At a glance.
- Contact-tracing apps lose ground over privacy concerns.
- Phishing campaign impersonates Wells Fargo security team.
- Cognizant warns affected individuals of possible data compromise.
- H&R Block discloses data breach.
Contact-tracing apps lose ground over privacy concerns.
The UK is the latest country to abandon a centralized approach to contact-tracing. The BBC reports that the government has decided to abandon its centralized NHSX-developed system in favor of adopting the decentralized Apple-Google contact-notification model.
Researchers have identified four vulnerabilities, all apparently patchable, in Australia's COVIDSafe app, ITWire reports. At least three of the bugs have potential privacy implications, and users are advised to upgrade to the latest version of COVIDSafe.
Canada's contact-tracing app is due to be rolled out in beta on July 2. Global News writes that outside experts have given the app good reviews, but that Canada's federal privacy commissioner has yet to complete its own review.
Phishing for banking customers' data.
Researchers at Abnormal Security describe an ongoing phishing campaign in which the criminals misrepresent themselves as Wells Fargo's security, attempting to induce victims to give up such sensitive banking information as their username, password, PIN, and account numbers. The phishing email presents itself as a calendar invitation to deal with an urgent security matter (the recipient is told they must get a new security key to secure their account, and that failure to comply will result in their being locked out of that account). The payload is delivered in a [dot] ics file, used by calendar apps to hold scheduling information.
Cognizant warns that a ransomware attack may have compromised personal data.
IT services provider Cognizant is notifying affected individuals that their personal data may have been exposed by a criminal intrusion into its networks. The attack, a ransomware incident, occurred between April 9th and 11th, and the company believes most of the people affected are holders of corporate credit cards. CRN says that the ransomware (which was of the Maze strain) took not only corporate credit card data, but also "Social Security numbers, tax IDs, financial account information, and driver’s license and passport details." The individuals affected all appear to be Cognizant employees.
H&R Block discloses data breach.
A June 5th internal review at tax preparation company H&R Block discovered that "unauthorized parties" may have used some customer credentials to gain access to their MyBlock accounts in the last week of April. The company says that its investigation determined that its own networks weren't compromised, but that the unauthorized parties appear to have obtained the credentials from phishing, malware, or credential stuffing with information obtained from other sites. Names, addresses, phone numbers, Social Security numbers, and income tax returns may have been compromised.