At a glance.
- University of Rochester discloses third-party MOVEit breach.
- Third-party breach impacts Fayette County, Georgia.
- Barbie phishbait (probably pink).
University of Rochester discloses third-party MOVEit breach.
The mass-hack of the popular MOVEit file transfer application has claimed another victim: American higher ed institution the University of Rochester (UR). In an update to the school’s breach disclosure issued last month, University President Sarah Manglesdorf emailed the university community to explain that “foreign cyber criminals” had accessed employee and student personal information. In some cases, this included data on their spouses, domestic partners, and dependents enrolled in the university’s benefits program, WXXI News reports. Manglesdorf added that UR’s broader network, including systems connected to UR Medicine, were not impacted. At the time of disclosure UR said the MOVEit breach had impacted approximately 2,500 organizations across the world.
Third-party breach impacts Fayette County, Georgia.
In yet another MOVEit-related breach, a county located in the US state of Georgia has announced that the billing provider for its fire and emergency services system experienced a data breach that might have exposed county data. Fayette County says EMS Management and Consultants, Inc was breached at the end of May, and the attacker accessed data in MOVEit server belonging to as many as 2,625 individuals associated with Fayette County Fire and Emergency Services. EMS Management has since patched the tool and taken steps to protect the data, and thus far the company is unaware of any attempted misuse of the compromised information. GovTech adds that the company is working with third-party cybersecurity experts to examine the full scope of the breach.
It’s a Barbie world.
Proving that even cyber-scammers are susceptible to Barbie-mania, there’s been a surge of malicious campaigns capitalizing on the massive popularity of the new movie featuring the flaxen-haired doll. As Steve Grobman, CTO of McAfee, explains on the McAfee blog, “Cybercriminals are always on the lookout for opportunities to make phishing and other scams more attractive and believable. They often leverage popular and well-publicized events such as movie premieres, concerts, or sporting events to trick users into clicking on malicious links.” The Barbie movie was only released less than a week ago, but already cybercriminals have begun disseminating fake downloads of the film that, when accessed, install spyware or malware on the target’s device. For example, an operation spotted in India promises viewers access to the film in Hindi, but clicking on the provided link only downloads a malicious .zip file. Scammers have also been using the promise of free movie tickets as a lure to convince Barbie fans to hand over their personal information. In the last three weeks alone, one hundred new instances of malware with Barbie-related filenames have been reported. The scams have been concentrated mostly in the US, but Australia, Spain, and the UK have also seen activity. Word to the wise: if an online promo or giveaway seems – like Barbie’s perfect plastic hair – too good to be true, it probably is.