CoinMarketCap: No Breach Despite 3.1M Email Address Leak

Jeremy Kirk • October 25, 2021

CoinMarketCap says it has found no evidence of a data beach despite the circulation of a list of 3.1 million email addresses that correlates with accounts on its service. Regardless of the source, the list would be useful for attackers to launch phishing attacks against those interested in cryptocurrency.

Critical Infrastructure Security

Accenture: Ransomware Attack Breached Proprietary Data

Latest

3rd Party Risk Management

PHI Stolen in Practice Management Firm's Ransomware Attack

Marianne Kolbasuk McGee • October 28, 2021

A ransomware attack on a medical practice management services firm that included the theft of files containing patient information is among the latest security incidents involving similar third-party vendors.

Breach Notification

Hackers Claim 400GB of Data Stolen From Thai Hotel Chain

Soumik Ghosh • October 28, 2021

The Desorden hacker group, previously known for its exploits against computer giant Acer and a Singaporean employment agency, has now targeted Thai luxury hotel chain Centara Hotels & Resorts. The group claims to have stolen 400GB of data from the hotel chain's network.

Cybercrime

Lazarus Adds Supply Chain Attack to List of Capabilities

Prajeet Nair • October 28, 2021

North Korean advanced persistent threat group Lazarus - aka Hidden Cobra - is developing supply chain attack capabilities using its multiplatform malware framework, MATA, for cyberespionage goals, according to researchers from Kaspersky.

Critical Infrastructure Security

Washington Secretary of State to Head Election Security

Dan Gunderman • October 28, 2021

CISA announced that Washington Secretary of State Kim Wyman will be the agency's senior election security lead. She will become a top security official within the Biden administration, inheriting a role that has garnered public attention following interference in 2016 and fraud claims in 2020.

3rd Party Risk Management

Vendor Partner Responsible for Fullerton Health Data Breach

Soumik Ghosh • October 28, 2021

Singapore healthcare firm Fullerton Health confirms that a data breach in the server of its vendor partner Agape Connecting People was responsible for the leak of 400,000 user accounts. The incident marks the fourth major data breach incident involving third-party vendors in Singapore this year.

Cybercrime

Voipfone DDoS Attacks Raise Specter of Protection Racket

Mihir Bagwe • October 28, 2021

Telecom company Voipfone has come under a severe "extortion-based" DDoS attack from foreign entities, according to a tweet by the U.K.-based company. The attack is likely a continuation of the one observed on Thursday, although the company stated that all its systems remained operational.

Business Continuity Management / Disaster Recovery

US State Department to Create Dedicated Cyber Office

Dan Gunderman • October 27, 2021

The U.S. Department of State will create a Bureau of Cyberspace and Digital Policy, led by a Senate-confirmed ambassador-at-large, to advance its cybersecurity diplomacy efforts, according to Secretary of State Antony Blinken. The move is a response to a challenging global threat landscape.

Breach Notification

Cyberattack Reportedly Cripples Iran Gas Stations

Prajeet Nair • October 27, 2021

An attack on systems that govern fuel subsidies in Iran reportedly hit all fuel stations and left many of the country’s citizens without gas for hours. Islamic Republic of Iran Broadcasting says that a cyberattack caused widespread disruption to the country's fuel distribution network.

3rd Party Risk Management

REvil's Cybercrime Reputation in Tatters - Will It Reboot?

Mathew J. Schwartz • October 27, 2021

Will the notorious ransomware operation known as REvil, aka Sodinokibi, reboot yet again after someone apparently messed with its infrastructure? Experts suggest that the operation's brand is burned, and administrators will launch a new group. Many affiliates, meanwhile, already work with multiple groups.

Breach Notification

Why Healthcare Entities Fall Short Managing Security Risk

Marianne Kolbasuk McGee • October 27, 2021

Why do so many HIPAA -covered entities and their vendors do such a poor job managing security risk and safeguarding patient's protected health information? Many critical factors come into play, say Roger Severino, ex- director of HHS OCR, and Bob Chaput, founder of security consultancy Clearwater.

Blockchain & Cryptocurrency

US DOJ: Global Darknet Sting Nabs 150 Suspects

Dan Gunderman • October 26, 2021

International law enforcement officials on Tuesday announced that some 150 suspects have been arrested globally for buying or selling illegal goods, following a 10-month sting operation, code name "Operation DarkHunTOR," targeting the dark web.

Business Continuity Management / Disaster Recovery

Groove Operators Reportedly Ask Peers to Attack US

Prajeet Nair • October 26, 2021

The operators behind Groove ransomware are calling on other extortion gangs to join forces to attack the U.S. public sector, according to chatter seen on underground forums, reports malware research organization vx-underground, citing a blog posted by the gang on a Russian site.