Ignorance is not always bliss, especially when it comes to data security. A healthcare and retail giant in the U.S. left a billion user records unsecured with no authentication in place to prevent unauthorized access. In other news, a ransomware gang compromised the website of a CCTV camera dealer. A note of caution: scammers are getting ready to capitalize on the online shopping season. Without further ado, let’s read through the key cybersecurity highlights from the past 24 hours.
- CVS Health leaked gobs of personal and medical data of visitors and patients via a misconfigured 204GB database, exposing users to social engineering attacks.
- UNC2465, an affiliate of the DarkSide gang, launched a supply chain attack against a CCTV vendor. Hackers reportedly implanted malicious code in a Windows application.
- An unprecedented wave of cyberattacks hit institutions and individuals in Poland. This follows the breach of the private email account of the head of the Prime Minister’s office.
- Cyberespionage campaigns sprawling across several years were linked to the Chinese military group PLA Unit 69010. Dubbed RedFoxtrot, the threat actor focused on gathering military intelligence from various countries.
- A ransomware attack caused system failure at Stillwater Medical Center, Oklahoma, leading to the cancelation of multiple patient appointments.
- U.K legal firm Gateley suffered a cyberattack that forced authorities to bring some systems offline to prevent the infection from spreading further.
- Experts uncovered a new phishing campaign wherein actors abuse Google Docs to deliver malicious links aimed at stealing victims’ credentials.
- In anticipation of Amazon Prime Day, cybercriminals created thousands of malicious domains to conduct phishing scams against online shoppers.
- Threat actors were found mailing fake replacement devices to Ledger customers to steal from their cryptocurrency wallets. The data of 272,853 people who purchased a Ledger device was exposed in a December breach.
- Industrial cybersecurity firm Claroty raised $140 million in Series D funding co-led by Bessemer Venture Partners’ Century II fund and 40 North, with others joining the round.