam Campaign 

  • Date Issued:  July 9, 2019
  • Target CompanyPizza Delivery Shop’s Website

Report Details

A pizza delivery shop whom had been running an outdated version of WordPress (4.9.6), were infiltrated by hackers whom had been running a highly sophisticated scam campaign through hyperlinks on the shop’s website homepage. The scam campaign revolved around Xenical, a diet pill company. The scam website promoted DietxPills, and was connected to a server of 46 other sites who sold medications without requiring prescriptions.

July 8, 2019 – American Land Title Association Suffers Data Breach Compromising Over 600 Company Records

American Land Title Association (ALTA) – Email Phishing Campaign/Data Breach

  • Date Issued: July 9, 2019
  • Target Company: American Land Title Association (ALTA)
  • Breach Type: Email Phishing Campaign – Data Breach

Report Details

The American Land Title Association (ALTA) suffered a data breach compromising hundreds of company records in a phishing campaign.

ALTA is the U.S. national trade association representing nearly 6000 title insurance companies, title and settlement agents, independent abstracters, title searchers, and real estate attorneys.

The files obtained from the hacker contain almost 600 data entries for title and non-title companies. The data included domain identification, IP addresses, usernames, and passwords.

ALTA recommends the potentially impacted companies to monitor their systems for unauthorized access, and in case of any suspicious access immediately alert their IT departments.

The national trade association also recommends reporting any suspicious emails to the Federal Bureau of Investigation Internet Crime Complaint Center.

The association also suggested some steps to protect company systems which includes:

  • Scanning all the systems and devices for malware.
  • Updating or patching the installed software and operating systems.
  • Requiring company staff to update and change system passwords, especially those containing customer information and banking services.
July 8, 2019 – Maryland Department of Labor suffered data breach compromising PII of 78000 customers

Maryland Dept. of Labor -Data Breach

  • Date Issued: June 24, 2019
  • Target:  Customer’s Personally Identifiable Information

Report Details

The Maryland Department of Labor (Maryland DoL) suffered a data breach compromising the sensitive information of almost 78000 customers including their Social Security Numbers.

The customer information stored on the Literacy Works Information System and a legacy unemployment insurance service database were accessed by an unauthorized third party.

However, there has been no evidence that any personally identifiable information was downloaded or extracted from the compromised servers.

The files stored in the Literacy Works Information system were from 2009, 2010, and 2014. These files included names, Social Security numbers, dates of birth, city or county of residence, graduation dates, and record numbers.

The files stored in the legacy unemployment insurance service database were from 2013 and included names and Social Security numbers.

We live in an age of highly sophisticated information security threats. We are committed to doing all we can to protect our customers and their information,” James E. Rzepkowski, Acting Labor Secretary said in an interview.

The agency is providing two-years of free credit monitoring services for all impacted customers.

July 8, 2019 – Massive Magecart attack campaign breaches over 960 e-commerce stores

Magecart Hackers – Customized Malicious Javascript on e-commerce Websites

  • Date Issued: July 8th, 2019
  • Target: 962 e-commerce stores
  • Type of Attack:  PHP object injection exploit

Report Details

This latest Magecart campaign (automated attack campaign) breached over 962 e-commerce stores and successfully stole customers’ payment card details in just 24 hours time-frame.

Attackers inserted a customized Javascript on e-commerce sites, essentially inserting a fake credit card payment section. The customized skimmer script was designed to collect e-commerce customers’ payment details including full credit card data, names, phone numbers, and addresses.

Victims of this latest Magecart campaign are from all over the world, including the United States.  This newest attack appears to be a PHP object injection exploit for an existing vulnerability.

 

July 8, 2019 – Florida state worker steals resident’s Personally Identifiable Information (PII)

2,000 Florida Residents have their PII Stolen

  • Date Issued:  July 8, 2019
  • Target Company2,000 Florida residents

Report Details

 

About 2,000 Florida residents were potentially victimized by an employee of that state’s Department of Children and Family Services (DFCS) who accessed and used their PII to fraudulently make $260,000 in purchases.

