Summit Medical Associates Discloses Ransomware Attack; Patient and Affiliate Information Potentially Impacted

Summit Medical Associates disclosed on August 4 that a ransomware attack earlier this year may have compromised personal information of patients and affiliates.

According to a data breach notification, Summit discovered that it became unable to access particular data stored on its servers, the launched an investigation alongside third-party security experts.

“On or about June 5, 2020, Summit discovered that it was unable to access certain data and records stored on its server,” the notice reads. “Summit immediately launched an investigation, with the assistance of third-party forensic computer experts, to determine the nature and scope of the incident. It was determined that certain information was encrypted by ransomware.”

The investigation also found that cybercriminals retained unauthorized access to their systems for nearly six months before the breach was discovered.

“Summit’s investigation determined there was potential unauthorized access to its server between January 24, 2020 and June 5, 2020,” the company added. “Summit then worked to identify its patients whose personal information may have been accessible to the unauthorized actor. That process concluded July 28, 2020.”

While there might be no evidence that bad actors viewed or stole patient information, the concerned server housed personal identifiable information such as names, medical information and Social Security numbers.

The number of potential victims was not revealed. However, the company acknowledges the risks for identity theft and fraud, and urges customers to review their account statements for suspicious activity.

The healthcare industry has become a distinguished target for cyber-criminals to prey on amid the pandemic, accounting for 51% of all incidents disclosed in the first quarter of 2020. Medical records sell like hotcakes on the dark web, and bad actors have managed to create a successful business.

The company also said it will notify the Department of Health and Human Services and other regulators of the incident, and advised users to report any misuse of personal information to law enforcement agencies, medical providers or financial institutions.

Users Advised to Reset Passwords After Zello Data Breach

Zello, a popular push-to-talk app, has disclosed a data breach that could have potentially allowed malicious actors to gain access to users’ email addresses and hashed passwords.

Zello boasts 140 million users worldwide, and facilitates real-time communications for frontline workers, transportation services and friends. The app allows people to use their phone as a walkie-talkie as long as a network or WiFi connection is enabled on the device. App users can start one-to-one or group conversations that are fully encrypted end-to-end, and instantly send voice messages or photos.

The security team at Zello was apparently alerted by unusual activity on one of their servers on July 8.

“On July 8, 2020, we discovered unusual activity on one of our servers,” Zello said. “We immediately initiated an investigation, notified law enforcement and engaged a leading independent forensics firm to help. Through this investigation, we learned that it is possible that an unauthorized party may have accessed the email addresses used by our users on their Zello accounts and a hashed version of their passwords.”

The notification also said Zello Work and Zello for First Responders customers were not affected by this incident. While the company found no evidence of unauthorized access to user accounts, all users are urged to reset their app passwords.

The letter also underlined that “Zello access requires both a username and password, and usernames were not impacted by this incident.” Although “email addresses were impacted, users rarely use emails as Zello usernames” to log in into their accounts.

Since malicious actors also gained access to hashed account passwords, Zello emphasized the importance of resetting the passwords for all other online services where users could have used the same password.

“Your password was not in plain text, but in a coded format generated through a cryptographic process known as ’hashing,’ which is designed to make your password unreadable,” Zello added. “As a precaution, however, you should change your password for any other online services where you may have used the same password. It is also important to choose a strong password that is not easy to guess.”

FBI Warns of Rise in Online Shopping Scams

The FBI’s latest Public Service Announcement warns Internet users about a surge in online shopping scams.

According to complaints received by the bureau, more and more online shoppers are being directed to fraudulent websites via social media and online search engines. These bogus vendors are actually making the most of the health crisis, social distancing and remote workforce.

For example, online shoppers seeking facemasks, gym equipment, small appliances, tools and furniture reported never receiving their purchases. While it may seem unlikely to find this variety of merchandise on a single e-commerce website, victims were lured with ads flaunting below-market prices.

The most common denominator of complaints filed include:

• Disposable face masks shipped from China were received regardless of what was ordered
• Payment for goods was made using an online money transfer
• Online retailers provided unrelated US addresses and telephone numbers, misleading shoppers to believe the shop was located in the US
• The content used by these fraudulent websites is copied from legitimate ones

Additionally, shoppers who complained about shipments were only offered a partial reimbursement, and urged to keep the free facemasks as compensation. However, none of the victims who asked for their money back were successful. “Others were told to return the items to China in order to be reimbursed, which would result in the victim paying high postage fees, or agree to a partial reimbursement of the product ordered without returning the items received,” the report said.

