Cybersecurity Update
- Check Point Security published report warning that hackers are spoofing Medical Leave forms in email phishing campaigns that have embedded malware.
- VT San Antonia Aerospace of Texas notified the federal government that 1.5 terabytes of sensitive data was stolen as result of a Maze ransomware attack.
- Kaspersky Software published report warning that a hacking group named “Cycidek” is sending out phishing emails that are embedded with USBCulprit malware which copies sensitive data onto a USB connected memory device.
- SafeBreach Labs published report warning of a vulnerability in Microsoft Windows Print Spooler. The vulnerability, called “PrintDemon”, could allow hackers to steal print jobs.
o Microsoft claims that its May 2020 update fixed this issue.
- The Department of Health and Human Services is reporting a 50% increase in cybersecurity breaches in healthcare vertical during the COVID-19 pandemic.
- Ironscales Cybersecurity published report warning healthcare facilities that hackers are sending phishing emails that direct users to click on a link so they can hear their voicemails, but instead launches malware.
- Corvus Security published report warning healthcare facilities of hackers using open ports on network endpoints to launch ransomware. (MFPs and printers are endpoints on networks)
- Castro Valley Health of California notified an unknown number of patients had their PHI exposed after it was sent to the Docker Hub third party website.
- University of Utah Health System notified an unknown number of patients their PHI was exposed after an email phishing incident.
- NetWalker ransomware attacks hit the following, impacting an unknown number of students:
o Columbia College of Illinois
o University of San Francisco
o Michigan State University
- Aeries Software notified 150 public school districts around the U.S. that students info was compromised after a hacking incident.
- Duluth Public Schools in Minnesota notified an unknown number of students that their info was exposed after a hacking incidents.
- Harvard University announced that one of its professors, Charles Lieber, was arrested by federal police as he is being charged with allegedly sharing confidential info with Chinese Government.
- Beazly Group reports on ransomware:
o 25% increase in attacks in past 90 days
o 156% increase in manufacturing vertical
- Honda Motor Company, with North American headquarters in Torrance, CA, announced that it was hit by an unspecified cyberattack.
- Conduent, a managed IT services company which was once a division of Xerox, notified an unknown number of customers that it was hit by Maze ransomware.
- The New York City Council is investigating breaches by insiders that release arrest records of the daughter of Mayor Bill de Blasio.
- Yale New Haven Health of Connecticut notified 506 patients that their PHI was exposed after a breach.
- Google announced it removed another 38 Android apps from the Google Play Store, as they had embedded malware.
- Nintendo notified 300,000 customers that their gaming accounts were compromised after a breach.
- Cano Health of Miami, FL notified an unknown number of patients that their PHI was exposed after email phishing attack.
- Rangely District Hospital of Colorado notified an unknown number of patients that their PHI was exposed after ransomware attack.
- Electronic Waveform Labs of Huntington Beach, CA notified an unknown number of patients that their PHI was exposed after ransomware attack.
- ForgeRock Security published report on US breaches in 2019:
o 5 billion records exposed due to breaches in 2019
o Total cost to customers of $1.2 trillion
o Healthcare was most targeted with total cost of $2.45 billion (45% of incidents)
o 1.6 billion records have already been exposed in 2020
Original Post