IT Security Newsletter - 6/8/22
Data Breach at Shields Health Care Group Impacts 2 Million Patients
Shields Health Care Group has informed roughly two million individuals of a cybersecurity incident that potentially impacted their personal data. The Massachusetts-based firm provides management and imaging services to more than 50 healthcare partners and facilities throughout New England. In a data breach notice published on their website, Shields said the incident was identified on March 28, 2022, but the intrusion actually happened between March 7 and March 21. READ MORE...
Paying Ransomware Paints Bigger Bullseye on Target's Back
Ransomware attackers often strike targets twice, regardless of whether the ransom was paid. Paying ransomware attackers doesn't pay off and often paints a bigger target on a victim's back. Eighty percent of ransomware victims that paid their attackers were hit a second time by the malware scourge. New ransomware numbers come from a Cybereason's April ransomware survey of 1,456 cybersecurity professionals. READ MORE...
Multilevel Extortion: DeadBolt Ransomware Targets Internet-Facing NAS Devices
The innovative ransomware targets NAS devices, has a multitiered payment and extortion scheme as well as a flexible configuration, and takes a heavily automated approach. The DeadBolt ransomware family is targeting QNAP and Asustor network-attached storage (NAS) devices by deploying a multitiered scheme aimed at both the vendors and their victims, and offering multiple cryptocurrency payment options. READ MORE...
Hackers can take over accounts you haven't even created yet
Account hijacking has sadly become a regular, everyday occurrence. But when it comes to hijacking accounts before they are even created? That's something you'd never think possible-but it is. Two security researchers, Avinash Sudhodanan and Andrew Paverd, call this new class of attack a "pre-hijacking attack." Unfortunately, many websites and online services, including high-traffic ones, are not immune to it. READ MORE...
US: Chinese govt hackers breached telcos to snoop on network traffic
Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. As the NSA, CISA, and the FBI said in a joint cybersecurity advisory published on Tuesday, Chinese hacking groups have exploited publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks. READ MORE...
Know your enemy! Learn how cybercrime adversaries get in…
In theory, the crooks can (and do) use any and all of thousands of different attack techniques, in any combination they like. In real life, however, good risk management says that it's smart to focus on the the biggest problems first, even if they're not the most glamorous or exciting cybersecurity topics to get stuck into. So, in real life, what really works for the cybercrooks when they initiate an attack? READ MORE...
- ...in 1966, the National and American Football leagues announce that they will merge, forming the modern NFL.
- ...in 1968, James Earl Ray is arrested for the assassination of Dr. Martin Luther King, Jr.
- ...in 1968, Senator Robert F. Kennedy is buried in Arlington National Cemetery.
- ...in 1970, The Beatles final single, "The Long and Winding Road", hits #1 on Billboard's charts.