As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises, cyberattacks and privacy violations. The shift to online medicine has resulted in
Data Breach
GOP canvassing app credentials exposed in code repository
Access credentials for Campaign Sidekick app, used by Republican campaigns for voter contacts, surveys and canvassing, were exposed in a code repository within a publicly accessible .git directory, a version control system that records code base changes during software development so that developers can work from the same code. “The same operations that make
Best Buy gift cards, USB drive used to spread infostealer
Cybersecurity super group swoops in to fight COVID-19 related hacks
You don’t tug on Superman’s cape, you don’t spit into the wind, you don’t pull the mask off the old Lone Ranger and, with apologies to Jim Croce, you don’t mess around with medical and healthcare organizations battling the coronavirus pandemic, or you’ll face the full force of the COVID-19 CTI League, a group
Maze ransomware group claims Chubb as victim
In the middle of a pandemic, insurance companies are likely targets for cyberattackers so it’s not surprising that Chubb this week reportedly found itself a victim of the Maze ransomware’s operators, who encrypted the company’s files. The group put a notice on its news site claiming that it had encrypted the insurance company’s network. If
Tupperware site hacked with credit card skimmer
Tupperware hasn’t yet put a lid on a targeted cyberattack that uses a credit card skimmer to collect customer payment information at checkout on the tupperware[.]com site and some of its local sites. The threat actors hid “malicious code within an image file that activates a fraudulent payment form during the checkout process,” according to
Free cybersecurity tools coming online to protect WFH staffers
Several cybersecurity firms are going the extra mile to help customers set up a safe environment for their telecommuting workforce. The new reality of having the majority of a businesses workforce working from home has opened a Pandora’ Box or cybersecurity issues for these organizations. A recent poll of UK companies by the private equity firm
Pwn2Own contest yields 13 bugs, as virtual format expands talent pool
Research teams at the Pwn2Own 2020 competition successfully exploited 13 software vulnerabilities this past week, including bugs found in products from Adobe, Apple, Microsoft, Oracle and Ubuntu. Participants earned $270,000 over the two-day event — the first Pwn2Own ever to be held virtually, as a measure to combat the rapid
Coronavirus news being used to sneak malware past AV programs
In an effort to make malware appear legitimate and help it sneak past security software, groups using two well-known trojans are inserting news text from Coronavirus stories into their file descriptions. Padding malware with fake news is not new but Bleeping Computer has found Trickbot and Emotet now being used in
Report: Account takeover and data scraping attacks on e-retailers up as COVID-19 surges
Masses of global citizens have been retreating to their homes and relying on online services to stock up their domiciles during the coronavirus pandemic, and it could be having an influence on cyberattacks against websites. Researchers at application protection company PerimeterX have reported a two-month increase in account takeover attacks against