Caribou Coffee, a U.S based Coffeehouse chain with 603 branches, publicly made disclosure that thousands of their customer records from at least 219 branches in Minnesota were affected by a data breach. The security breach happened for three-month straight before it was discovered, according to their official disclosure document. Unauthorized access to their servers was detected and all their customers who transacted with them between August 28th to Dec 3rd had their credit card number, full name, and other personal information extracted. “On November 28, 2018, we identified unusual activity on our network through our information security monitoring processes. Upon identifying this issue, we began working with Mandiant, a leading cybersecurity firm, to understand the scope of the incident and determine whether there had been any unauthorized access. On November 30, 2018, Mandiant reported that it detected unauthorized access to our point of sale systems, exposing some of our customers’ data. Mandiant worked with us to contain the breach and ensure that the unauthorized access was stopped immediately
Presented on December2018-Repercussions on European union's coreu network,confidential diplomatic cables stolen
Cyberattacks against European Union’s diplomatic cables have been happening for a while which was allegedly targeted by Chinese based Hackers whom also targeted the COREU network. A diplomatic cable alias diplomatic correspondence/embassy cable is a short message sent in secrecy between the legitimately involved consulates/embassies or foreign dignitaries of two or more county’s. These messages are being treated with the highest level of classification with strong encryption standards embedded in it and can only be unlocked by the receiving party. Area 1 Security found indications that Beijing-sponsored hackers are behind the breached diplomatic cables, with the earliest copies were three years ago, in 2015. The COREU Network is EU’s link for the rest of twenty-eight European Union-member states. Three organs of the European
Union are cited as follows:
The main users of the mentioned network
The European Commission
The Council of the European Union and the European External Action Service
Various significant information like email addresses, first and last names, last and second-to-last IP addresses were left exposed.
Abine Blur Password Manager suffers a data breach exposing private data of 2.4 million users Significant information’s like email addresses, first and last names, last and second-to-last IP addresses were left exposed. These data’s were used to login to Blur and also to encrypt those passwords. Blur finalized that there was zero evidence for the exposure of usernames and passwords, auto-fill credit card details, masked emails, masked phone numbers, masked credit card numbers and payment details. On 31st December 2018, an online privacy company named as Abine that owns Blur and DeleteMe, figured out the online exposure of Blur password manager users. Blur became aware of this incident on 13 December, 2018 and post it, Blur firm instantly began to work on investigating the issue and for confirming the certainty of their data’s and systems security. After the ending of investigation, it was revealed on Monday that “A file containing information from users who had registered prior to January 2016 were exposed online”. Blur is collaborating with a leading security firm to prevent the existence of breaches in future.
The usage of a Trojan named as Emotet for performing attacks on local organizations
The usage of a Trojan named as Emotet for performing attacks on local organizations has been done on 11 instances, fragmented and attached through malicious email attachments v - detects the National KE-CIRT/CC.The Communication Authority of Kenya (CA) cautioned its residents of an advanced, catastrophic banking malware that targets the network systems. This Emotet malware has damaged several firms. Propagation General Tom Olwero - The CA director says other than dissemination of malware through mail, it is also posted through phishing techniques that appears to be from legal links like invoices, from banks and much more. Further, Olwero said that,” Emotet is modern and a malicious Trojan as its modular design, persistence techniques and worm-like self-propagation steadfastly spread infection to wide networks”, the Star reported. It is also said that if it’s once injected, then the systems will be infected. The malware seems to be a frightening threat to Kenyan firms as it can cause the significant loss of temporary/permanent files for an organization, obviously leading to reputation dash. About the potentialities of Trojan, Olwero commented that “it can dodge typical signature-based detection and has various ways for maintaining persistence that includes the functions of auto-start registry keys and its services”, says the Standard report.