Allegedly, state staffer Bertanicy Garcia, an interviewing clerk at the Miami DFCS, worked in conjunction with six accomplices to whom she distributed personal information gathered at her job enabling the gang to create fake credit cards and pull off tax fraud, The Gainsville Sun reported.

The investigation began in May when the sheriff’s office looked into Roxana Ruiz and Eduardo Lamigueiro when they opened multiple credit card accounts and used them to make several large purchases, The Sun reported. Information connecting the pair to Garcia was found on their cellphones leading to their arrest. However, they were released on bond and have since disappeared.

Lamigueiro allegedly sent Social Security information to Marcos Cobo-Gonzalez who used the information to commit tax fraud.”

(via scmagazine.com)

July 8, 2019 – The City of Griffin, Georgia hit with Phishing Email Scam that cost over $850,000

City of Griffin, GA – Malicious Phishing Scheme

  • Date Issued: July 8
  • Target Company: City of Griffin Finance Department
  • Undisclosed Email that led Department Chair to transfer funds 

Report Details

Hackers were able to get a massive payout through a sophisticated phishing scheme aimed at the City of Griffin’s Finance Department. The scam was designed to be an email requesting funds from their third party water company, PF Moon. The phishing email was targeted at the Finance Department Official Chuck Olmstead, and it worked because he was the one who fell for the scheme.” The Finance Department officials believed the email to be from the water treatment facilities PF Moon and had made the first transaction of $581,180.51 on June 21, 2019. This was followed by a second transaction – $221,318 – which was done on June 26, 2019. The total amount lost in these two transactions stood at $802,499.29.” The City of Griffin has yet to recover any funds from the transactions, and is currently working with the FBI to resolve the matter.

 

July 5, 2019 – Hackers gain access to 7-Eleven’s App, Steal over $500,000 from Japanese Customers

7-Eleven Mobile Phone App (7-Pay) – Data Breach 

  • Date Issued:  July 5, 2019
  • Target CompanyJapanese 7-Eleven 7-Pay App Downloaders

Report Details

Hackers were able to infiltrate 7-Eleven’s Mobile Phone Application through a security flaw in their 7Pay feature. The application was created for it’s Japanese market and was just released to the public on July 1, 2019. Victims reported they had been locked out of their accounts, just one day after creating them. 7-Eleven stated that over 900 accounts had been breached, stealing personal data and payment information through a faulty password reset function. The hack cost the 900 customers over 55 million Yen, or $500,000 USD. Immediately 7-Eleven had the banking accounts and cards suspended for the breached accounts, as well as shut down new registration for 7 Pay.

July 2, 2019 – Georgia Court Agency has its Systems Shut Down by Ransomware Attack

Georgia Court Agency – Ransomware 

  • Date Issued:  July 2, 2019
  • Target Company: Georgia Court Agency

Report Details

Right after three Florida Cities fall victim to attacks, the Administrative Office of the Courts in Georgia was targeted and taken down by Ransomware. The AOC reported that their infrastructure was taken offline by a ransomware infection. The AOC spokesperson, Bruce Shaw stated that they were able to cut off and quarantine the servers, but it has yet to be determined how many computers or systems were affected by the breach. The databases apparently contain no personal information. We are unsure if a ransom was paid at the moment.

July 2, 2019 – Father Bill's and MainSpring hit with a Ransomware Attack

Non-Profit Father Bill’s and MainSpring – Ransomware Attack

  • Date Issued: July 2, 2019
  • Target Company: Father Bill’s MainSpring Non-Profit Organization

Report Details

 

Yet again another ransomware attack hits, and this time it strikes the non-profit Father Bill’s and MainSpring, an organization that provides necessities for the homeless. Luckily, an anti-virus software was detected and blocked the threat in less than 30 seconds. Due to the anti-virus software, the ransomware was unable to encrypt or lock any of the files or computer systems. President and CEO, John Yawinski stated that there had be no exposure, and all files were restored without being compromised. The incident was immediately reported to the Massachusetts Attorney General Maura Healey, and any individual who had personal information stored within the system was notified.

