Search This Blog

Showing posts with label Personal Details. Show all posts

Microsoft Issues Alert Over Rise in Advanced Phishing Scams

Microsoft has issued a warning regarding a surge in sophisticated phishing scams targeting individuals and organizations. These scams employ advanced tactics to deceive users and steal sensitive information. With an increasing number of people falling victim to such attacks, it is crucial to stay vigilant and implement necessary precautions.

Phishing scams involve cybercriminals impersonating trusted entities to trick individuals into revealing personal information, such as passwords, credit card details, or social security numbers. The scams typically rely on social engineering techniques and fraudulent emails or messages designed to appear legitimate.

According to Microsoft, the new wave of phishing scams has become more sophisticated and harder to detect. Attackers are utilizing residential internet protocol (IP) addresses instead of traditional data center IPs to evade detection by security systems. By operating through residential IPs, scammers can bypass security filters that typically flag suspicious activity from data center IPs.

These phishing campaigns often target high-value individuals, such as company executives or employees with access to sensitive data. Scammers employ persuasive language, urgency, and personalized information to deceive their targets and convince them to take action, such as clicking on malicious links or providing confidential information.

To protect against these sophisticated phishing attacks, Microsoft advises individuals and organizations to implement multi-factor authentication (MFA). By enabling MFA, users must provide additional verification, such as a unique code sent to their mobile device, in addition to their password. This adds an extra layer of security and makes it significantly harder for attackers to gain unauthorized access.

Furthermore, individuals should remain cautious when interacting with emails or messages, especially those that request sensitive information or seem suspicious. It is essential to scrutinize sender addresses, look for signs of grammatical errors or inconsistencies, and avoid clicking on links or downloading attachments from unknown sources.

Organizations must prioritize cybersecurity awareness training for employees to educate them about the latest phishing techniques and the potential risks they pose. Regular training sessions and simulated phishing exercises can help individuals develop a strong sense of skepticism and recognize the warning signs of a phishing attempt.

Bjorka Hunt: Indonesian Parliament Passes Personal Data Protection Bill

After a series of data leaks pertaining to 1.3 billion registered phone numbers and 105 million voters and confidential official records of the President’s correspondence, Indonesia's newly established data protection task force is chasing down a hacker dubbed 'Bjorka'.  
Bjorka claims to be based in Warsaw, Poland and has been stealing and selling data that included information pertaining to state-owned enterprises, mobile phone operators, and the general election commission. The stolen data was found to be sold on a BreachForums for the past few weeks. The hacker has also leaked confidential logs of incoming and outgoing documents between Indonesia's President Joko Widodo and the State Intelligence Agency.  
The hacker has been tweeting for the past weeks with regards to the leaks, he boldly made statements like “stop being an idiot” directed towards the government. The day after a senior informatics applications official appealed to Bjorka to stop leaking the country’s personal data, at a press conference on September 5th. Bjorka also mentioned in another tweet about how easy it is “to get into various data protection policy [...] primarily if it is managed by the government.” 
In the wake of the incident, at least three of Bjorka’s Twitter accounts have been suspended by the government. 
Bjorka’s Hunt initiated by the data protection task force has led to the arrest of a man in Madiun, East Java who is believed to be Bjorka. The 21-year-old man, going by the initials MAH, is being interrogated by the force, though he has not been formally charged with any criminal offense as of yet. Currently, the real identity of Bjorka remains unknown as there is no credible information regarding his whereabouts.
Chief executive of Jakarta-based Digital Forensic Indonesia, Mr. Ruby stated that instead of focusing only on the latest data breach, the task force should also investigate similar leaks and related cases since 2019.  It will allow the lessons from past cases to prevent any such incidents that may happen in the future. 
“It’s better for the task force to improve data management. Relevant institutions just denied data leaks in the past few years and did not enhance their data protection and therefore, there have been recurring data leaks,” states Mr. Alfons Tanujaya, IT security specialist at Vaksincom. 

With regard to the recent surge in data breaches and particularly the aforementioned case, the Indonesian Parliament passed the Personal Data Protection Bill on Tuesday. The Communications minister Johnny G Plate stated that the bill “marks a new era in the management of personal data in Indonesia, especially on the digital front.” The bill includes corporate fines and up to six-year imprisonment for those who are found to have mishandled data for breaching rules on distributing or gathering personal data.