The FBI also provided a list of indicators that could help online shoppers avoid being scammed:

• Most fraudulent websites use domains such as “.club” or “.top” instead of “.com”
• Retailers provide high discounts and too-good-to-be-true offers
• Web addresses for these online shops were registered within the last six months
• Scammers use content copied from legitimate sites and share the same contact information on their online shops
• Websites are mainly advertised on social media
• Scammers use a private domain registration service to avoid personal information being published in the Whois Public Internet Directory

How can you avoid becoming the next online shopping scam victim? It might be hard to ignore a big discount. However, before filling up your shopping cart, check the retailer’s domain registration, reviews and complaints. You can also do some detective work by checking the details listed under the vendor’s “Contact Us” page, to see if the information is legitimate or just scraped off another website.

Interior Design Platform Confirms Data Breach after Data of 1.3 Million Users is Posted Online

Havenly, the online interior design and home decorating platform has disclosed a data breach after a data breach broker leaked 1.3 million user records for free on a popular hacking forum.

ShinyHunters, a well-known seller of stolen data breach records, last month started listing various company databases on the dark web. The trove of combined databases exposed over 386 million user records from 18 companies, including Promo.com and Dave.com.

Although news of the data breach was made public on July 28, Havenly issued no official statement. Yesterday, however, the company posted a data breach notice on its website, informing customers of a “potential incident that may have affected the security of certain customer accounts.”

When BleepingComputer reported on the incident, it disclosed that samples of the leaked database included usernames, full names, MD5 hashed passwords, email addresses, phone numbers, zip, and data related to the use of the site.

Although the notification does not confirm the number of affected accounts or type of compromised information, Havenly is asking all customers to reset the passwords for their account.

“Out of an abundance of caution, we are logging all existing customers out of their Havenly accounts and asking our customers to reset their password when they next log in to the Havenly website,” the letter reads. “As a best practice, we also encourage all of our customers to use different passwords across all online services and applications, and to update those passwords now and on a regular basis”.

To reassure affected customers, the company does highlight that is does not store full credit card numbers or other financial information that could be used in fraud.

“We suspect that many of you will be concerned about the credit card numbers that you’ve used with Havenly in the past,” the company said. “Please note: we do NOT store credit card information, apart from the last 4 digits of the card in some cases, which is not enough to engage in credit card fraud.”

While the news may come as a relief, affected members can still be targeted by phishing emails designed to harvest additional personal and financial information for use in identity theft. Havenly members should also closely monitor their email addresses for unsolicited messages, and adopt good cyber hygiene while using their digital devices.

UK Finance Reveals Top 10 Covid-19 Scams to be on the Lookout For

The last seven months have been a scary rollercoaster ride. On top of COVID-19 becoming a global health crisis, and the ensuing economic and political impact, cyber criminals are having a field day taking advantage of the pandemic.

From petty scams to full-on cyber-attacks, the threat landscape has evolved to accommodate a wave of coronavirus-related schemes to defraud the public.

A new report released by UK’s top lobbying body for the financial sector has revealed the top 10 scams used by fraud groups to exploit current events and uncertainties regarding COVID-19. While some fraudulent attempts seek to manipulate victims into investing in bogus business opportunities, some callously exploit the financial hardship and need for information expressed by citizens.

According to UK Finance, the crème-de-la-crème of these swindles can be separated into three major categories, including financial support scams, health and lockdown scams:

Financial support scams

1. Fraudsters impersonating the government sent out e-mails offering grants of up to £7,500 to recipients. However, the email urges victims to click on a link and fill out their personal and financial data. This information is used in various forms of online fraud

2. Similarly, criminals sent out emails encouraging targets to fill in a form using their personal identifiable to access ”Covid-19 relief funds”

3. The ‘council tax reduction’ ruse also impersonates official government institutions. In this e-mail scam, victims are sent a link that redirects users to a fake government website where they are asked to provide personal and financial information

4. Applicants for Universal Credit are targeted by fraudsters who offer their help in return for a fee

Health scams

5. Criminals leveraging the NHS Test and Trace service sent out phishing emails and malicious links claiming that recipients have been in contact with a person who tested positive for COVID-19. Users who fall victim to this ruse have their personal and financial information stolen, and in many cases, their devices are infected with malware

