75,000 personal files found on second hand USBs, New malspam campaign exploits election controversy, and more

Originally published at: https://cloudsek.com/threatintel/75000-personal-files-found-on-second-hand-usbs-new-malspam-campaign-exploits-election-controversy-and-more/

Round Up of Major Breaches and Scams

Guard Cyber Team to Help Respond to Hospitals Cyberattack

Republican Gov. Phil Scott said Wednesday that he has called in the Vermont Army National Guard’s Combined Cyber Response Team to help the University of Vermont Health Network respond to last week’s cyberattack that officials said caused significant network problems affecting six hospitals in Vermont and New York. The team will work with the health network to review thousands of computers and devices and ensure they do not have malware or virus, the governor said.

Over 70,000 Personal Files Found on 100 Second-Hand USBs

Researchers have discovered tens of thousands of personal files on second-hand USB sticks they bought online, including some highly sensitive financial data. A team from Abertay University bought the thumb drives on eBay to investigate whether second-hand storage devices pose a malware threat to the buyers, or a privacy risk to the sellers. Although they didn’t find any sign of malware on the 100 purchased drives, around 75,000 files were easily recoverable using publicly available tools.

Round Up of Major Malware and Ransomware Incidents

Researchers Uncover New Malspam Campaign Exploiting Election Controversy

A new malspam campaign designed to exploit controversies surrounding the ongoing US election has been uncovered by Malwarebytes. The cybersecurity firm’s R&D team said that the campaign delivers malicious attachments through exploiting doubts about the legitimacy of the election process. This comes as results are still waiting to be confirmed in several key states amid a highly emotive and dramatic Presidential election. Controversy has centered around the huge rise in postal ballots amid the COVID-19 pandemic, leading to votes continuing to be counted beyond election day.

Alamance Skin Center reports ransomware attack

A Cone Health medical practice has been hit by a ransomware cyber attack. The Greensboro-based health system announced this week that on Oct. 21, Alamance Skin Center in Burlington was the victim of a phishing scam or brute force attack used to gain access to the system. According to Cone Health, a thorough forensic investigation concluded that no patient information was taken in the attack. However, patient data at the practice is unrecoverable.

Another Indian pharmaceutical giant reports cybersecurity breach within two weeks of ransomware hack on Dr Reddy’s

Another leading Indian pharmaceutical, Lupin, has reported a cybersecurity attack on its IT systems within two weeks of a ransomware attack on Dr Reddy’s Laboratories. “We have recently experienced an information security incident that has affected several of our internal IT systems. This has not impacted our core systems and operations,” Lupin told Hindu Business Line in a statement.

Company that runs US illegal immigration detention centers discloses ransomware attack

The GEO Group, a company known for running private prisons and illegal immigration detention centers in the US and other countries, says it suffered a ransomware attack over the summer. Personal data and health information for some inmates and residents was exposed during the incident, which took place on August 19. This includes data for inmates and employees at the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville, Pennsylvania, and a now-closed facility in California, the company told ZDNet.

Round Up of Major Vulnerabilities and Patches

BEC Scammers Exploit Flaw to Spoof Domains of Rackspace Customers

A threat actor specializing in business email compromise (BEC) attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations. UK-based cybersecurity company 7 Elements identified the vulnerability while conducting incident response activities for a customer. An analysis of the attack revealed that the hackers had sent out phishing emails by leveraging a flaw related to how Rackspace SMTP servers hosted at emailsrvr.com authorize users.

VMware finally fixed the critical CVE-2020-3992 flaw in ESXi

VMware has released new patches for ESXi after learning that a fix released in October for the critical CVE-2020-3992 flaw was incomplete. The virtualization giant VMware has released new fixes for ESXi after learning that a patch released in October for the critical CVE-2020-3992 flaw was incomplete. The CVE-2020-3992 vulnerability is a use-after-free bug issue that affects the OpenSLP service in ESXi, it could be exploited by a remote, unauthenticated attacker to execute arbitrary code in the context of the SLP daemon.

1 Like