July 1, 2019 – Malicious Android App Disguised as Game Steals Personal Information through Google Sign In API

‘Scary Granny ZOMBY Mod: The Horror Game 2019 – Malicious Android Game App

  • Date Issued: July 1, 2019
  • Target Company: ‘Scary Granny ZOMBY Mod’ Users with Google API Access
  • Google Sign-In API 
  • Malicious Fake Google Sign In API during in-game account creation

Report Details

It was uncovered by researchers at Wandera, that an Android mobile phone application with over 50,000 downloads was phishing personal information from its user base whom had created an account through the Google Sign-In API that was built in. The application, “Scary Granny ZOMBY Mod: The Horror Game 2019” was a malicious phishing scheme disguised as an android mobile puzzle phone game. In the application, it would prompt the user to pay $22: the user would then click out of the pop up. After the user exited out of that pop up, it would ask for an account to be created through Google’s Sign In API. Once the credentials were given through the app, the scheme had succeeded. The hackers now had access to Google accounts, and the personal information that goes along with them (banking credentials, credit card details, personal conversations and info).
 
 
July 1, 2019 – Summa Health Breached By Phishing Scheme Compromising Important Patient Information

Summa Health – Malicious Phishing Scheme

  • Date Issued: Through August 2018 – March 2019
  • Target Company: Summa Health
  • Undisclosed Email or Link that unleashed Ransomware on 4 Employee Accounts

Report Details

Summa Health spoke out about an incident they discovered within their infrastructure. Two employee accounts were accessed in August of 2018, and two other accounts were accessed between March 11 and March 29. The employee accounts that were breached contained over 500 patients’ personal information which included, names, dates of birth, medical records, patient account numbers, social security, driver’s license number, and clinical and treatment information. This attack was the result of a highly sophisticated phishing scheme. Summa immediately hired a forensic investigator and secured the breached accounts and is providing identity protection services and credit monitoring for those impacted by the hack.

 

June 28, 2019 – FDA warns about potential cyber-security concerns with certain Medtronic insulin pumps

MiniMed 508 Insulin Pump and MiniMed Paradigm Series are both vunverable to cyberattacks

  • Date Issued: June 28, 2019
  • Target Company: Medtronic 
  • Device Targeted: MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps
  • Attack Type:  Undisclosed cybersecurity vulnerabilities

Report Details

FDA announced Thursday, June 27th 2019 that some Medtronic MiniMed insulin pumps are being recalled because of potential cybersecurity risks and said that patients using these models should switch to models that are better equipped to protect against such potential risks.
The agency noted it is not aware of any confirmed reports of patient harm stemming from these potential cybersecurity risks. According to FDA, the potential risks are linked to the wireless communication between Medtronic’s MiniMed insulin pumps and other devices such as blood glucose meters, continuous glucose monitoring systems, the remote controller, and CareLink USB device used with these pumps. FDA said it “is concerned that, due to cybersecurity vulnerabilities identified in the device, someone other than a patient, caregiver or health care provider could potentially connect wirelessly to a nearby MiniMed insulin pump and change the pump’s settings.”
The recalled pumps are Medtronic’s MiniMed 508 insulin pump and MiniMed Paradigm series insulin pumps. The company is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities. Medtronic has identified about 4,000 U.S. patients who are potentially using insulin pumps that are vulnerable to this issue.
*FDA News Release (07/27/19)
 
June 28, 2019 – Unprotected database belonging to MedicareSupplement.com exposed almost 5 million user records

MedicareSupplement.com’s database of 5+ million left unprotected

  • Date Issued: June 28, 2019
  • Company: MedicareSupplement.com

Report Details

A security researcher, Bob Diachenko along with Comparitech uncovered a MedicareSupplement.com MongoDB database that was left open to the public without any authentication.  MedicareSupplement.com responed quickly by taking down the database and disabling public access.
  • The leaky database included almost 5 million records containing personal information of users such as names, addresses, dates of birth, gender, email addresses, and IP addresses.
  • Additionally, almost 239,000 records were related to insurance interest area such as cancer insurance.

     

 

June 28, 2019 - Huntington Ingalls compromised by a large-scale hacking campaign

Navy’s largest shipbuilder was the target of several organs of the Chinese government.

