In this week’s Weekly News Round-up, we give updates on known breaches, news on a new breach, and the ways hackers can use sophisticated phishing campaigns to mine for personal information. A bright spot is the open-sourced projects Apple is working on to provide greater security across all the websites you visit.
Companies using PBX systems facing large-scale phishing attacks
Ironscales released a report this week revealing a new phishing scheme perpetrated using PBX phone systems. This type of scam has threatened nearly 100,000 business inboxes across all industries.
“To make each attack more believable, cybercriminals are adding customization to personalise the sender name as well. This type of sophistication partially explains why these email attacks are bypassing secure email gateways and the DMARC authentication protocol,” according to the folks at Ironscales. The best way to combat this is for organizations to make their employees aware of this type of scam and to implement an automated solution for tagging these items as spam before an accidental breach could occur. Read more at Teiss.
Babylon Health breach sees software error expose patient videos
A data breach of a Babylon Health appointment scheduling app could have exposed health information for any of the 2.3 million registered users in the UK. According to Babylon, the problem was a software issue that was quickly remedied and not the result of any sort of malicious attack. They notified the three users whose video appointments were exposed and did what they could to remedy the situation, along with apologizing.
With so many businesses and healthcare systems moving to online cloud-based solutions right now, there’s a steep learning curve in the way of data security. Learn more about the breach and ways to secure your company’s info at Verdict.
Matt Hancock clueless about confidentiality breach at his own GP surgery
British Secretary of State for Health and Social Care, Matt Hancock, is among the Babylon Health users whose information and video consultations with a GP may have been exposed in the recent breach.
OneLogin’s Niamh Muldoon weighed in, stating that, “By allowing members of the public’s GP sessions to become public, they potentially revealed among the most sensitive information available about an individual’s health, which could in turn be leveraged by further cybercriminals using the information for social engineering campaigns.” Get the details at The Guardian.
Apple announces open-source project for password manager developers
Apples Password Manager Resources initiative will facilitate the integration of password manager apps and website-specific requirements. It’s an open-source project (one of several that Apple is running.
A goal of the project is to improve user experience by enabling password manager apps to collect the various forms of password requirements (such as password length, special character requirements, etc) and generate a password that fulfills those requirements. By doing this, it reduces the temptation of users to create their own passwords rather than using a randomly generated one. Learn more about this project at Apple Insider.
Nintendo Confirms Additional 140,000 Accounts Compromised in April Data Breach
After an April 2020 data breach that was thought to have affected upwards of 160,000 users, Nintendo announced that another 140,000 accounts could have been compromised. This comes after a number of users reported unauthorized logins and use of stored credit card data without permission.
Nintendo reports that less than 1% of affected users had fraudulent transactions on their accounts, but they are reimbursing all that were financially affected. They’ve asked all users to reset their passwords and enable multi-factor authentication in response to this breach. They’ve also removed the software they believe may have led to the problem. Read more at Security Boulevard.