09-Apr-24: In Security News Today

Banking Giant Wells Fargo Suffers Data Breach

Wells Fargo experienced a data breach affecting customer names and mortgage account numbers, with unclear details on the breach’s timing or duration. The bank responded promptly, taking undisclosed actions against an implicated employee and enhancing monitoring and security measures to prevent future incidents. This event adds to the growing list of cybersecurity issues facing major US banks.

Ransomware Gang Stole the Health Data of 533,000 People

A ransomware gang breached the network of Group Health Cooperative of South Central Wisconsin (GHC-SCW) in January, stealing personal and medical information of over 500,000 individuals. The attackers were unable to encrypt the compromised devices, allowing GHC-SCW to secure its systems with the help of cyber incident response experts. The BlackSuit ransomware gang claimed responsibility for the attack, which included stolen health data, financial information, and business contracts.

DOJ-Collected Information Exposed in Data Breach Affecting 340,000

Greylock McKinnon Associates, Inc. reported a breach compromising personal and Medicare information of over 340,000 individuals, originally collected for the US Department of Justice for a civil litigation matter. The breach, detected in May 2023, took months to assess, leading to the offer of credit monitoring services for affected individuals. This incident underscores the significant impact of data breaches on privacy and the lengthy process of incident response and notification.

Change Healthcare Hit By Cyber Extortion Again

Change Healthcare, a UnitedHealth Group subsidiary, faces renewed extortion from cybercriminals just a month after paying a ransom to prevent data release from a February 2024 ransomware attack by the ALPHV/BlackCat gang. The new RansomHub group, possibly with former BlackCat affiliates, threatens to expose stolen data unless another ransom is paid. Cybersecurity experts warn of the risks of double extortion schemes and emphasize that paying a ransom does not guarantee decryption or system access restoration.

Cyberattack Disrupts Targus Business Operations

Targus, laptop and mobile accessories firm, experienced a cyberattack disrupting operations, following unauthorized access to its file systems on April 5th, 2024. The company, backed by B. Riley Financial, responded with immediate containment and recovery efforts, indicating the incident should not materially affect its financial outlook. The breach’s specifics, including the perpetrator, remain unclear, highlighting the ongoing challenges businesses face in cybersecurity management.

Canadian Online Vehicle Dealer EBlock Hit By Cyberattack

EBlock, a Canadian online vehicle auction company, experienced a cyberattack affecting its ABS Auto Auctions infrastructure, compromising personal data including social security numbers and bank details. The company responded by securing the compromised systems and launching an investigation, while also offering affected customers a year of free identity monitoring services. This incident highlights the vulnerability of digital platforms to unauthorized access and the importance of robust cybersecurity measures.

Over 90,000 LG Smart TVs May Be Exposed to Remote Attacks

Bitdefender researchers discovered four vulnerabilities in LG Smart TVs running WebOS, allowing unauthorized access and control, including authorization bypasses and command injections. Over 90,000 exposed devices were found vulnerable to these flaws. LG released security updates in March 2024, urging users to apply them to prevent potential remote attacks and protect against exploitation for malicious activities like DDoS attacks or cryptomining.

92,000 D-Link NAS Devices Open to Critical Command-Injection Bug

A critical flaw in end-of-life models of D-Link NAS devices allows attackers to backdoor the devices and access sensitive information. More than 92,000 devices connected to the Internet are affected by the flaw, which involves a backdoor and command injection leading to remote code execution. With no patch available, D-Link advises users to retire and replace the affected devices immediately to prevent unauthorized access and potential data theft.

Microsoft April 2024 Patch Tuesday Fixes 150 Security Flaws, 67 RCEs

Microsoft’s April 2024 Patch Tuesday addressed 150 security flaws, including 67 remote code execution vulnerabilities, with a focus on Microsoft SQL drivers. Notably, no zero-day vulnerabilities were fixed, but researchers from Varonis disclosed two zero-days affecting Microsoft SharePoint, enabling file exfiltration techniques. These SharePoint vulnerabilities have not been assigned CVEs and are awaiting patching.

Parental Control App KidSecurity Exposes Live GPS Locations of Kids on the Internet

The parental control app KidSecurity suffered a significant data breach, exposing children’s GPS locations and private messages due to improperly secured data streams. Over a million users’ sensitive information, including social media interactions and device details, was accessible online for over a year. This marks the second security failure for KidSecurity, raising serious concerns about the app’s data protection practices.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.