Neuro Practice Says 363,000 Users' Personal Info Leaked

About the leak

An Indiana neurology practice is informing around 363,000 people that their personal data was leaked in a recent ransomware attack and that a few of it was posted on the dark web.

The practice doesn't know which ransomware group or data leak site, however, the Russian ransomware group Hive - which was the topic of a recent federal advisor for the healthcare industry- is hinted at in the attack. Hive has been wildly attacking the U.S healthcare sector. 

What do experts have to say?

Nerve and gray matter experts Goodman Campbell Brain and Spine, in a data breach report to the attorney general of Maine in July, said a "sophisticated" ransomware attack that compromised its computer network and communications system- which includes phones and e-mails, compromised employees and patients data. 

"A healthcare entity informing individuals in a breach notification letter or statement that their information has been potentially listed on the dark web is a highly uncommon level of transparency," reports Bank Info Security. 

How did Practice combat the issue?

Once the attack was discovered on May 20, the practice took immediate steps to safeguard its systems and did a forensic analysis and incident response firm. Goodman Campbell also notified the FBI. An inquiry into the case revealed that a malicious third party had acquired info from the practice's systems.

However, the hacker didn't access the electronic medical record system, but accessed patient info and records in other locations in the internal networks, like appointment schedules, insurance eligibility documentation, and referral forms. 

Info compromised in the attack includes date of birth, names, telephone number, address, e-mail IDs, medical record number, patient account number, physician name, dates of service, diagnosis and treatment information, insurance info, and social security numbers. 

"While we have no indication that the information of any impacted individuals has been used inappropriately as a result of this incident, we do know that some information acquired by the attacker was made available for approximately 10 days on the dark web," says the practice notification. 

Cyberattack in New York City, Sensitive Data of 820,000 Students was Exposed

After a digital education network used by dozens of city schools revealed hackers acquired access to confidential information of 820,000 present and former classmates during a January breach, the mayor of New York City and several education officials expressed strong outrage. 

The incident occurred in January, according to the city's Department of Education, when an internet grading system and attendance system utilized by many public schools was hijacked. 

Hackers might have gotten names, nationalities, birthdays, first languages, and student ID numbers from those platforms, as well as sensitive data including whether children used special education or free lunch programs.

The hack affected both present and former public school pupils dating back to the 2016-17 scholastic year. 

Officials from the California-based firm behind the system, Illuminate Education, have lambasted it for allegedly falsifying its cybersecurity measures. The corporation hasn't said what, if anything, was done with the information. The Department of Education has requested the NYPD, FBI, and state attorney general examine the incident. 

The regional director of K12 Security Information Exchange, Doug Levin, told the New York Daily News, "It can't remember of another school system which has had a student data leak of magnitude originating from one occurrence." 

The DOE said it will work with Illuminate in the coming weeks to send individualized letters to the families of each of the roughly 820,000 kids affected by the hack, detailing what data was exposed. According to school officials, Illuminate will likely fund a credit-monitoring program for affected kids, and will now be vulnerable to identity theft.

Chancellor of the New York City Schools, David Banks, has asked for a probe of Illuminate Education's cybersecurity safeguards, pushing the state's education agency to inquire into it.

Morley Businesses Provider Uncovered a Ransomware Attack


Morley, a business services company revealed this week , it had been the target of a ransomware assault which could have exposed the personal information of over 500,000 people. The incident was found in August 2021 when it observed certain files had become unavailable owing to a ransomware attack.

Morley Companies, Inc., based in Saginaw, Michigan, provides business operations to Fortune 500 and Global 100 companies, such as session management, back-office procedures, contact centers, and trade show showcases and displays. 

According to an investigation, for all individuals affected, Morley will cover the expenses of 2 years of IDX identity protection. Those who are affected will be alerted and given instructions on how to join IDX's program. The intruders may have had access to user and staff data, including confidential and sensitive health information. To be precise, the hack exposed the personal information of 521,046 people in total. The company did not explain why it took about 6 months after discovering the breach to begin alerting victims in its letters to victims. 

Morley's security incident notification noted, "As a result, Morley realized the data may have been stolen from its digital environment." "Morley then started collecting personal information needed to notify possibly affected persons, which he finished in early 2022." 

