Tonya Riley – Page 31 – WindowsTechs.com

Accellion breach exposed data from patients at major Michigan hospital system

Posted on August 31, 2021 by Tonya Riley

A major Michigan hospital system on Friday notified roughly 1,500 patients that their information may have been exposed as a result of a hack against file-sharing service Accellion. The law firm Goodwin Proctor notified Beaumont Health in February that patient data shared by the hospital with legal counsel may have been entangled in the wide-reaching hack through the firm’s use of Accellion. Beaumonth Health is a network of health facilities that reported $4.58 billion in total revenue for 2020. A follow-up investigation by Beaumont found that impacted patient health data included patient name, procedure name, physician name, internal medical record number and dates of service. No patient financial information was impacted, the hospital stated in a press release. Beaumont Health joins a list of at least 11 healthcare organizations that were affected by a December breach of the file sharing service Accellion. Two of the victims, Kroger Pharmacy and healthcare insurer […]

The post Accellion breach exposed data from patients at major Michigan hospital system appeared first on CyberScoop.

Continue reading Accellion breach exposed data from patients at major Michigan hospital system→

DHS urges Microsoft customers to update Azure to avoid security flaw

Posted on August 30, 2021 by Tonya Riley

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is urging Microsoft cloud customers to reset their security keys in light of a recent vulnerability that may have exposed customer data. The flaw, discovered by researchers at Wiz, would have allowed any customer using Microsoft’s Azure Cosmos database to read, write and delete another user’s information without authorization. Cosmos DB is used by thousands of organizations, including Coca-Cola, Exxon Mobil and a number of other Fortune 500 companies. “Although the misconfiguration appears to have been fixed within the Azure cloud, CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate keys and to review Microsoft’s guidance on how to secure access to data in Azure Cosmos DB,” CISA wrote in an alert Friday. Microsoft reported in a blog Friday that it contacted customers who had the Azur Cosmos feature that contained the vulnerability activated during the […]

The post DHS urges Microsoft customers to update Azure to avoid security flaw appeared first on CyberScoop.

Continue reading DHS urges Microsoft customers to update Azure to avoid security flaw→

Justice Department adds fellowship program to boost legal efforts against cybercrime

Posted on August 27, 2021 by Tonya Riley

The Justice Department is launching a fellowship program designed to develop legal talent to deal with the increasing cyber threats to national security. “As we have witnessed this past year, cyber threats pose a significant and increasing risk to our national security, our economic security, and our personal security,” Deputy Attorney General Lisa Monaco said in a statement. “We need to develop the next generation of prosecutors with the training and experience necessary to combat the next generation of cyber threats.” The fellowship is the next step in the Justice Department’s efforts to ramp up U.S. legal action against cybersecurity threats. Monaco in June issued a memo to U.S. prosecutors throughout the nation requiring them to notify department officials of urgent ransomware reports. The agency also launched a four-month review in May of its cybersecurity strategy in light of recent hacking campaigns by foreign adversaries, including Russia and China, as […]

The post Justice Department adds fellowship program to boost legal efforts against cybercrime appeared first on CyberScoop.

Continue reading Justice Department adds fellowship program to boost legal efforts against cybercrime→

Microsoft Azure vulnerability exposed thousands of cloud databases

Posted on August 27, 2021 by Tonya Riley

Microsoft is warning customers of its Azure cloud platform about a software vulnerability that exposed data belonging to thousands of clients for roughly two years. The flaw would have allowed any Azure Cosmos DB user to read, write and delete another customer’s information without authorization, researchers found. Cosmos DB is used by thousands of organizations, including Coca Cola, Exxon Mobil and a number of other Fortune 500 companies. Microsoft has since resolved the issue, the company said. “We fixed this issue immediately to keep our customers safe and protected,” a Microsoft spokesperson told CyberScoop. There was no evidence that hackers or any other outsider exploited the vulnerability to access customer data, according to the company. Reuters first reported on the vulnerability, which was discovered by Wiz research team. Microsoft fixed the vulnerability within 48 hours of its disclosure on August 12, but that the vulnerability had been exploitable since mid-2019, […]

The post Microsoft Azure vulnerability exposed thousands of cloud databases appeared first on CyberScoop.

