An emailed bomb threat hoax sent Thursday afternoon has terrorized businesses and organizations across the US, Canada, Australia and New Zealand. Claiming to have planted bombs all over the building, the email demands ransom in bitcoin or the bombs will be detonated. The email extortion scam, which states “I advise you not to call the police,” appears to be getting out of hand after a number of institutions took it as credible and evacuated the area. Each email comes with a different bitcoin address, writes Brian Krebs. Source: KrebsonSecurity.com The scam has so far been sent to financial institutions, banks, school districts, universities, newspapers and courthouses. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Agency, is aware of the global campaign and advises recipients to not contact the sender, not pay the ransom and immediately inform the FBI about the bomb threat email. Australia and New Zealand, who..
The UK’s National Health Service, one of the highest-profile victims of last year’s devastating WannaCry ransomware attack, has pledged to phase out fax machines from its trusts by 2020. NHS made headlines in 2017 when its entire fleet of healthcare institutions fell victim to WannaCry, the world’s virulent ransomware outbreak. Like many other victims of the WannaCry wrath, NHS had poor security practices in place and extremely outdated software on its systems (i.e. Windows XP). In a bid to prevent history from repeating itself, NHS is now pledging to do away with one of the oldest technologies still in its IT infrastructure: fax machines. The plans were announced by Secretary of State for Health and Social Care Matt Hancock, who mandated the use of modern communication methods, like secure email. According to The Independent, Richard Kerr, chair of the Royal College of Surgeons Commission on the Future of Surgery, said it was “absurd” that NHS still used fax machines. “Most other ..
Ransomware has struck again in the medical sector, this time affecting ophthalmology practice Redwood Eye Care Center in California through a security incident at a third party, its EMR hosting vendor. Personal data of as many as 16,055 California residents may have been exposed. According to a breach notice sent by Redwood Eye Care Center to the Attorney General, IT Lighthouse, the vendor responsible for keeping the entire patient medical database on their servers, including names, addresses, medical treatment, health insurance details and dates of birth, fell victim to a ransomware attack in September. The residents affected were immediately notified of the privacy breach, and Redwood has switched vendors and taken the appropriate steps to strengthen security and ensure prevent future incidents. “On September 20, 2018, Redwood learned that on September 19, 2018, the third-party vendor that hosts and stores Redwood’s electronic medical records experienced a data security incident wh..
Google+ and its APIs are shutting down sooner than announced after a new privacy glitch that exposed the data of more than 52 million users was detected in November, Google announced on Monday. Personal information such as age, name and email address was available online for six days before the bug was fixed, but there’s no evidence that developers misused the data. The company assures users that their passwords, financial information and any data that could be used for fraud or identity theft was not compromised. “We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced,” Google said. “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.” The company had already detected a bug in October that leaked personal information of 500,000 users including names, emails and jobs. That first securit..
Wanzhou Meng, Huawei’s CFO and the daughter of the company’s founder, was arrested at the Vancouver airport on Dec. 1 and is awaiting extradition to the US to face trial on accusations that the US export sanctions against Iran were breached, writes the Globe and Mail. Her bail hearing is on Dec. 7. Further details were not provided due to Meng’s request for a publication ban. “She is sought for extradition by the United States, and a bail hearing has been set for Friday,” Justice Department spokesman Ian McLeod said in a statement to the Toronto-based newspaper on Wednesday. “As there is a publication ban in effect, we cannot provide any further detail at this time. The ban was sought by Ms. Meng.” The US government released several warnings advising consumers to not purchase Huawei smartphones as it considers them a threat to national security. In April it was announced that the company was already under investigation for illegal sales violating US sanctions against Iran, following..
Brazil’s largest subscription television services company, SKY Brasil, leaked private data of 32 million customers on ElasticSearch, a search engine favored by enterprises, reported independent security researcher Fabio Castro on Twitter last week.Castro was able to easily access it on the open source search engine’s server, and found 28.7GB of log files and 429.1GB of API data, the latter exposing personally identifiable information such as customer name, email address, service login password, client IP address, payment methods, phone number and street address. The telecommunications company has a variety of customers, including high-ranked politicians, governors and government employees, whose data may have also been compromised. Castro is himself one of the customers affected by the leak. The cache was left available online since mid-October, long enough to have given an attacker time to access the data and manipulate it for illicit activities. The researcher used the search eng..
It took Dell almost a full month to inform its customers that their information was stolen following a security incident which occurred on November 9, 2018, reads a notice on the computer company’s website. The company reset customer passwords without informing them early on that their data may have been compromised. According to their statement, unauthorized activity was detected on its infrastructure with clear intent to steal customer data. The data breach may have affected some data on the company’s network such as names, emails and hashed passwords of online customer accounts, but no strong evidence confirms that malicious actors actually obtained the desired data. Dell assures customers that credit card and sensitive customer information was not leaked and their products and services were not affected. Dell immediately tried to contain the incident and reduce exposure by hashing customer passwords and resetting passwords. “Upon detection of the attempted extraction, Dell immed..
Hackers breach Quora to steal 100 million user accounts – if you were logged out, change your password now!
Question-and-answer website Quora has issued an urgent warning to 100 million of its users, notifying them that hackers now have their data as a result of a breach. “We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party,” reads the email, signed The Quora Team. “We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.” Quora says it discovered the breach Friday and has since enlisted the help of leading digital forensics and security experts to get to the bottom of the issue. It has also notified authorities of the breach. “We believe we’ve identified the root cause and taken steps to address the issue, although our investigation is ongoing and we’ll continue to make security improvements,” the company says. The hackers obtain..
Uber’s widely publicized data leak from two years ago has finally resulted in a fine from the UK Information Commissioner’s Office. The penalty would have been 203 times the amount if the leak had occurred this year, after the GDPR era took effect in May. “The Information Commissioner’s Office (ICO) has fined ride sharing company Uber £385,000 for failing to protect customers’ personal information during a cyber attack,” reads the announcement. In US dollars, that figure translates into around $492,000. As readers may remember, a series of flaws in Uber’s servers let hackers steal personal data of 2.7 million UK customers, as well as the records of almost 82,000 British drivers. The leak exposed full names, email addresses, phone numbers, journey info and even payment data. An investigation revealed that attackers used “credential stuffing” to access the data. As its name implies, the process involves “stuffing” credentials (leaked from a previous breach) into websites until they mat..
A school district in Indiana which had $120,000 transferred from its bank account after its email account was hacked, has failed in an attempt to reclaim the cash. The problems for Lake Ridge Schools began in October 12 2016 when money earmarked for part of a seven million dollar construction project of an athletics complex at Calumet New Tech High School was fraudulently wired to parties unknown. The email account of a business manager tasked with signing off payment requests had been hacked, and a request was made to the BNY Mellon banking giant, asking it to transfer $120,882.83 to several people listed as contractors on the project. At the time, the school district’s business manager was on vacation – a fact not unknown to BNY Mellon as it had received an automated out-of-office email notification a few days earlier. In addition, according to the lawsuit filed by Lake Ridge Schools, the payment request was different from those made previously – it was presented in a different f..