In order to determine why the files weren't accessible anymore, Morley said it had to engage a cybersecurity specialist. When the root of the incident was uncovered, which was revealed to have been a ransomware epidemic, the company engaged the assistance of local experts to analyze the information and identify all those who had been impacted. 

Although this looks to be optimistic, the cyber-intelligence platform claims to have only recently uncovered Morley's data on the dark web. This is often a caution, the data will be used in future attacks by other threat actors, such as specific phishing.

A Data Breach To An AWS Portal Glitch By Ravkoo, A US-based Online Pharmacy


Ravkoo, an online prescription filling service, suffered a data breach, exposing health and other sensitive information. The company's prescription interface is hosted by Amazon Web Services (AWS). 

A security incident occurred in a specific instance that saved prescription information, allowing the information to be easily accessed. The unauthorized access occurred in September 2021, and the Ravkoo security team discovered it in October of that year. 

On January 3rd, 2022, around 150,000 potentially affected customers received breach notification letters. Ravkoo has discovered no cause to assume the exposed data was spreading or being utilized for nefarious activities at the time of writing their public statement, but that could change. The FBI and other authorities have been notified, and they are working with Ravkoo to investigate the situation further to determine who may be responsible. 

"Ravkoo has no indication that any of your personal information has been or will be exploited as a result of this occurrence at this time. Nonetheless, out of an abundance of caution, Ravkoo chose to alert you about this incident," according to Alpesh Patel, the online pharmacy's CEO, because it hasn't received any reports of identity theft relating to the data breach since September 27, the date of the incident. Ravkoo also claims to have reported the event to the appropriate authorities and to be working with forensic experts to examine the issue and improve its security posture. The hacker also provided records of 340,000 prescriptions written by Ravkoo between November 3, 2020, and September 11, 2021, totaling $8.5 million in medicine prices, according to Micah Lee of The Intercept. 

Ravkoo's identity monitoring services are available to users who may have been affected by the breach. The scope of the exposed data has not been released, however, the concerned parties should report any unlawful activity they see. Health information can be sold and exploited to commit medical identity theft, as we discussed earlier this week. For those who have their information utilized unlawfully, this might result in a variety of problems. Following an occurrence like this, it's critical to remain vigilant.

British Classified Ad Site Gumtree Exposed Users’ Private and GPS Location in Data Breach


A UK-based classified site and used goods marketplace, Gumtree, leaked personally identifiable information (PII) of its users' in the source code of its webpages. 

Alan Monie, a security researcher from British company Pen Test Partners (PTP) discovered the data leak, which meant anyone could access Gumtree user's name email address, account registration date, account type, and location (either postcode or GPS coordinates) by just pressing F12 in their web browser. 

In a normal circumstance, when F12 is pressed in Firefox and Chrome browsers, it opens the "view page source" developer tools screen which allows the user to view the source code of the website, analyze network requests, and monitor error messages of the website. It is considered a primary security measure to make sensitive data inaccessible when using a website, even if you view its source code.

"The site was super leaky. Every advert on the site included the seller's postcode or GPS coordinates – even if the seller requested the map of their location to be hidden. It leaked the sellers' email address, and their full name was available via a simple IDOR vulnerability," explained a report by Monie.

Gumtree is one of the top 30 websites in the UK, with 14.8 million monthly unique visitors, according to a traffic audit in 2010. As such, this leak may have impacted a large number of advertisers on the site.

The consequences of having this type of information exposed are serious, as the compromised users could become victims of phishing or social engineering assaults that use this information to try and harvest more private details.

Additionally, the firm uncovered an insecure direct object reference vulnerability (IDOR) affecting one of Gumtree's APIs, used to power its iOS app. The IDOR allowed users' full names to be read off at will and didn't require any verification.

Upon discovering the security loophole on November 11, 2021, Monie reported Gumtree of the issue, which partially addressed the incident on November 16, 2021. After multiple additional messages by the researcher, the platform fixed all the issues on December 06, 2021. 

"We were made aware by a user of a security issue affecting our website source code in November 2021. This was resolved within hours of it being brought to our attention. After becoming aware of the above, we were subsequently notified of a further issue with our API for iOS devices. This has also been resolved,” Gumtree explained.