At a glance.
- Phishing scam involves LinkedIn account notifications.
- Update on the Tulsa, Oklahoma, data breach.
- Cancer patient sues over healthcare data exposure.
- Irish data authority will investigate Facebook privacy policies.
- HelloKitty ransomware now out in a Linux-based version.
Phishers use Google Forms to bypass detection.
Researchers at Armorblox investigate a phishing scam revolving around LinkedIn account notifications. Using a hijacked Nigerian university email account, the hackers sent messages bearing LinkedIn branding claiming the target’s LinkedIn account had been locked. All links in the email lead to the same fraudulent LinkedIn sign-in page hosted on Google Forms, and because Google Forms is trusted by default by Google Workspace email platforms, the scammers are able to dodge authentication checks. The operation highlights the need for organizations to implement more robust email security protocols.
Social Security numbers exposed in Tulsa breach.
As the CyberWire previously noted, the city of Tulsa in the US state of Oklahoma has been recovering from a May cyberattack. While officials previously disclosed the threat actors had accessed some personally identifiable information, it appeared Social Security numbers had been spared, but Security Week reports that that was a premature conclusion. “While normally not included on online police reports, the team identified 27 instances of Social Security numbers being put into a free form text field,” said Michael Dellinger, the city’s chief information officer. The city is working to notify the impacted individuals.
Cancer patient suing over HSE breach.
The Conti ransomware attack that shook Ireland’s Health Service Executive (HSE) in May led to the exposure of sensitive patient data on the dark web, and now, the Irish Examiner reports, one of the first lawsuits regarding the incident has been filed. The suit is being lodged against Mercy University Hospital by Cork solicitor Micheál O'Dowd on behalf of one of the impacted individuals, a cancer patient who has asked to remain anonymous. “He cannot speak highly enough of the treatment he got in the Mercy, but is understandably worried about the events that unfolded,” solicitor Micheál O'Dowd stated. O’Dowd expects other patients to file similar suits.
EDPB directs Ireland to investigate Facebook privacy policies.
The European Data Protection Board (EDPB) ruled on Thursday to direct Ireland’s privacy watchdog to examine Facebook’s practices regarding use of WhatsApp user data, TechCrunch reports. The EDPB’s ruling is the first urgent binding decision under the GDPR.
The EDPB stated that ambiguity surrounding Facebook and WhatsApp user data policies has made it difficult to determine "which processing operations are actually being carried out" by Facebook. As Computing explains, there has been much debate regarding Facebook’s handling of WhatsApp data ever since the social media platform announced a modification to its privacy policies allowing sharing of WhatsApp user data with Facebook back in February. After much pushback from users and privacy advocates, Facebook delayed the changes until May. German data protection regulator HmbBfDI announced on May 12 that it was invoking an emergency General Data Protection Regulation procedure to ban Facebook from collecting German WhatsApp user data and urged the EDPB to institute an EU-wide ban. Bloomberg notes that the Irish data protection commission said in a statement on Thursday that it “has already carried out an in-depth inquiry into WhatsApp’s privacy policy user facing material in the context of its transparency inquiry.” A draft of its decision was sent to its EU counterparts in December for approval, but the probe had not yet received full support from the other European watchdog groups.
HelloKitty ransomware's Linux version affects VMware ESXi servers.
BleepingComputer reports on the recent deployment of HelloKitty ransomware to VMware ESXi servers. Roger Grimes, data-driven defense evangelist at KnowBe4, while unsurprised by the continuing emergence of Linux-based malware, is concerned in this case by the possibility of multiple, simultaneous compromise:
"The move to more Linux-based malware and hackers doesn't surprise me. A long time corollary is that whatever becomes popular becomes hacked. It may take time for hackers and malware to adjust to changes, but they are pretty consistent about moving to where they need to be to be most successful.
"One of my other primary concerns about hackers and ransomware targeting VMware ESXi servers is the increased odds for multiple victim backup jobs to be compromised at once. Many ESXi users utilize backup programs and services that backup and duplicate machines at the virtual machine or host level. Hence, one disruptive action to a single backup job or host, can disrupt many more computers at once. Single point of failure. Many ESXi shops rely on ESXi to provide enterprise-level redundant operations. We had a decade of organizations moving from multiple, dedicated, physical, data centers, to less, virtual-machine-based, virtual data centers. Is there a week that goes by that hundreds of physical data centers, previously providing physical redundancy, aren't being shutdown to save on costs? It's more than a trend. It's the way things are. And this move to more virtualization can, if secured correctly, provide incredibly safe and redundant services. But if not done securely, allows fewer points to be compromised to cause bigger issues. This is surely a test for increased virtualization. Will it make us safer and more resilient or will the attackers use the technology against us? Time will tell. I would caution all ESXi shops to consider how using ESXi or ESXi-virtualization products impacts their resilience to hacker attacks. Are they doing everything they can to ensure that a single malicious attack doesn't cause even more failures? I would especially focus on backup scenarios. Is your backup done in a way that is protected, so that a single compromised ESXi-host or infrastructure doesn't give away the keys to the kingdom?"