6. Internet users have also been targeted by fake ads for sanitary products and coronavirus protective gear

Lockdown scams

7. Fake emails and texts claiming to be from TV Licensing have been sent out by fraudsters, claiming that individuals are eligible for six months of free TV license due to the coronavirus pandemic. In an attempt to steal personal and financial information, victims are told there has been a problem with their direct debit card, and are asked to access a webpage

8. Online TV subscription services were in high demand during the lockdown. As such, cyber-criminals have targeted customers with convincing emails asking them to update payment information by clicking on a fake link. Instead of having their online subscriptions renewed, recipients had their credit card information stolen

9. Online dating apps and websites were also popular during the stay-at-home order. Many criminals created fake profiles on social media, manipulating their love interests into wiring money.

10. Fake investment opportunities encouraged users to “take advantage of the financial downturn” by investing their hard-earned money in fake investment companies

US DOJ Charges Three Young Men for Alleged Roles in July Twitter Hack

Last week, the US Department of Justice (DOJ) charged three men for their alleged roles in one of the largest Twitter breaches in history, which led to the hijacking of 130 high-profile accounts of politicians, celebrities and musicians.

According to a Florida affidavit, two Florida residents and one UK national were responsible for the hack, and are now charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer.

The trio, who remained a mystery until the recent announcement, allegedly managed to defraud over 400 individuals through a clever bitcoin scam by piggybacking compromised Twitter VIP accounts.

“I am giving back to my community due to Covid-19. All Bitcoin sent to my address below will be sent back double. If you send $1,000, I will send back $2,000,” read one of the fraudulent tweets.

“The Twitter attack consisted of a combination of technical breaches and social engineering,” the reports said. “The hackers are alleged to have created a scam bitcoin account, to have hacked into Twitter VIP accounts, to have sent solicitations from the Twitter VIP accounts with a false promise to double any bitcoin deposits made to the scam account, and then to have stolen the bitcoin that victims deposited into the scam account. “

Posing as prominent social media figures, the bad actors gained over $100,000 in Bitcoin transactions from victims. Although the scheme was successful at first, the men made little attempt to conceal their identities, using their home IP addresses and driver’s license to verify Bitcoin wallets.

“Upon opening an investigation into this attack, our investigators worked quickly to determine who was responsible and to locate those individuals,” said San Francisco FBI Special Agent in Charge John F. Bennett. “While investigations into cyber breaches can sometimes take years, our investigators were able to bring these hackers into custody in a matter of weeks.”

The hackers allegedly compromised over 100 social media accounts and scammed both the account users and others who sent money based on their fraudulent solicitations,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “The rapid investigation of this conduct is a testament to the expertise of our investigators, our commitment to responding quickly to cyber attacks, and the close relationships we have built with law enforcement partners throughout the world.”

Belarus Authorities Arrest GandCrab Ransomware Operator

The Ministry
of Internal Affairs of Belarus has announced the arrest of a 31-year-old man
who served as an affiliate in the infamous GandCrab ransomware-as-a-service
program.

“Office ‘K’ of the Ministry of Internal Affairs, in cooperation with the Cyber ​​police of Great Britain and Romania, identified a member of an international hacker group that used during 2017-2018, one of the most famous ransomware virus ‘GandCrab,’” reads a rough English translation of the press release. “On their account – more than 54 thousand infected computers around the world, 165 of which belong to the citizens of Belarus.”

Vladimir
Zaitsev, deputy head of the High-Tech Crime Department of the Ministry of
Internal Affairs, says the hacker, who has yet to be named, is a 31-year-old
resident of Gomel who had no prior convictions. He allegedly infected more than
1,000 computers and demanded the equivalent of $1,200 for decrypting each one.

“Access to
the admin panel for managing the ransomware botnet was carried out via the
darknet, which allowed the attacker to remain anonymous for a long time,” the
news release states.

“Part of the
profits was transferred to the administrators (operators) of the server he
leased,” Zaitsev said.

The hacker’s
victims span several countries, including India, the US, Ukraine, UK, Germany,
France, Italy and Russia – where most of his victims resided.

Last week, Europol announced that the No More Ransom decryption tool repository had amassed over 4.2 million visitors from 188 countries as the service turned four years old. The agency said the repo helped save an estimated $632 million for ransomware victims worldwide. Bitdefender calculates that its GandCrab decryptors alone are responsible for 12% of that figure.

