Round Up of Major Breaches and Scams
A hacker attack against an upstate New York county’s computer system raised concern that some emailed absentee ballot applications may not be processed, but the state Board of Elections said voting won’t be affected overall. The cyber attack on Oct. 18 encrypted about 200 computers operated by Chenango County and hackers demanded ransom of $450 per computer to unlock the files, Herman Ericksen, the county’s information technology director, said Monday. “We are not paying the ransom,” he said.
Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies. The company has sent out an email announcement to affected customers following the incident. Over the weekend, reports emerged on Twitter of multiple Amazon customers perplexed by the email alerts being sent out by the company describing the data leak.
Immigration law firm Fragomen has disclosed a data breach that exposed current and former Google employees’ personal information. Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP, one of the most prominent US law firms covering immigration law, disclosed a data breach. The security breach exposed current and former Google employees’ personal information after an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services.
Details of bank vault floor plans, alarm systems and the security arrangements for Swedish authorities have been leaked online after a security company was hacked, local media reported Tuesday. A total of 19 gigabytes of information and around 38,000 files were stolen from security group Gunnebo by one or more hackers in August, according to newspaper Dagens Nyheter. “It’s of course unfortunate that we’ve had a theft of data,” Gunnebo CEO Stefan Syren was quoted as telling the paper.
Strider Technologies, a company that provides solutions for combating cyber-espionage, on Tuesday announced that it raised $10 million in Series A funding. To date, the startup has raised $12 million. Founded in May 2019, the Washington DC-based security firm provides organizations with tools designed to keep their intellectual property and personnel secure from cyber-espionage, including the activities of nation-states.
A threat actor has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance. A hacker has stolen approximately $24 million worth of cryptocurrency assets from decentralized finance service Harvest Finance, a web portal that lets users finding the farming opportunities that will maximize their yield (APY) returns. The hack took place earlier today and was almost immediately confirmed by Harvest Finance administrators in messages posted on the company’s Twitter account and Discord channel.
Round Up of Major Malware and Ransomware Incidents
Finnish police announced on Thursday that the personal data of tens of thousands of citizens had been compromised in a data breach of one of the country’s largest psychotherapy centers. The hackers are now demanding 450,000 euros (~$530,000) in Bitcoin in exchange for not publishing the data, which according to Finnish National Broadcaster YLE, consists of patient names, telephone numbers, email addresses, and social security numbers, as well as sensitive mental health information, including notes from therapy sessions.
The NetWalker Ransomware Group gives the Enel Group seven days to pay the ransom and get back 4.54 TB of data stolen during the cyber attack last June. In a note released in the hours following the June 7 cyber attack, the multinational said it had managed to isolate its corporate network and block the threat before the ransomware spread.
Red Canary has announced the launch of Red Canary Cloud Workload Protection, a cloud workload protection (CWP) solution that provides visibility and threat detection for security and DevOps teams. This new solution is purpose-built for cloud Linux workloads, focuses on runtime threat protection and response, and integrates seamlessly into DevOps workflows without sacrificing system performance and reliability.
Round Up of Major Vulnerabilities and Patches
Researchers have discovered a raft of malicious gaming apps on Google Play that come loaded with adware, signaling that the tech giant continues to struggle with keeping bad apps off its online marketplace. Twenty-one gaming ads discovered on Google packed with adware from the HiddenAds family were downloaded about 8 million times so far, according to new research Avast, which cited statistics from SensorTower on the number of downloads.
Researchers say they’ve uncovered a series of potentially serious vulnerabilities in devices made by online privacy firm Winston Privacy. The vendor has released patches that are automatically being sent to devices. Winston Privacy provides a hardware-based service designed to boost online privacy and security. The company says it can block online surveillance, accelerate browsing, and block ads and trackers, and it also advertises its services as an alternative to traditional VPNs.