The developer of an online browser based game, situated in the ‘Town of Salem’ has suffered a data breach that compromised over 7 million user data’s
On 28th December 2018, BlackMediaGames - the developer of an online browser based game, situated in the ‘Town of Salem’ has suffered a data breach that compromised over 7 million user data’s. A faulty email was received by Dehashed (a Data-Mining and hacked database search engine) that surmounted the evidence of server access as well the details of the exposed database. Post this mail, it was lucid that Dehashed has been breached. A faulty email was received by Dehashed (a Data-Mining and hacked database search engine) that surmounted the evidence of server access as well the details of the exposed database. Post this mail, it was lucid that Dehashed has been breached. Types of information compromised The affected User’s data’s comprised of various usernames, emails, passwords, IP addresses, Game and Forum activities, payment information as well as the Billing information of users for certain premium features were also impacted. This is first time BlackMediaGames has been breached by cyberattacks. As a cybersecurity awareness move, Dehashed has informed the firm about the email attack. Dehashed has given the data’s to HaveIBeenPwned. It is a search engine that keeps track of the compromised email accounts. For preventing further threats, the firm is collaborating with many security researchers to reduce similar breaches.
cybercriminals have utilised the Microsoft Office suite to propagate their threats from simple macros merged in files for the exploitation of vulnerabilities Of late, cyber criminals have utilized the Microsoft Office suite to propagate their threats from simple macros merged in files for the exploitation of vulnerabilities. On this occasion, implementation of a down-loader was incorporated into an office file. This aroused some chaos among readers who asked to demonstrate how the threat works- published by ESET. Attack initiated through a phishing email with a malicious attachment. After downloading and opening, it will ask the victims to enable the macros. The trick used by hackers in this campaign is equipped with strange features as macro doesn’t attempt to connect a website for downloading malicious content. In top left corner, appears a small, square and solid expandable box, after which it contains a “cmd” command that uses Power-Shell script for persuading to connect five sites. This is done for downloading the payload, and an overshadowed variant named as Emotet. The payload gets connected to the C2 server after it gets executed. It can attempt further downloads by installing attack modules and secondary payloads for performing malicious deeds on systems. “The prospect at which this Emotet Trojan is hidden within a word file shows the stealthy intellect of cyber-criminals in launching attacks, in a bid to compromise the user information of the victims system”- ESET concluded.compromise the user information of the victims system”- ESET concluded.
Coinbase revealed on Monday that it found "a deep chain reorganization" of the Ethereum Classic Block chain
Coinbase revealed on Monday that it found "a deep chain reorganization" of the Ethereum Classic Block chain, which means that someone controlling the majority of miners on the network, had modified the transaction history. Coinbase detected the deep chain reorganization of the Ethereum Classic blockchain on 5th January, at which point the organization settled on-chain ETC payments for safeguarding its customer funds and the cryptocurrency exchanges. Initially, Coinbase found nine reorganizations had contained double spends that costs up to 88,500 ETC (about $460,000), but the latest update on its blog post tells us that at least 12 additional reorganizations included double spends, that totalled up to 219,500 ETC, which ranges to nearly $1.1Million. However, Ethereum Classic refused the claim that Coinbase contacted ETC personnel about the attack. Since it is highly tangent to mount such attacks against heavily-mined cryptocurrency networks such as Bitcoin and Ethereum, hackers chose to target small-cap cryptocurrencies like Ethereum Classic, Litecoin Cash, Bitcoin Gold, ZenCash (now Horizen), and Verge. Having its inception in June 2016, Ethereum Classic is the 18th-largest cryptocurrency containing a market cap of more than half a billion dollars (around $539 million), that makes it a luring deal for hackers to attack.
A new variant of side-channel attack was detected of late that is actively pilfering the data’s of Windows and Linux targets
A new variant of side-channel attack was detected of late that is actively pilfering the data’s of Windows and Linux targets. Side-channel attacks are secondary choice exploitation scenarios of a system through cache, acoustic, electromagnetic, sound, power or timing information. Both Microsoft and Linux teams were acknowledged about the issue presented in the paper, and all of their data leaks have known the mitigation procedures as implemented by both Microsoft and Linux teams. This usually comes as an update to both Linux and Windows core system files and libraries for alleviating the issues brought forth by the paper’s authors. The boon of the tracked side-channel attack is the quantity of original data that can be regained, with a spatial resolution of 4KB. Data leakage is obviously the ultimate goal for any attacker who tries to flawlessly execute such type of attack. With 4KB information per two microseconds is shockingly but truly a humongous amount of information extraction than the notorious keystroke logger attack. It basically means the attack will be able to excavate information from a system as instant as 6 keystrokes per second. To your surprise, it is as fast as the world’s fastest typist.