Zoom bug meant attackers could brute force their way into password-protected meetings

Zoom bug meant attackers could brute force their way into password-protected meetings

Zoom has patched a security hole that could have allowed attackers to break their way into password-protected private calls.

The flaw, discovered by SearchPilot’s Tom Anthony, meant that hackers and spies could have broken into private password-protected Zoom video calls “within a matter of minutes.”

The problem revolved around the six-digit numeric passcode, used by default to secure Zoom chats. Six digits mean that the passcode for a specific chat had to be a number between “000000” and “999999”.

One million possible combinations may sound like an awful lot for a hacker to manually try, but it’s little effort for a computer to brute force their way through until they find the one that unlocks the private Zoom conversation.

Anthony had discovered the security concern after UK Prime Minister Boris Johnson made headlines after tweeting a screenshot of a sensitive Cabinet meeting held on Zoom, revealing its meeting ID.

At the time, the UK government debunked the threat posed by the tweet as entry to the Zoom meeting had been protected by a password.

However, Anthony discovered that his attempts to brute force his way into password-protected Zoom meetings did not trigger any warnings or slowdown.

With some what he described as “fairly clunky” Python code, Anthony was able to confirm that it was possible to crack his way into Zoom meetings without too much difficulty from a home PC.

According to the researcher, using 4-5 cloud servers it would be possible to check all the possible six digit numeric passwords in just “a few minutes.”

Contacting Zoom about the issue, Anthony made a number of suggestions, including:

  • Rate-limiting the number of attempts that can be made to enter a password to a Zoom meeting (for instance, to 10 different attempts per hour)
  • Rate-limit IP addresses if they make too many attempts to guess a password (regardless of which meeting ID may be targeted)
  • Trigger a warning should a given meeting pass a set number of failed password attempts.
  • Increase the length of the default password.

A spokesperson for Zoom confirmed that the video chat service has since improved its security:

“Upon learning of this issue we immediately took down the Zoom web client to ensure our users’ security while we implemented mitigations. We have since improved rate limiting… and relaunched the web client on 9 April. With these fixes, the issue was fully resolved, and no user action was required. We are not aware of any instances of this exploit being used in the wild.”

Online services that are protected by something as simple as a six digit numeric passcode cannot afford to ignore the very real risk that attackers might attempt to brute-force their way through.

Making passwords longer and more complex than six numeric digits is one way to make life harder for hackers, but the most useful defence is undoubtedly to spot excessive failed attempts to break in and shut or slow them down so they no longer become practical.

74% of Internet Users Feel They Have No Control Over the Personal Information Collected on Them

New research conducted by the Ponemon Institute reveals a substantial lack of empowerment felt by consumers when it comes to their data privacy. There is also a gap between the data protection individuals want and what industry and regulators provide, pointing to a dire need for digital identity protection solutions on a consumer level.

According to the report (Privacy and Security in a Digital World: A Study of Consumers in the United States), consumers are still waiting on — or expecting – the federal government to drive data protection initiatives.

More than
half of consumers (60%) believe government regulation should help address the
privacy risks facing consumers today. Of those, 34% say government regulation
is needed to protect personal privacy and 26% believe a hybrid option
(regulation and self-regulation) should be pursued.

The study found that 64% of consumers think it’s “creepy” when they receive online ads that are relevant to them. And 73% of consumers want advertisers to allow them to “opt-out” of receiving ads on any specific topic at any time.

It is worth noting that the social microblogging platform Twitter indeed offers this opt-in/opt-out feature. This cannot be said about other popular online services, though.

Twitter is a rare example in the social media world where users are offered a transparent, friction-free method to opt-in or out of personalized ads.

The research
reveals a lack of empowerment that consumers feel in their ability to protect
their privacy, coupled with a bit of negligence on the users’ end.

While 74% of
consumers say they have no control over the personal information that is
collected on them, they are also not taking much action to limit the data they
provide to the online services they employ on a daily basis, like Facebook and
Google.

In fact, the
report notes, 54% of consumers say they do not consciously limit what personal
data they are providing.

“This lack
of empowerment can have devastating effects on consumers’ privacy if it goes
unchecked,” the researchers said.

