Cybersecurity News

Cybersecurity Roundup, June 18, 2021

Ignorance is not always bliss, especially when it comes to data security. A healthcare and retail giant in the U.S. left a billion user records unsecured with no authentication in place to prevent unauthorized access. In other news, a ransomware gang compromised the website of a CCTV camera dealer. A note of caution: scammers are getting ready to capitalize on the online shopping season. Without further ado, let’s read through the key cybersecurity highlights from the past 24 hours.

  1. CVS Health leaked gobs of personal and medical data of visitors and patients via a misconfigured 204GB database, exposing users to social engineering attacks. 
  2. UNC2465, an affiliate of the DarkSide gang, launched a supply chain attack against a CCTV vendor. Hackers reportedly implanted malicious code in a Windows application.
  3. An unprecedented wave of cyberattacks hit institutions and individuals in Poland. This follows the breach of the private email account of the head of the Prime Minister’s office.
  4. Cyberespionage campaigns sprawling across several years were linked to the Chinese military group PLA Unit 69010. Dubbed RedFoxtrot, the threat actor focused on gathering military intelligence from various countries.
  5. ransomware attack caused system failure at Stillwater Medical CenterOklahoma,  leading to the cancelation of multiple patient appointments.
  6. firm Gateley suffered a cyberattack that forced authorities to bring some systems offline to prevent the infection from spreading further.
  7. Experts uncovered a new phishing campaign wherein actors abuse Google Docs to deliver malicious links aimed at stealing victims’ credentials.
  8. In anticipation of Amazon Prime Day, cybercriminals created thousands of malicious domains to conduct phishing scams against online shoppers.
  9. Threat actors were found mailing fake replacement devices to Ledger customers to steal from their cryptocurrency wallets. The data of 272,853 people who purchased a Ledger device was exposed in a December breach.
  10. Industrial cybersecurity firm Claroty raised $140 million in Series D funding co-led by Bessemer Venture Partners’ Century II fund and 40 North, with others joining the round.

Leave a Reply

Your email address will not be published. Required fields are marked *