Chinese company developed a rapid-development framework named as ThinkPHP, in which the existence of a vulnerable code was identified
Top Think, a Chinese company developed a rapid-development framework named as ThinkPHP, in which the existence of a vulnerable code was identified, last month. “Multiple threat actors are in a pursuit to exploit ThinkPHP vulnerability to initiate cryptominers, skimmers and other malware payloads”- says Larry Cashdollar, a vulnerability researchers after he was researching on a recent Magecart attack. During this phase, he noticed the wobbling presence of a malware which was something unseen in the past.The developers resolved the vulnerability indicating that,” The framework doesn’t detect the controller name which may lead to potential ‘getshell’ vulnerabilities without forced routing enabled”. This vulnerability has been assigned as CVE-2018-20062. Parallel to the observance of many payloads, Larry Cashdollar found something that is a matter of concern named as ‘Mirai Variant’. The Dark Reading report quotes Cashdollar as saying,” I had been waiting for Mirai botnet kits for including Web app codes in their storage and is a premonition that it’s happening”. Cashdollar further says that, “Unlike the threat actors in 1990 persuading to gain root access, the current threat actors just execute a code pretending as a legitimate user and surreptitiously spreading malware and botnet for mining cryptocurrency. scanning software firms and car rentals, there are more than 600 scans happening per day. As a factor of security betterment, firms using ThinkPHP framework must update to the latest version without delay.
The federal judge in Boston who handed down the sentence calledGottesfeld a "self-aggrandizing menace." Anonymous hacker Martin Gottesfeld was sentenced to more than 10 years along with $443,000 for perpetrating the damaging cyberattacks, declared the federal judge in Boston.
THE IMPACT: The DDOS cyberattacks through Gottesfeld initiated from Massachusetts and then proliferated into a humongous extent on Boston Children’s hospital. Hence, the systems over there had to be shut down as their internet services which were meant to treat patients became crippled, says Reuters. The attacks initiated from Gottesfeld’s discern over a child custody about a Connecticut teenager Justin Pelletier.
ON THE RECORD
This was not a tens of thousands of dollars thing, it was significantly more than that," said Daniel Nigrin, commenting earlier to HFN on the financial ramifications of the cyberattack. "It was your arrogance and misplaced pride that has been on display in this case from the very beginning that led you to believe you know more than the doctors at Boston Children's Hospital," U.S. District Judge Nathaniel Gorton said, according to the Boston Herald.
A new variant of side-channel attack was detected of late that is actively pilfering the data’s of Windows and Linux targets
On 25th January 2019, the update on breach notification was recently done by the Alaska Department of Health and Social services for including more number of patients than in its initial announcement, from June 2018. In this process, these speculations later proved incorrect. Between 2018 26th April and 30th April, a malware has attacked a possible database that comprised patient names, Social Security numbers, benefit information, dates of birth, addresses and other personal details-says DHSS. The hack occurred at the time when anapplicant emailed a request for assistance to DHSS for a state employee. As emails are sent through attractive displays, the employee opened the malicious file that had Zeus/Zbot Trojan. The hackers then installed the malicious software and performed “other suspicious computer behaviour”. Hackers infiltrated into the laptop’s hard drive with “Day One” virus that spread before the DHSS IT team could stop it. As for the delayed notification, officials said that the investigation included a mass volume of data which consumed months. The FBI still haven’t identified the source. Hackers primary target have been the Healthcare and Government sectors as they had suffered most breaches recently. Of late even, Kent County Community Mental Health notified about 2,200 patients potential data's have been breached.
A new exploit named as Novidade meaning `Novelty’ in Portuguese, attacks the DNS (Domain name System) through Cross-Site Request Forgery (CSRF) with applications, the users are authenticated with. Novidade has been delivered through various techniques like malvertising, compromised website injection and via instant messengers. Once the victim clicks the link to Novidade and if the HTTP connection is successfully established, a corresponding exploit payload is executed, which is encoded Base64.
There are 3 variants of Novidade. They are:
• First Version: The basic variant of the exploit kit.
