At a glance.
- Be careful of the watering hole.
- Hospital data exposure attributed to employee error.
- Realtor suffers possible data breach.
- MMPORG gets hacked; credentials exposed.
SLUB attack employs new tactics.
TrendMicro is investigating a watering hole operation, dubbed Operation Earth Kitsune, that is taking a new approach with SLUB malware. While SLUB earned its moniker from its tendency to exploit Slack or GitHub in its attacks, this new campaign instead employs online chat platform Mattermost. The goal in a watering hole campaign is to lure victims to a version of a frequently visited website which redirects the user to a malicious site or installs malware. In this case, the attack takes advantage of a Google Chrome vulnerability that infects the victims not only with SLUB, but with two new variants as well, giving the threat actors a tighter grip on the victim’s system.
Michigan hospital suffers accidental data exposure.
An employee error has led to a possible data leak at McLaren Oakland Hospital in the US state of Michigan, reports Crain’s Detroit Business. It appears an employee left open an unsecured link to a file containing sensitive patient information. The hospital has contacted the over twenty-two hundred impacted patients, informing them of the incident and instructing them to monitor their financial statements for any indications of fraud. The hospital notified the Department of Health and Human Services, and McLaren employees will be undergoing additional security training.
Foxtons sustains data breach.
British real estate agency Foxtons confirms that it suffered a malware attack, but chose not to immediately inform its clients, as no customer data were compromised, reports Property Industry Eye. The attack compelled the agency to temporarily shut down the MyFoxtons customer portal, which Foxtons explained by claiming the site was down for maintenance. Foxtons’ spokesperson stated, “We have effective systems in place and took quick action to contain the incident and minimize disruption to our customers.” However, some dissatisfied customers feel they should have been informed, regardless of the depth of the breach.
Cheaters sometimes win.
It’s all fun and games until a hacker decides to play. ZDNet reports that the forum for the popular free MMORPG (massively multiplayer online role-playing game) Albion Online was breached on Friday when an intruder took advantage of a vulnerability in the forum’s platform, WoltLab Suite. The compromised data includes usernames and password hashes for forum profiles, and while Albion’s owner Sandbox Interactive GmbH assures that all of the stolen passwords are heavily encrypted, users with weak passwords might be at risk. Sandbox informed the users of the breach by posting a message on the forum recommending that they change their usernames and passwords, just in case. The size of the breach has not been disclosed, but Albion boasts 2.5 million players and the forum serves nearly 300,000 members.
And there's more, out of the olden days, from Albion Online, in this case of someone going medieval on their data...
Milords and Miladies, Albion Online hath fallen.
...the masters of Albion Online hath unbosomed themselves that divers villeins did breach their forum and rieved usernames and password hashes therefrom. Have a care and change thy password, sirrah.
Javvad Malik, security awareness advocate at KnowBe4, would give thee good counsel, varlet: “This unfortunate breach is a reminder that no online assets are unimportant when it comes to security. Criminals will try to breach any accounts they can, not just ones with monetary value. Even seemingly less important sites, like forums or chat rooms, can have value to criminals. Even if passwords are secured, having email addresses can allow criminals to launch convincing spearphishing attacks against users and get them to divulge passwords, or download malware. Therefore, all digital assets need to be secured at the same level as there are no longer any low-risk sites on the net.”
And may ye look to thy credentials elsewhither, lest they get stuffed.