A bi-weekly roundup of the latest cybersecurity news and research.
Halfway down the week and once again we’ve got you covered till the weekend on the what’s and nots in the world of cybersecurity.
1. Phishing attack exposes medical information for 12,000 patients at Revere Health
It seems even post the pandemic, healthcare employees still can’t get enough attention regardless of where it comes from and this time was subjected to a phishing email attack that exposed some medical records for approximately 12,000 patients, including patients of cardiology practice in St. George, according to a press release sent out by healthcare company Revere Health on Friday.
2. Phishing campaign uses UPS.com XSS vuln to distribute malware
Being an exception may sound nice but can’t be trusted when being phished. The phishing scam was first discovered by security researcher Daniel Gallagher in which a scammer had pretended to be an email from UPS stating that a package had an “exception” and needed to be picked up by the customer.
3. Vaccination phishing scams increasing
With the surge of increase in scams it’s now Korea’s turn to buckle up. As there have been warnings about an increase in financial scams in which swindlers send text messages containing web links to fake COVID-19 vaccination certificates, with the intention to acquire passwords and other personal information of victims.
4. Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
Apparently it looks like Microsoft took the term Spilling the beans quite literally with huge data leaked including COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.
5. Web Censorship Systems Can Facilitate Massive DDoS Attacks
Looks like Censorship systems are ripe for abuse by a new type of distributed denial of service (DDoS) attack. The potential for abuse is a concerning matter. The attacks would take advantage of a type of reflection and amplification, which would be “extremely detrimental to any network” if carried out.
6. Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install Demon Ware on an organization’s network.