Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Twitter
Exploit: Hacking
Twitter: Social Media Network
Risk to Small Business: Cybercriminals say that they’ve exploited a vulnerability in the Twitter platform to obtain data about 5.4 million accounts. Altogether, bad actors claim to have snatched data from 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. Twitter was alerted to the exploit in January 2022 and fixed it quickly, but the damage had already been done. The method used to scrape the data was similar to an attack on Facebook in 2021. Twitter has not confirmed or denied the attack as of press time, saying that the incident is under investigation.
How it Could Affect Your Business: Cybercriminals are always happy to exploit vulnerabilities and security gaps that allow them to obtain data.
AllOne Health Resources, INC.
Exploit: Business Email Compromise (BEC)
AllOne Health Resources: Insurance Company
Risk to Small Business: AllOne Health Resources, Inc. Has experienced a data breach as the result of a business email compromise attack. The company says that an unauthorized party gained access to sensitive consumer data contained on its network after landing the BEC attack. According to AllOne Health, the company discovered the breach after it realized that the company’s finance department had sent several wire transfers to a fraudulently created bank account. That prompted an investigation which revealed that bad actors had gained access to an employee’s email account and snatched sensitive data.
How it Could Affect Your Business: A data security disaster in the healthcare sector is extra expensive and damaging after regulators weigh in.
Blue Cross and Blue Shield (BCBS) of Massachusetts
Exploit: Supply Chain Risk
Blue Cross and Blue Shield (BCBS) of Massachusetts: Insurance Company
Risk to Small Business: Blue Cross and Blue Shield (BCBS) of Massachusetts has filed a notice with the Maine Attorney General’s Office stating that the company had suffered a breach of employee pension data thanks to an insider incident at a vendor, LifeWorks US. BCBS of Massachusetts and BCBS of Massachusetts HMO Blue used the vendor for services related to employee pension plan payments. BCBS says that on May 17, 2022, a now former LifeWorks employee mishandled data by emailing spreadsheets containing identifiable information about BCBS employees to both their personal email address and the personal email address of another former LifeWorks employee.
How it Could Affect Your Business: Supply chain risk is an ongoing problem that won’t be going away anytime soon, and cybercrime doesn’t even have to be involved for it to damage a business.
Entrust
Exploit: Ransomware
Entrust: Software Company
Risk to Small Business: Digital security software maker Entrust has confirmed that it suffered a cyberattack where threat actors breached its network and stole data from internal systems. Entrust says that about two weeks ago, bad actors penetrated security and gained access to corporate data. The company maintains that data theft does not have an impact on its products and services. No ransomware group has claimed responsibility for the attack as of press time, and no ransom demand has been released.
How it Could Affect Your Business: Bad actors aren’t just looking for PII/PHI or financial data, they’re also in the market to steal data about OT and proprietary data.