FBI is currently investigating an attack on the Houston Astros. Allegations are that the St. Louis Cardinals franchise hacked into the Houston Astros databases and stole sensitive information.
The cloud based password manager, LastPass, suffered a security breach. The CEO stated “The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
OPM reports that 4.2 million current federal employees and 10 million former federal employees and contractors have been affected by the breach. Data includes extremely personal and sensitive information. This is the second breach for OPM in the past year.
Kaspersky Lab discovered a new advanced persistent threat, Duqu 2.0. Kaspersky was a victim of this new attack, which began by exploiting a zero-day Windows vulnerability.
Eataly experienced a POS breach at its New York location. The breach affected transactions occurring in the first quarter 2015. Unlike other restaurants breaches, Eataly’s card data was intercepted in transit to the processor.
U.S. Army’s website was defaced with propaganda from the Syrian Electronic Army. Attackers gained access to the website control panel most likely via a phishing attack or brute force.
Cyber-insurer, Columbia Casualty, is suing its own client, Cottage Health, for reimbursement of payments. Columbia Casualty is now claiming that Cottage Health “failed to follow minimum required practices”.
Breach of the U.S. Office of Personnel Management systems may have exposed personally identifiable information of 4 million current and former government employees.
1.1 million individuals affected in the recent database breach of BlueCross Blue Shield. Details on the methods used by the attackers have not been released. Data included user names, names, birth dates, email addresses and subscriber identification numbers.
40,000 small office/home office routers have been infected with malware in the form of botnets. The botnets now are used for DDoS attacks. The routers were infected using default administrative login credentials that were never changed.
Penn State University is the latest victim of cyberattacks. The cyberattacks have been going on for at least two years and have targeted the College of Engineering. Investigations are still underway, but they have concluded that usernames and passwords have been compromised. Research universities have become a target due to the sensitive information and intellectual property they hold.
MasterCard and Target have reached an agreement that Target will reimburse MasterCard $19 million. Banking institutions attempted to block this settlement; however, that motion has been denied. May 20th is the deadline for card issuers to agree to the payout.
A class action lawsuit against eBay has been dismissed due to lack of evidence proving “economic damages” and “actual identity theft”. The breach included ebay users’ encrypted passwords, names, email addresses, mailing address, phone numbers and dates of birth.
Sally Beauty Supply is currently investigating a new data breach. Could this be the same malware that caused the first data breach in 2014 or is this a new incident?
Partners HealthCare fell victim to a phishing scam that allowed attackers access to email accounts that contained sensitive patient information.
POS Malware Victim: Compass Group
NEXTEP POS devices have suffered a second breach, this time with POS kiosks utilized by the Compass Group. The Compass Group provides food for organizations such as IBM, District of Columbia Public Schools and the Academy Awards. Malware was installed on NEXTEP self-serve payment kiosks. The Compass Group is reporting 70,000 consumers may have been affected.
Surely we still cannot be falling victim to phishing emails! If you look at the latest breaches in the health care industry, you will quickly see that this is exactly what is happening. In the breach aftermath, most of these breaches are deemed as “sophisticated attacks,” but we can’t possibly be categorizing phishing as “sophisticated” now, right?