top of page
  • OpaCyber

Cyber Security Incidents Updates wk22

Here’s your Cyber Security Incidents Update for wk22 2024


(a once-a-week on Monday glimpse into just a fraction of the Cyber Security events of the previous week to inform regarding the depth and breadth of the incidents world-wide)



-Organisation

⦿ Everbridge, a software company focused on crisis management (that will be handy for them, then 🤦‍♂️) and public warning solutions based in Boston, USA with offices in Emea and Apac

-Data compromised

⦿ "The unauthorised party accessed a limited number of files on our corporate network containing certain business related data" (I'll probably be updating that in the coming weeks...)

-Initial access

⦿ Attackers breached corporate systems using information collected in a previous phishing attack targeting some of its employees

-Possible Prevention

⦿ Security Awareness Training. Also: "MFA will be force-enabled on all accounts by 3rd Jun" (better late than never...)


-Organisation

⦿ Sav-RX, Fremont, New England, USA: a pharmacy benefit management (PBM) company that provides prescription drug management services to employers, unions, and other organisations

-Data compromised

⦿ The Full name, Date of birth, Social Security Number, Email address, Physical address, Phone number, Eligibility data and Insurance identification number of over 2.8 MILLION people

-Possible Prevention

⦿ The organisation is now "implementing multi-factor authentication on critical accounts" (sigh...)


-Organisation

⦿ Christie's Auction House, London, UK

-Data compromised

⦿ (Hackers claims): sensitive personal information of at least 500,000 of Christie’s private clients, including name, date of birth, address, nationality and passport data


One piece of good news 👍:

Malachi Mullings, Georgia, USA, has been sentenced 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams (enjoy your time in Club Fed, Mr Mullings)


One final note:

Over 100 servers worldwide used to deliver malware have been taken down in an international law enforcement operation codenamed Operation Endgame with more than 2,000 domain names seized in addition. Four people have been arrested and a further eight are now on Europol's "Most Wanted" list. Operation Endgame involved police forces from Germany, the US, UK, France, Denmark, and the Netherlands with co-operation from security vendors including Bitdefender and Proofpoint

(Recent law enforcement takedowns seem to be more prevalent and tactics now include playing mind games including doxxing and trolling including this gem posted for the benefit of users of the platform: "Think about (y)our next move". I'm a fan of this change. I have popcorn...) 🤣

コメント


bottom of page