  • Date Issued: June 28, 2019
  • Targets: Huntington Ingalls, Navy and Navy-affiliated industrial base partners
  • Attack Variant:  Cloud Hopper

Report Details

 

According to a Reuters report, the Navy’s largest shipbuilder was the target of several organs of the Chinese government and the recipient of a hacking campaign.

Huntington Ingalls denied the allegation in a June 27 email to Fifth Domain (fifthdomain.com), saying, “there was no breach of information” from Newport News Shipyard, nor were their systems connected to a foreign server controlled by a Chinese group, known as APT10.

During a private briefing with HPE staff, Huntington Ingalls executives voiced concern the hackers could have accessed data from its biggest operation, the Newport News, Va., shipyard where it builds nuclear-powered submarines, said a person familiar with the discussions. It’s not clear whether any data was stolen,” Reuters reported.

 

June 28, 2019 – EA Gaming's Origin Platform Exposed 300 Milllion User Acer Accounts

EA Sports Gaming – Bug in Script on Subdomain

  • Date Issued: June 27, 2019
  • Target Company: EA Sports Gaming
  • Subdomain Bug Exploits Accounts

Report Details

EA Sports Gaming company just reported that a bug in the subdomain eaplayinvite.ea[.]com, which is exploited and can be hijacked by Azure users. A trust mechanism that was built into the script could be used to mess with the OAuth protocol. This protocol is used by EA to authenticate user. Once hijacked, a complete take-over of accounts is capable. It is believed that the hackers stole credit card information, and were used to make purchases.     
June 27, 2019 – Microsoft Warns Users of Malicious Campaign that Drops FlawedAmmyy RAT

FlawedAmmyy Remote Access Trojan (RAT)

  • Date Issued: June 25, 2019
  • Target:  Known to target the automotive industry and is associated with TA505’s campaigns.
  • Type of Attack:  Spam emails containing malicious .xls attachmentsmsiexec.exe deployed which downloads an MSI archive which executes a series of executable files and a FlawedAmmyy RAT is the final executable file in this series and is directly ran in memory.

Report Details

  

Microsoft has uncovered a new attack campaign which delivers the well-known FlawedAmmyy remote access trojan (RAT). The campaign has weaponized spam emails that come with a .xls attachment and makes use of Excel macros to spread the RAT. According to Microsoft’s Security Intelligence team, the campaign employs a complex infection chain to execute FlawedAmmyy RAT directly in memory.

The FlawedAmmyy RAT payload (malware) does not target a specific vulnerability and can compromise a fully-patched Windows system. Users are advised to be wary of suspicious emails written in foreign languages and make sure they do not open attachments present in them.

 

June 27, 2019 – Westwood Borough, NJ. Compromised by Undetected Malware Attack

Westwood Borough, Bergen County, New Jersey – Malware

  • Date Issued: June 27, 2019
  • Target: Customer Information (Banking, SS#, Addresses)

Report Details

 

Westwood Borough in Bergen County, New Jersey was breached by a malware attack that compromised data stored within their systems. The borough had hired a 3rd party forensics analysis company back in January, when they had noticed unusual activity within their network. The information compromised included Social Security numbers, State and Driving IDs, as well as bank account details.

 

The forensics analysis team stated they could not find how or where exactly the malware was unleashed. As a precaution Westwood wanted to bring this to the public’s attention

June 27, 2019 – Lake City, Florida crushed by Malicious Malware Link

Lake City, Florida crushed by Malicious Malware Link – Ransomware

  • Date Issued: June 27, 2019
  • Target: Lake City, Florida Local Government  

Report Details

 

Big time hackers target Lake City, Florida local government this week. The mayor stated the community paid a $460,000 ransom to get back control of their email and servers that had been down for two weeks ago. The ransomware attack froze city workers out of their email accounts which disabled the community’s ability to pay city bills online. Lake City’s insurance was able to cover the whole ransom, except for around $10,000. The mayor says this could lead to higher taxes for better insurance so this doesn’t happen again. The hackers were able to infiltrate the malware through an malicious email link that was clicked on by a city employee.

