Medibank Hackers Release 1,500 More Patient Records Including Mental Health Details
Irish regulator is probing Twitter privacy, security practices, DOJ charges ten alleged BEC scammers, Vanuatu's govt knocked offline, Estonia's Eesti Energia hit by DDoS attacks, much more
Metacurity is now on Mastodon. Please follow us at @email@example.com
Russian cybercriminals, likely linked to the REvil gang, have released a tranche of data on the dark web related to 1,500 patient records from the private Australian health insurer Medibank, including the details of treatment for mental health and dementia.
Medibank confirmed that the data included details on chronic conditions such as heart disease and the patient details of people with cancer, dementia, mental health conditions, and infections. “Some of the people on the list have had diagnoses that include mental illnesses, or delirium, which is an acute change in mental status that can be triggered by illness, injury, surgery, or medications,” the company said in a statement.
The data release, the fifth such tranche of data released, comes after the company refused to pay a US$10m ransom to the hackers, who the Australian federal police have said are likely Russian cybercriminals. (Michael McGowan / The Guardian)
Irish Data Protection Commissioner Helen Dixon, who oversees Twitter's operations in Europe, said she is worried about a range of issues at the platform, specifically a paid membership program that allowed fraudsters to impersonate real accounts and sent out false messages and wrought havoc on the share prices of major firms.
Dixon said she would be "probing" these points with Twitter's acting privacy chief, Renato Leite Monteiro, who's been in his new job for just over a week and at Twitter since 2020. Dixon also said she is concerned about the security state at Twitter, given the departure of the firm's chief information security officer, Lea Kissinger. Dublin already has two open investigations into Twitter, including a security probe, that predate Musk's arrival. In addition, Dixon said her office would be "probing" the company's directors about the blue tick program and any other privacy matters that may arise. (NICHOLAS VINOCUR AND VINCENT MANANCOURT / Politico)
The U.S. Department of Justice charged ten individuals with using business email compromise and money laundering schemes to target public and private insurers, resulting in more than $11.1 million in total losses.
The charged individuals allegedly recruited money mules to transfer money. They used spoofed email addresses, bank account takeovers, and similar fraudulent methods designed to deceive victims into believing they were making legitimate payments. (Prajeet Nair / BankInfoSecurity)
Vanuatu's government has been knocked offline for more than 11 days after a suspected ransomware attack on servers in the country, disabling the websites of the tiny Pacific island's parliament, police, and prime minister's office.
The attack has also taken down the email system, intranet, and online databases of schools, hospitals, and other emergency services, as well as all government services and departments, leaving the country’s 315,000 citizens scrambling to carry out basic tasks like paying tax, invoicing bills and getting licenses and travel visas.
The attack has come less than a month after a new government was elected - a potential time of vulnerability. (Frances Mao / BBC News)
The website and online channels of Estonian state electricity generator Eesti Energia and some of its related companies are offline following a large-scale denial of service attack thought to have been conducted by pro-Kremlin hackers.
The attack has affected Eesti Energia's site and mobile app, grid maintenance firm Elektrilevi's website, and its MARU mobile app, while one government ministry, the central bank, and several other key state sites have also been hit by attacks, though with less success.
The incidents coincided with similar and simultaneous attacks on key sites in Latvia, Poland, and Ukraine. Tõnu Tammer, head of CERT-EE, the cyber security arm of the State Information System Authority (RIA), said that the available information points to pro-Kremlin hackers. (ERR.ee)
Microsoft’s Security Threat Intelligence team said that the Royal Ransomware group, DEV-0569, has expanded the use of Google Ads in one of their attacks campaigns, along with other new tweaks in its delivery methods.
The other new delivery methods by the group include using contact forms on targeted organizations’ websites to deliver phishing links and hosting fake installer files on legitimate-looking software download sites and legitimate repositories to make malicious downloads look authentic to targets. (Jonathan Greig / The Record)
The Office of Management and Budget has given federal agencies until May 4, 2023, to provide an inventory of assets containing cryptographic systems that quantum computers could crack.
In September, the National Security Agency issued guidance to set out requirements for owners and operators of national security systems to start using post-quantum algorithms by 2035. In a November 18 memo, OMB said agencies should focus their efforts on producing an inventory for their most sensitive systems.
The White House also said that within 30 days, federal agencies should designate a cryptographic inventory and migration lead for their organization, and within 90 days of the memo publication, the Office of the National Cyber Director, in coordination with OMB, CISA, and the FedRAMP Program Management Office would produce instructions for the collection and transmission of inventory of crypto-vulnerable systems. (John Hewitt Jones and Nihal Krishan / Fedscoop)
The Indian federal government published a new draft of data privacy laws that would allow personal data transfer to other nations under certain conditions and impose fines for breaches of data transfer and data-collection regulations.
Under the bill, the federal government will notify the governments of other countries to which data may be exported, noting that specific conditions must be met for data to be transferred. The draft Digital Personal Data Protection Bill, for which the ministry of electronics and information technology has invited feedback from the public via a portal till December 17, also lays out the exemptions and conditions that must be considered when considering the transfer of personal data to other nations. (Anirban Ghoshal / CSO Online)
Wickr Me, the free encrypted messaging app owned by Amazon Web Services, announced it is shutting down on December 31st, 2023.
Wickr says the app will stop accepting new user registrations on December 31st, 2022, before going away completely next year. The shutdown only affects the consumer-facing Wickr Me, which is often used by journalists, whistleblowers, and anyone looking to keep their messages away from prying eyes. The paid version of the app, Wickr AWS, isn’t going away, and neither is Wickr Enterprise. (Emma Roth / The Verge)
1Password announced that passkeys functionality will launch next year and has put together an interactive demo to illustrate passkey benefits.
The demo currently only works in Chrome, but the company says that Safari and Firefox support is coming soon. (Ben Lovejoy / 9to5Mac)
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Threat actors are abusing Google's Looker Studio (formerly Google Data Studio) to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content.
The SEO poisoning attack uses Google's datastudio.google.com subdomain to lend credibility to malicious domains. Several pages of Google search results were flooded with datastudio.google.com links that lead to minisites that host links to pirated content. (Ax Sharma / Bleeping Computer)
Google Cloud said it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012.
"While the intention of Cobalt Strike is to emulate a real cyber threat, malicious actors have latched on to its capabilities, and use it as a robust tool for lateral movement in their victim's network as part of their second-stage attack payload," Greg Sinclair, a reverse engineer at Google's Chronicle subsidiary, said.
To tackle this abuse, GCTI has released a set of open-source YARA Rules to flag different software variants used by malicious hacking groups. (Ravie Lakshmanan / The Hacker News)
Police in Queensland are searching for hackers who infiltrated a digital billboard on Milton Road in Brisbane and configured it to display pornography for several minutes.
The outdoor media operator goa said the transmission began at 9.23 am and remained on the giant billboard for three and a half minutes. The company also said it had captured “imagery of individuals” and had passed it to Queensland police, who said they were investigating. (Elias Visontay / The Guardian)