Memphis-based Sacred Heart Rehabilitation Center notified patients that a phishing attack has potentially breached many users personal data
On 17th January 2019, Memphis-based Sacred Heart Rehabilitation Center notified patients that a phishing attack has potentially breached many users personal data between 5th and 7th April, after a hacker gained the employee email access. Officials didn’t comment when the breach was discovered. The investigation concluded in November. The breached data’s included patient names, Social Security numbers, health insurance information, treatment details, diagnoses and much more. Sacred heart has improved its security features through security awareness training for employees. The breach wasn’t listed in the department of Health and Human services. Hence, all patients are offered a year of free credit monitoring. Patients receiving treatment at the Hanger Clinic in Florida are notified about the finding of patient records at the home of a former clinic employee’s ex-spouse. The individual returned the box to the Hanger Clinic. It is believed that the patient’s records were stored at home in 2009 and 2014, when an employee stopped to work at the clinic. The records contained patients data’s whomreceived care at hanger clinic in 2009. The individual signed that he didn’t access the box contents. As a precaution, we recommend the individuals to review the benefits statement received from his health insurer, officials said. If the individual didn’t receive the benefits listed on the benefits list, then the individual must contact his insurer.
A Centerstone Insurance and Financial services firm informed about the breach of 111,589 personal data to customers due to phishing attack
On 15th January 2019, Benefit Mall- A Centerstone Insurance and Financial services firm informed about the breach of 111,589 personal data to customers due to phishing attack. On 11th October, officials found that the hacker through the usage of phishing technique has gained the control of various systems. A third party forensics team was hired, with the investigation consuming 4 months period. During investigation phase, it was confirmed that the breached data’s included names, Social security numbers, bank account numbers, insurance premium payment information, date of birth and addresses. As a boon move, benefit mall has implemented two-factor authentication (2FA) with proper training on phishing awareness. Notifications were sent to all on 4th January by the officials but no explanation on the reason for delay in reporting this since October 11th. Under HIPAA, healthcare organizations must report the breaches within 60 days of discovery. Most recently, Choice Rehabilitation Center informed 4,300 patients of a phishing hack on an employee email account. This list includes TandigmHealth, San Diego School district and Health first. The best possible method to detect unauthorized access is through access management and network monitoring. As threats continue to improve in sophistication, shielding up user authentication issues will be crucial for healthcare sector.
Security researcher Mike Bautista has released a free decryption tool that manumits victims infected by PyLocky ransomware attack, without paying ransom.Security researcher Mike Bautista has released a free decryption tool that manumits victims infected by PyLocky ransomware attack, without paying ransom. The decryption tool works for everyone but with limitations. The initial network traffic (PCAP file) between PyLocky ransomware and its command-and-control (C2) server, must be captured which is generally done by none. Researchers at Trend Micro, first observed in July that PyLocky ransomware was manipulating through spam emails to trick victims. To prevent detection by sandbox security software, the ransomware torpers for 999.999 seconds if system size is less than 4 GB.
To be safe from these attacks:
• Beware of phishing emails
• Backup Regularly
• Maintain your Antivirus software and system up-to-date.
Kent county community Mental Health Authority that their data’s were breached,
On 10th January 2019, 2284 patients were informed by the Kent county community Mental Health Authority that their data’s were breached, due to a spiral of phishing attacks. After a 9 day investigation by various HIPAA privacy officer, HIPAA security officer and by the IT department, the officials confirmed that the phishing attacks on October 28th have victimised three employees email accounts. The breached accounts contained in the email included names, addresses, dates of birth, Medicaid and Medicare ID numbers, waiver support application ID numbers, provider names, schools attending or attended, demographic data and the names of relatives. Social Security numbers of 20% patients have also been compromised. As a remedy, mass password reset and additional safeguarding techniques were done to ensure none other accounts get hacked. THEFT OF UNENCRYPTED LAPTOP BEHIND SOLIS MAMMOGRAPHY BREACH Solis Mammography reported the abduction of an unencrypted laptop on October 18 from its Phoenix, Arizona clinic to 500 patients. The investigation determined it’s impossible to figure out what data was exposed. Through the help of forensic team, it was figured out that patient names, birth names, health insurance data, lab results, medical images and PII were exposed.Nevertheless, justified explanation about the presence of unencrypted data’s on laptop, remains still unjustified. Since then, Solid Mammography have hardened their security features.
Health Services of Indiana Health Plan cautioned 31,000 patients personal data breach, with phishing attacks the causality.
