At a glance.
- Phishing scams include notifications on LinkedIn accounts.
- Update on data breach in Tulsa, Oklahoma.
- Cancer patient sues for disclosure of health data.
- HelloKitty ransomware is now available in a Linux-based version.
Phishers use Google Forms to bypass detection.
Armorblox researchers are investigating a phishing scam involving LinkedIn account notifications. Using a hijacked Nigerian university email account, the hackers sent LinkedIn branded messages claiming the target’s LinkedIn account had been banned. All of the links in the email lead to the same fraudulent LinkedIn login page hosted on Google Forms, and since Google Forms is trusted by default by Google Workspace email platforms, the scammers can dodge authentication checks. The operation underscores the need for organizations to implement more robust email security protocols.
Social Security Numbers Uncovered in Tulsa Burglary.
As previously noted by CyberWire, the city of Tulsa, Oklahoma, is recovering from a cyber attack in May. While officials previously announced that the threat actors had accessed some personally identifiable information, it appeared the Social Security numbers were spared, but Security Week reports that it was a hasty conclusion. “Although not usually included in online police reports, the team identified 27 cases of social security numbers entered in a free text field,” said Michael Dellinger, the city’s chief information officer. The city is doing its best to notify the people concerned.
Cancer patient sued for HSE injury.
The Conti ransomware attack that rocked the Irish Health Service Executive (HSE) in May resulted in the disclosure of sensitive patient data on the dark web, and now, the Irish Examiner reports, one of the first lawsuits has been filed regarding the incident. The lawsuit is being brought against Mercy University Hospital by lawyer Micheál O’Dowd from Cork on behalf of one of the individuals concerned, a cancer patient who wishes to remain anonymous. “He cannot praise the treatment he received in Mercy, but is understandably concerned about what has happened,” said lawyer Micheál O’Dowd. O’Dowd expects other patients to file similar lawsuits.
The European Data Protection Board (EDPB) decided on Thursday to order the Irish data protection watchdog to investigate Facebook’s practices regarding the use of WhatsApp user data, TechCrunch reports. The judgment of the EDPS is the first urgent binding decision according to the GDPR.
The Linux version of HelloKitty ransomware affects VMware ESXi servers.
BleepingComputer reports on the recent deployment of HelloKitty ransomware on VMware ESXi servers. Roger Grimes, data-driven defense evangelist at KnowBe4, while not surprised by the continued emergence of Linux-based malware in this case, is concerned about the possibility of multiple concurrent compromises:
“The move to more Linux-based malware and hackers doesn’t surprise me. It has been consistent for a long time that anything that becomes popular should be hacked. It can take time for hackers and malware to adapt to change, but they are fairly consistent in moving around where they need to be to be most successful.
“One of my other major concerns about hackers and ransomware targeting VMware ESXi servers is the increased likelihood of multiple victim backup jobs being compromised at the same time. Many ESXi users use backup programs and services that back up and duplicate machines at the virtual machine or host level. . Therefore, an interrupt action on a single backup job or host can interrupt many other computers at the same time. Single point of failure. Many ESXi stores rely on ESXi to provide redundant enterprise-level operations. For a decade we’ve had companies shifting from multiple, dedicated, physical data centers to less virtual machine based virtual data centers. Is there a week when hundreds of physical data centers that previously offered physical redundancy aren’t shut down for cost reasons? It’s more than a trend. It is the way things are. And this move towards more virtualization, if properly secured, can provide incredibly secure and redundant services. But if it’s not done safely, it allows fewer points to be compromised to cause bigger problems. This is certainly a test for increased virtualization. Will it make us safer and more resilient or will the attackers use the technology against us? We will see. I would like to warn all ESXi stores to consider how using ESXi or ESXi virtualization products will affect their resilience to hacking attacks. Are they doing everything they can to ensure that a single malicious attack doesn’t cause more errors? I would particularly focus on backup scenarios. Is your backup protected so that a single compromised ESXi host or infrastructure doesn’t give away the keys to the kingdom? ”