Daily Cybersecurity Roundup, September 16, 2020
Exposed access keys allow an unauthorized individual to reveal, destroy, or manipulate an organization’s data. Entities on GitHub, GitLab, and Pastebin reportedly laid bare 800,000 access keys, including over 40% of database keys, putting sensitive organization data at risk. In another vein, data of more than 190,000 patients of two U.S. healthcare organizations may have been leaked due to the attack on service provider, Blackbaud. With this, join in for the top cybersecurity events recap for the day.
Researchers found nearly 800,000 access keys related to databases, online services, cloud providers, and SSH, exposed across GitHub, GitLab, and Pastebin.
Children’s Minnesota and Our Lady of the Lake Regional Medical Center together may have suffered leaks of personal data of more than 190,000 patients, due to the ransomware attack on third-party service provider, Blackbaud, in May.
A hacker allegedly figured out Former Australian PM Tony Abbott's passport number and phone number using a photo of his plane boarding pass posted on Instagram.
A cybercriminal group was spotted launching brute-force attacks on thousands of MSSQL servers to deploy a cryptomining malware in compromised systems.
A researcher exposed a new SMS-based phishing (smishing) campaign impersonating the United States Postal Service (USPS) to target mobile users and steal Google account credentials.
The U.S. government has filed criminal charges against five Chinese nationals for hacking into over 100 companies globally part. The accused are belived to be a part of the state-sponsored hacking group, APT41.
MITRE, along with other industry partners, initiated Adversary Emulation Library—a collection of emulation plans to help security teams learn defense techniques against the attacks by prominent hacking groups.
The CISA released a malware analysis report about an Iranian threat actor employing malicious scripts in their attacks to target IT, government, healthcare, financial, and insurance organizations across the U.S.
The NSA released guidance on Unified Extensible Firmware Interface (UEFI) to help organizations fortify the Secure Boot feature and identify threats before a system is booted up.
Alloy, an identity operating system for the financial firms, raised $40 million in Series B round led by Canapi Ventures with participation from Avid Ventures, Felicis Ventures, and other existing investors.