At a glance.
- A bird’s-eye view of Twitter’s privacy settings.
- US healthcare clinic suffers cyberattack.
- South African credit bureau hit with ransomware.
A bird’s-eye view of Twitter’s privacy settings.
Part of the appeal of Twitter is the social media platform’s reach. A user can connect and share views with anyone from close family to famous actors to political leaders. But for users that want the option of a more private Twitter EXPERIENCE, Wired offers a primer on the tools offered by Twitter to limit how other users interact with your content. One simple option is to make your account “protected,” meaning only your approved followers can see what you tweet, as opposed to the general public. When it comes to direct messaging, the default is that any of your followers can send or receive messages from you, but by closing this feature, you can have more control over who is allowed to slide into your DMs. And the Discoverability setting allows users to make their accounts harder to find. There are also options for restricting who can reply to your tweets, and if you’d rather not hear what certain users have to say, you can choose to mute them or even block them.
US healthcare clinic suffers cyberattack.
West Virginia primary care clinic Wheeling Health Right (WHR) disclosed last week that it experienced a “highly-sophisticated” cyberattack that compromised sensitive patient data. WTRF reports that the attack was detected in January, and the subsequent investigation revealed that an intruder gained unauthorized access to patient info, potentially including full name, street and email address, phone number, driver’s license number, medical record number, Social Security number, and tax info. Though there is no evidence of abuse of the compromised data, WHR has initiated a customer password reset and has implemented multifactor authentication for all employee email accounts.
South African credit bureau hit with ransomware.
BusinessTech reports that TransUnion South Africa, the country’s largest credit bureau that maintains both consumer and business data, suffered a ransomware attack at the hands of a threat group calling themselves N4aughtysecTU. The ransomware gang, reportedly based out of Brazil, claims to have accessed 54 million personal records containing credit scores, banking information, and identification numbers (though, as SecurityWeek points out, TransUnion’s facebook page says the bureau maintains credit data for only around 24 million South Africans). The cybercriminals infiltrated an isolated server by using an authorized user’s credentials, and the gang claims they have requested a $15 million ransom, threatening to attack TransUnion’s clients if they don’t pay up. TransUnion released a statement confirming, “We have received an extortion demand and it will not be paid.” According to an update from Fin24, TransUnion has believes the stolen records are actually from a previous data breach, not the current attack. TechCentral adds that the South African Banking Risk Information Centre (Sabric) is working with local banks to formulate a coordinated response in order to protect bank customers from any potential fallout from the attack. Sabric CEO Nischal Mewalall stated, “South African banks take the security of their customer data very seriously and have put in place robust risk mitigation strategies to detect potential fraud on accounts and protect customer personal information as the investigation unfolds,” and he encouraged customers to follow “sound identity management practices to mitigate the risk of identity theft and fraudulent applications.” It’s worth noting that the notorious Lapsus$ threat group, which has taken credit for recent attacks on NVIDIA, Samsung, Ubisoft, and Vodafone, is also reportedly based out of Brazil.