Cybercrime Forum Dumps Stolen Details on 5.4M Twitter Users

Mathew J. Schwartz • November 28, 2022

Information amassed on 5.4 million Twitter users by an attacker who abused one of the social network's APIs has been dumped online for free. While Twitter confirmed that breach, a researcher suggests other attackers also abused the feature to amass information for millions of other users.

Cryptocurrency Fraud

Chinese APT Using Google Drive, Dropbox to Drop Malware

Latest

Fraud Management & Cybercrime

Meta Fined by Irish Privacy Regulator for GDPR Violations

Akshaya Asokan • November 28, 2022

Facebook will pay a 265 million euro fine to the Irish data protection authority to resolve a 2021 incident when the scrapped data of 533 million users appeared online. The data contained names, phone numbers and birth dates. Facebook says it takes active measures against data scrapping.

Governance & Risk Management

Indiana Health Entity Reports Breach Involving Tracking Code

Marianne Kolbasuk McGee • November 28, 2022

An Indiana healthcare network, Community Health Network, is the latest medical entity to classify its use of online tracking code as a data breach reportable to federal regulators. It said the unauthorized access/disclosure breach affected 1.5 million individuals.

Fraud Management & Cybercrime

Greater Toronto School Offline Following 'Cyber Incident'

Mihir Bagwe • November 28, 2022

Staffers reacted with incredulity after a cyber incident at a Greater Toronto school district kept systems offline and forced teachers to take attendance manually. Online learning and student Chromebooks were not working at Durham District School Board, which serves more than 74,000 students.

Cybercrime

A Look Ahead: Lisa Sotto's Privacy, Security Outlook in 2023

Michael Novinson • November 28, 2022

A multitude of state privacy laws taking effect in 2023 has forced organizations to revamp their compliance programs to incorporate the disparate requirements, says Lisa Sotto. Companies across every industry face a threat environment that's more active and malicious than ever before.

3rd Party Risk Management

Addressing the Shortage of Medical Device Cyber Talent

Marianne Kolbasuk McGee • November 28, 2022

The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security, says Bill Aerts, senior fellow and managing director of the University of Minnesota's recently launched Center for Medical Device Cybersecurity.

Cybercrime

SharkBot Trojan Spread Via Android File Manager Apps

Prajeet Nair • November 26, 2022

The operators behind the banking Trojan SharkBot are targeting Google Play users to spread its malware masquerading as Android file manager apps that already have tens of thousands of installations, according to researchers from Bitdefender.

Business Continuity Management / Disaster Recovery

Cyber Resilience Minimizes Risks for Digital Services

Brian Pereira • November 25, 2022

Cyber resilience extends beyond cyberattacks and encompasses the convergence of security and disaster recovery and takes into account other factors such as supply chain disruption, attacks on critical infrastructure, epidemics, market fluctuations, power outages, and natural disasters.

Cybercrime

ISMG Editors: The Rise of Info Stealing Malware

Anna Delaney • November 25, 2022

In the latest weekly update, Information Security Media Group Editors discuss current cybersecurity and privacy issues, including advice on strengthening off-hours defenses during the holiday season, emerging cybercrime trends in 2022, and Palo Alto's first big M&A since early 2021.

Cybercrime

Ontario Teachers’ Data Stolen in Ransomware Attack

Mihir Bagwe • November 25, 2022

A cyberattack on a Canadian teachers’ union gave thieves access to sensitive data of more than 60,000 members The union is yet to disclose the exact number of affected individuals, but stated that both former and current members are impacted.

Cybercrime

Cyber-Mercenaries Target Android Users with Fake VPN Apps

Prajeet Nair • November 24, 2022

A hacking-for-hire group dubbed "Bahamut" is distributing malicious apps through a fake SecureVPN website that enables Android apps to be downloaded from Google Play. Research found that hackers use malicious versions of SoftVPN, SecureVPN and OpenVPN software.

Cybercrime

Ransomware Disrupts Indian Premier Hospital for 2nd Day

Mihir Bagwe • November 24, 2022

India’s premier healthcare institute is reeling from the after-effects of a ransomware attack, the hospital said in a statement. All patient care services, the admission, discharge and transfer of patients will be conducted manually until the server is restored, in accordance with AIIMS’ Standard Operating...

Blockchain & Cryptocurrency

Ransomware Group Zeppelin's Costly Encryption Mistake

Anna Delaney • November 24, 2022

The latest edition of the ISMG Security Report discusses how the profits of ransomware group Zeppelin have been smashed by security researchers, FTX again highlighting the risks of trading cryptocurrencies, and vendor Extrahop's newly appointed, high-profile president.