Continue reading Microsoft Azure vulnerability exposed thousands of cloud databases→

Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack

Posted on August 26, 2021 by Tonya Riley

Poly Network has completely recovered all $610 million worth of user assets stolen by a hacker earlier this month, the company announced Thursday. In an unusual twist, the hacker returned roughly half of the assets within the first 24 hours and the rest later. The hacker had exploited a vulnerability in the company’s system that allows different chains of cryptocurrency to communicate. The hacker has claimed that he hacked the company “for fun” and had never intended to keep the money. “That’s always the plan! I am _not_ very interested in money!” he wrote in a message alongside the online transactions. “I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?” The company offered the hacker a $500,000 bug bounty for finding the vulnerability as well as a role as its chief security officer, both of which he declined. The company said that it […]

The post Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack appeared first on CyberScoop.

Continue reading Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack→

FCC proposes record $5 million robocall fine for voter suppression scam

Posted on August 25, 2021 by Tonya Riley

The Federal Communications Commission Tuesday proposed a roughly $5.1 million fine against right wing operatives John Burkman and Jacob Wohl, as well as Burkman’s lobbying firm, for hundreds of robocalls ahead of the 2020 election in which they allegedly used false claims to discourage Americans from voting by mail. The pair, both vocal supporters of former president Donald Trump, allegedly violated federal law that prohibits making pre-recorded calls to a wireless phone without user consent. The FCC found that between late August and early September last year the pair sent robocalls to over 1,000 individuals claiming that if they vote by mail, their information “will be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts.” The call, which encouraged voters to “stay home safe” also falsely claimed that the data would […]

The post FCC proposes record $5 million robocall fine for voter suppression scam appeared first on CyberScoop.

Continue reading FCC proposes record $5 million robocall fine for voter suppression scam→

Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says

Posted on August 24, 2021 by Tonya Riley

Government hackers used NSO Group surveillance technology to infiltrate the phones of nine Bahraini activists, according to a new report from Citizen Lab. The victims included a blogger, activist, members of political organization Waad and members of the Bahrain Center for Human Rights. Five of the targets identified by Citizen Lab, an internet watchdog from from the University of Toronto, were listed on a list of individuals obtained by Amnesty International as a part of its “Pegasus Project” investigation. The list is believed to comprise potential targets of NSO Group’s customers. Hackers used fake texts that linked out to malicious software as well as “zero-click” attacks, which do not require any user interaction. Researchers found that attackers successfully exploited the most recent versions of Apple iOS, circumventing protections introduced by the company in January to protect users against such attacks. Amnesty Tech has also reported zero-click exploits successfully exploiting iOS […]

The post Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says appeared first on CyberScoop.

Continue reading Bahrain hacked activists’ iPhones with NSO Group spyware, Citizen Lab says→

Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks

Posted on August 23, 2021 by Tonya Riley

A fresh wave of attacks against Microsoft Exchange has government cybersecurity officials on guard for a possible repeat of the chaos hackers rendered earlier this year by exploiting a different vulnerabilities in the popular workplace mail server. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an urgent warning Saturday that cybercriminals are actively exploiting months-old vulnerabilities in Microsoft’s ProxyShell. CISA recommended that customers update their systems using software patches that Microsoft released in May to address the vulnerabilities. National Security Agency Cybersecurity Director Rob Joyce also urged companies to patch against the vulnerabilities. Huntress Labs first reported the surge in attacks against unpatched Microsoft Exchange servers on Friday. Targeted organizations include “seafood processors, industrial machinery, auto repair shops, a small residential airport and more,” Huntress Labs CEO Kyle Hanslovan tweeted. As of Sunday, the firm reported 164 total compromised servers. The trio of vulnerabilities can be used to […]

The post Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks appeared first on CyberScoop.

Continue reading Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks→

T-Mobile breach climbs to over 50 million people

Posted on August 20, 2021 by Tonya Riley

T-Mobile on Friday announced roughly 6 million additional accounts had data was swiped in a recent hack, bringing the total number of victims of the breach to over approximately 55 million individuals. The revelations come as lawmakers have ramped up scrutiny of the company. An additional 5.3 million subscriber accounts had addresses, names, dates of birth, and phone numbers accessed, T-Mobile said. The company also found that the data of 667,000 more accounts of former T-Mobile customers, including their names, phone numbers, addresses and dates of birth, had been accessed Unlike the first set of customers identified by T-Mobile on Wednesday, none of these additional accounts had their Social Security Numbers or ID information compromised, the company said. The new findings also reveal that phone data, IMEI and IMSIs were also accessed. IMEIs, which are often used for advertising purposes, are a unique fingerprint for a device that cannot be […]

The post T-Mobile breach climbs to over 50 million people appeared first on CyberScoop.

Continue reading T-Mobile breach climbs to over 50 million people→