There doesn’t appear to be an end to healthcare breaches. A Tuscaloosa-based ambulance service had to notify over 80,000 patients of a breach that may have exposed their data. In another incident, we have an exposed database and lots of sensitive data, owing to a misconfigured AWS bucket. In other news, the BianLian ransomware has evolved and hits at the victims’ fear at the very core. Here are the top 10 highlights for your perusal.
01
Alabama-based NorthStar Emergency Medical Services started informing 82,450 patients of a data breach from September 2022, which potentially compromised their SSNs, insurance data, and other sensitive details.
02
A misconfigured AWS S3 bucket belonging to the online currency exchange platform Fiatusdt was found exposing a database containing around 20,000 KYC compliance records and customer ID images.
03
New analysis by ESET revealed that copycat websites for WhatsApp and Telegram are being leveraged to propagate trojanized app versions containing cryptocurrency clipper malware to infect Windows and Android users.
04
SentinelOne spotted the Winter Vivern APT group targeting Polish government agencies, Indian government entities, the Ukraine Ministry of Foreign Affairs, and the Italy Ministry of Foreign Affairs in cyberespionage campaigns since 2021.
05
The BianLian ransomware group has now become a solely exfiltration-focused gang, instead of encrypting its victims’ files and pressures victims by warning them of legal repercussions once their data is leaked - reported Redacted.
06
Kaspersky released a free decryptor for a ransomware based on Conti’s source code. Tracked as Meow ransomware, it has compromised dozens of organizations and state institutions throughout December 2022.
07
Threat actors have been exploiting Adobe Acrobat Sign to distribute info-stealers like RedLine to unsuspecting users. This technique bypasses security layers and tricks targets effectively.
08
Chinese and Russian threat actors have been using a new loader, named SILKLOADER, that leverages DLL side-loading to deploy Cobalt Strike onto victims’ systems, found WithSecure.
09
A pretty persuasive Twitter scam is targeting bank customers by exploiting the quote-tweet feature, luring unsuspecting users to call the scammers’ fake helpline numbers.
10
The CISA is requesting public input on a guide for securing cloud business applications, named SCuBA. It involves two guidance documents that recommend best security practices for federal agencies to integrate cloud solutions with existing infrastructure.
