04-Apr-24: In Security News Today

US Cancer Center Data Breach Exposes Info of 827,000 Patients

City of Hope, a cancer treatment and research center, reported a data breach that compromised the sensitive information of over 820,000 patients. The breach occurred between September and October last year, with unauthorized access leading to the exposure of patient data such as full names. City of Hope launched an investigation with a cybersecurity firm to address the incident and mitigate any disruptions.

Major data leak hits 700,000 Estonians

In Estonia, a breach of the Apotheca pharmacy chain’s system led to the leak of personal data for nearly half the nation’s population, involving loyalty card holders across several associated stores. The incident exposed various personal details but not prescription medicine, banking information, or passwords. Authorities highlighted a lack of adequate security measures by Allium UPI, the managing company, and are conducting an international investigation while the company has pledged to improve security protocols.

Highly Sensitive Files Mysteriously Disappeared From Europol Headquarters

Highly sensitive files containing personal information of top Europol executives mysteriously disappeared from a secure storage room at EUROPOL’s headquarters in The Hague, leading to a serious security breach. The European police agency launched an investigation into the incident, which involved missing personal files of staff members, including those of Europol’s Executive Director and deputy directors. The discovery of some of the files in a public place in The Hague raised concerns about the potential risks to the impacted individuals and the agency’s operations, with speculation that the breach could be linked to internal conflicts within the organization.

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

A phishing campaign targeting the oil and gas sector is utilizing an updated version of the Rhadamanthys malware to steal sensitive data. The campaign involves phishing emails with a unique lure and a spoofed PDF from the Federal Bureau of Transportation. The malware, written in C++, establishes connections with a command-and-control server to harvest data, showcasing an evolution in tactics by threat actors.

Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

A group of Vietnamese hackers, known as CoralRaider, has been targeting victims in various Asian countries since May 2023 to steal financial data, credentials, and social media accounts using malware like RotBot and XClient. The attackers use a combination of remote access trojans and information stealers to carry out their operations, focusing on business and advertisement accounts for monetization. The hackers operate from Vietnam and utilize Telegram to exfiltrate stolen information, which is then traded in underground markets for profit.

Hoya Corp’s Optics Production And Orders Disrupted by Cyberattack

Hoya Corporation, a major global manufacturer of optical products, experienced a cyberattack causing servers at some production plants and business divisions to go offline. The incident, believed to be caused by unauthorized access by a third party, impacted production lines and ordering systems. Hoya is working with forensic investigators to assess the breach and restore systems, while also investigating the potential exposure of confidential or personal information.

Visa Warns of New JSOutProx Malware Variant Targeting Financial Orgs

Visa has issued a security alert regarding a new version of the JSOutProx malware targeting financial institutions in South and Southeast Asia, the Middle East, and Africa. The malware is a remote access trojan that allows attackers to run shell commands, download additional payloads, capture screenshots, and control the infected device’s keyboard and mouse. The phishing campaign distributing this malware involves sending fabricated financial notifications via email, with malicious payloads hosted on GitLab repositories.

Thousands of Australian Businesses Targeted With ‘Reliable’ Agent Tesla RAT

Over 11,000 Australian companies were targeted by a phishing campaign distributing Agent Tesla, a decade-old yet potent malware. The campaign utilized emails with malicious attachments to compromise systems, exploiting Agent Tesla’s capabilities for data theft and exfiltration. Researchers from Check Point Software detailed the operation, emphasizing the malware’s adaptation to include modern communication platforms for easier control by cybercriminals.

SurveyLama Data Breach Impacts 4.4 Million Users

A data breach at SurveyLama exposed PII of 4.4 million users, including email addresses, phone numbers, and hashed passwords. Troy Hunt of Have I Been Pwned alerted SurveyLama and users were advised to reset passwords and practice online safety measures. Cybersecurity tips include monitoring accounts, limiting shared information, using security solutions, and staying informed about data breaches with tools like Bitdefender Digital Identity Protection.

Leicester Council Confirms Confidential Documents Leaked in Ransomware Attack

Leicester City Council confirmed a cyber incident where a ransomware group, Inc Ransom, leaked 25 documents including sensitive information like rent statements and passport details. The council is working to contact affected individuals and warned of potential phishing attacks. Inc Ransom is known for targeting government and healthcare organizations, using double-extortion techniques to pressure victims for ransom payments.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.