On 9th January 2019, Health Services of Indiana Health Plan cautioned 31,000 patients personal data breach, with phishing attacks the causality. As per the officials, LCP Transportation employees through MHS vendor responded to phishing emails on 30th July which gave hackers remote access to accounts over a month. Post this acknowledgement, LCP isolated the impacted accounts on September 7th. Investigation by forensics team made it evident that patient data’s like names, insurance ID numbers, addresses, date of birth, dates of service and other were exposed. LCP Transportation informed the breach to MHS on Oct 29th. Post this, MHS hired its own enquiry on this issue till December 20th. “Our vendor is making necessary betterments for strengthening the security defences. Simultaneously, patients will be also provided a year of free credit monitoring. Apropos to it, MHS on the same day cautioned patients of another 3rd party hack on Oct 16th, due to a mailing error which resulted in the disclosure of health information. Officials learnt about this on 25th Oct and revealed that the information contained names, insurance ID’s, of about 576 plan members. As a remedy, MHS is calling patients to retrieve the letter mailed to wrong recipients. Further, Officials are revamping the mailing policies and procedures around patient data while simultaneously reviewing the process of sending mails
A ransomware attack has corrupted the medical records of 24,000 patients on the Podiatric Offices of Bobby.
On 7th January 2019, a ransomware attack has corrupted the medical records of 24,000 patients on the Podiatric Offices of Bobby. Typically, ransomware encrypts the data’s on the infected host. The affected data’s included patient names, Social Security numbers, health insurance policy details, medical records, date of birth, phone numbers, sex and addresses. “Once we acknowledged the incident, needed steps to safeguard your passwords have been activated. Further, if any alteration of your personal info is to be made, we need to reconstruct the information that is inclusive of your medical information”- said Officials. THIRD HEALTH DATA BREACH FOR HUMANA IN DECEMBER A business associate for Humana names as Banker’s life informed the health insurer on 25th Oct that a hacker has accessed and seized the credentials of few employees where consumers claim for Humana health insurance. As per reports, the cyber conman has accessed the site in the midst of 30th May to 13th September. On August 7th, Bankers life found out “unusual activity”. Post this, they hired an external forensics team and figured out that hackers had accessed applicant names, addresses, date of birth, social security numbers, health insurance policy details like policy numbers and its cost. Since then, Officials have taken measures to restrict unauthorized system access.
Patient’s data were breached on a corporate email- reports Missouri based rehabilitation Center named as ‘Choice’
On 3rd January 2019, 4,309 patient’s data were breached on a corporate email- reports Missouri based rehabilitation Center named as ‘Choice’. On 7th November, Choice identified one of its hacked email account. As per officials, cybercriminals forwarded the provider’s email to their personal account. The account was later deactivated. Choice negotiated with Microsoft and initiated an investigation about the attack. The investigation revealed that hackers had accessed the accounts from 1st July to 30th September. They have compromised data’s that encompassed patient names, medical record numbers, treatment facility, Medicare data, beginning and end of treatment dates, treatment information, diagnosis and billing codes. These are the data’s which are frequently and fervently utilised by cybercriminals for medical fraud. Choice is teaming up with its contracted nursing facilities for notifying patients and for alleviating the possible hazards that could be caused by the breach. Since then, officials have concentrated their network security defences and are simultaneously improving their operation security as well as in providing training to employees. The previous month, Philadelphia based Independence Blue Cross declared that a breach was present for 3 months because of an employee error.
Canada-based HSN at Sudbury discovered a virus infected its computer system; officials put its system on downtime to contain the exploit. On Thursday morning, staff at Canada-based HSN at Sudbury discovered a virus infected its computer system; officials put its system on downtime to contain the exploit.On 18th January 2019, a zero day virus has disrupted the services of the computer system of Sudbury, of Ontario-based health sciences North. This forced officials to shut down its EHR to contain the infection, as per local news outlet CBC Radio-Canada. “Zero day virus means it cannot be captured by anti-virus tools, available in market. All 24 hospitals in the region rely on our information technology platforms and to safeguard those sickbays, authorities implemented precautious measures like shutting down systems and more. Out of 24, 21 sickbays are functioning with main electronic health system” says Dominic Giroux, Health Sciences of North CEO. “The virus didn’t affect the cancer program system. We have good backup data to restore our lost information and so by Friday, we will restore most of our major systems for Health Sciences North.”Other hospitals also experienced care interruption with efficiency of services slowed down, Giroux explained. Giroux insisted all non-urgent care needs to have a visit to clinic or to use a telehealth platform.