 

June 24, 2019 – U.S. government agencies targeted by Iranian spearphishing campaigns

U.S. Government Agencies targets of Iranian spearphishing campaigns

  • Date Issued: June 24, 2019
  • Target: Undisclosed U.S. government agencies 
  • Spearphishing campaigns

Report Details

Representatives from two cyber threat intelligence firms told Fifth Domain (fifthdomain.com) June 24 that they were aware Iran had conducted highly-customized spearphishing campaigns. In some cases, experts said, the attacks included what’s known as a lure document to entice victims to click and inadvertently install malware. U.S. government agencies were among the targets of the attacks.

June 24, 2019 – Marin Community Clinics Sodinokibi Ransonware attack

Marin Community Clinics – Sodinokibi Ransonware Attack

  • Date Issued: June 24, 2019
  • TargetMarin Community Clinics
  • Sodinokibi Ransonware attack via malicious link in email

Ransomware Methods

  • Genuine Looking Content
  • Disguised Hyperlinks
  • Cryptolock

Report Details

Marin Community Clinics was able to resume use of its computer system after being hit by a ransomware attack last week.

Unidentified hackers managed to encrypt the clinics’ data and demanded a ransom to decrypt it.  Mitesh Popat, the clinics’ CEO, said no patient information was compromised during the attack and little or no information was lost.

Cyber Threat Report

Read the latest Cyber Threat Report on current cyber threats now, benefit from exclusive assessments by Hornetsecurity security experts, and learn how you can effectively protect yourself as an organization. All figures and statistics on Advanced Persistent Threats, Malware and Digital Espionage are available at the following link.

» Get Report

Stay informed

Be the first to receive blog updates, threat alerts, information on cloud security trends, and details on new services from Hornetsecurity.

Threat Alerts

Get information about the latest cybercrime threats and dangers.

Exclusive Content Access

As a subscriber you get free access to exclusive content, such as case studies, white papers, webcasts, and other interesting information.

News and Updates

Get information on current cloud security trends in the form of technical papers.

Service Information

We are proud to inform you about new features of our services, as well as show you in detail how you can benefit from our services.

Benefit from our Premium Services

As one of the leading cloud security providers, we offer you a wide range of services for your email security. These include 365 Total Protection, Advanced Threat Protection and our Spam Filter Service.

» More

Test our innovative services today

Do not buy a pig in a poke, but get an insight into our Cloud Security Services in advance for a 30-day trial period. Find out how you can protect your business against cybercrime.

» More

Reliable services

We protect our customers against cyber attacks of various kinds. Our premium services – based on sophisticated engines – protect you against spam, business email compromise (BEC), phishing and ransomware.

» More

Hornetsecurity – The Cloud Security Pioneer

Our experienced specialists from the Security Lab recognize and analyze current threat situations. Benefit from our knowledge and convince yourself of our 24/7 Cloud Security Services.

» More

Latest Blog Articles & Security Informations

» Subscribe now

Business email compromise: threat grows dramatically

Business email compromise: threat grows dramatically

Besides Ransomware, Crypto Miner and Spyware, the plain text-based attack method Business email compromise seems very unimpressive. But it is now one of the biggest global cyber threats: According to the FBI, the email fraud has already caused damage of around 12 billion dollars worldwide.

Brute Force Attacks

A brute-force attack is a trial-and-error method used to obtain information such as passwords or other access codes. Here, the attacker tries a variety of …

» More

Cryptolocker Ransomware

The cryptolocker ransomware was a polymorphic virus, which was used to encrypted computer systems. The only option affected …

» More

Cyber Kill Chain

To identify and combat attacks along the Cyber Kill Chain in time, you need to understand the strategies of the criminals …

» More

Ransomware Kill Chain (Part 1)

Why ransomware is not a typical cyberattack? Normally, the data theft remains undetected. This is especially true when the systems are insufficiently protected. But it is quite a different case with ransomware …

» More

Ransomware Kill Chain (Part 2)

How to use the Ransomware Kill Chain model to devise countermeasures? The Ransomware Kill Chain using Wanna Cry as an example …

» More