A chilling case of how cybercrime can endanger the lives of people has come to light. In the US state of Florida, Pinellas County sheriff revealed a dangerous hack attempt on a water treatment facility in Oldsmar that could have sickened the entire population of the city. The hacker had gained access to the operating system at the facility and had attempted to increase the level of sodium hydroxide in water.
In other news, Microsoft has warned customers not to let their guards down even after Emotet’s disruption. This warning comes due to the massive reach and role of Emotet in the deployment of secondary payloads, including ransomware and information stealers.
Top Breaches Reported in the Last 24 Hours
Dangerous hack attempt
A hacker hacked into a water treatment plant
in the state of Florida, U.S., in an attempt to poison the water supply by increasing the level of sodium hydroxide. The hack took place on February 5, with one in the morning and the second in the afternoon.
CJH’s data breach affects UPMC
A cyberattack on Charles J.Hilton & Associates P.C. (CJH) has potentially exposed the personal health information of more than 36,000 patients at the University of Pittsburgh Medical Center (UPMC). Patient information compromised in the attack consisted of data used by CJH to provide its contracted billing-related legal services to UPMC.
CD Projekt hit
Polish video game company CD Projekt
revealed that it has fallen victim to a cyberattack that affected some of its internal systems. The company has confirmed that no personal data of its services have been compromised in the incident.
Hospital chain data released
Conti ransomware operators have published
patients’ data stolen from two U.S. hospital chains. The affected organizations are the Florida-based Leon Medical Centers and Nocona-General Hospital in Texas. The attackers had used malicious documents to deliver the malware.
Top Malware Reported in the Last 24 Hours
Microsoft’s warns about Emotet
Microsoft has warned that organizations should equip themselves with best cybersecurity practices despite the takedown of Emotet’s servers. Although there has been a drop in new campaigns, it is believed that the trojan’s role and reach in the deployment of payloads, such as ransomware, can cause unwanted trouble for organizations. The malware is also used to drop other malware families, including the QakBot and Trickbot trojans, on infected systems.
Top Vulnerabilities Reported in the Last 24 Hours
NextGen Gallery flaws fixed
The NextGen Gallery development team
has addressed two severe CSRF vulnerabilities in its plugin that could lead to a potential takeover of WordPress sites. Attackers can exploit these flaws by tricking WordPress admins into clicking specially crafted links or attachments to execute malicious code into their browsers.
Top Scams Reported in the Last 24 Hours
Facebook phishing goes viral
Close to 500,000 Facebook users
have been affected by a large-scale phishing scam circulating on Facebook. The scam, called ‘Is that you’, has been circulating in various forms since at least 2017 on the platform. It begins with a Facebook message sent by one of the friends from the victim’s friends list. The message masquerades as a video, which when opened, leads the victim through a chain of websites infected with malicious scripts that collect personal data.