Other key
findings include:

  • Consumer Concern Is Increasing: Two-thirds of consumers (68%) are
    more concerned about the privacy and security of their personal information
    than they were three years ago. Three-fourths of consumers (75%) in the over 55
    age group have become more concerned about their privacy over the past three
    years.
  • Search Engines Least Trusted: Almost all consumers (92%) believe
    search engines are sharing and selling their private data, 78% believe social
    media platforms are and 63% of consumers think shopping sites are as well.
    Similarly, 86% of respondents say they are very concerned when using Facebook
    and Google and 66% of respondents say they are very concerned when shopping
    online or using online services.
  • Seniors Against Advertising Tracking: A majority of older consumers (78%)
    say advertisers should not be able to serve ads based on their conversations
    and messaging.
  • Consumers Have Little Hope in
    Websites’ Ad Blocking:
    Only 33% of consumers expect websites to have an ad blocker that stops
    tracking and only 17% of consumers say they expect websites to limit the
    collection and sharing of personal information.
  • Split Responsibility: More consumers (54%) say online
    service providers should be accountable for protecting the privacy of
    consumers, while 45% say they themselves should assume responsibility.

According to
Dr. Larry Ponemon, chairman and founder of Ponemon Institute, “these findings
make a compelling case for the important role identity protection products and
services play in protecting consumers’ privacy.”

“The study
shows that many consumers are alarmed by the uptick in privacy scandals and
want to protect their information, but don’t know how to and feel like they
lack the right tools to do so,” Dr. Ponemon stressed.

At Bitdefender, we believe the more we control our digital footprint, the easier it is to manage our individual online reputation and personal data. Bitdefender Digital Identity Protection lets you see if your personal info has been stolen or made public, or – in case the answer is Yes – how much of it has actually been leaked.

Bitdefender DIP offers continuous identity monitoring, meaning you are alerted if any sensitive information that relates to your identity is found on the Dark Web or public databases. You get alerts about identity-theft attempts, data breaches, account take-overs and social media impersonations, and you can immediately take action to secure your online identity with only a few clicks. Learn more at https://www.bitdefender.com/solutions/digital-identity-protection.html.

Thousands of websites at risk from critical WordPress plugin vulnerability

Thousands of websites at risk from critical WordPress plugin vulnerability

A critical vulnerability in a third-party plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely.

The vulnerability, discovered by security researchers at Wordfence, hides in a vulnerable version of the wpDiscuz commenting plugin and enables hackers to upload arbitrary files to targeted websites, including executable PHP files.

wpDiscuz offers an alternative (and some would argue more stylish) way for people to leave feedback on blog posts than JetPack Comments, Disqus, and WordPress’s own built-in commenting system, and has received praise from some for its handling of comments in real-time through Ajax, comment rating system, and its support for storing comments on the site’s local servers rather than on a third-party service.

However, Wordfence’s researchers told wpDiscuz’s developers in June that it had found a flaw, which – due to a lack of security precautions – allowed unauthenticated users to upload to a comment any type of file (including PHP files).

The problem was found in version 7 of wpDiscuz which added a feature allowing users to upload images alongside their comments. However, Wordfence discovered that there was a failure to properly identify if uploaded files were really images or not, allowing the upload of potentially malicious code.

According to Wordfence, a successful attack could leave an attacker with control of every website on the server:

“If exploited, this vulnerability could allow an attacker to execute commands on your server and traverse your hosting account to further infect any sites hosted in the account with malicious code.”

wpDiscuz’s developers initially told Wordfence that the flaw would be fixed in version 7.0.4 of the plugin, which was eventually released on July 20 2020.

Unfortunately, Wordfence found that that update did not sufficiently patch the security hole, and a new (properly working) version of wpDiscuz was released on July 23 2020.

Wordfence recommends that all administrators of self-hosted WordPress-powered websites that are running the wpDiscuz plugin update to the latest version as a matter of priority.

As Bleeping Computer reports, since the fixed version of wpDiscuz was released it has been downloaded just over 25,000 times – meaning some 45,000 websites may still be vulnerable.

Self-hosting your WordPress site has its benefits, but one of the biggest downsides is that the onus is much more on you to ensure it is kept updated with the latest patches and updates. New vulnerabilities are frequently found in the software and its many thousands of third-party plugins – so it’s not something that you can afford to ignore.

My advice? Enable automatic updates wherever possible.

Left unattended, a website running a self-hosted edition of WordPress can be all too easy for a hacker to exploit. And it will be your brand, and the visitors to your website, who will be running the risk of serious harm.

Posts navigation

1 2 3 4 54 55 56
Scroll to top