SecureFact - Cyber Security News - Week of May 20, 2024

SecureFact - Cyber Security News - Week of May 20, 2024

Data Breach

1. WebTPA data breach impacts 2.4 million insurance policyholders

The WebTPA data breach, disclosed earlier this month, has impacted approximately 2.4 million insurance policyholders in the United States. The breach occurred, when an unauthorized actor accessed WebTPA's network. The affected individuals are customers of large insurance companies such as The Hartford, Transamerica, and Gerber Life Insurance. WebTPA, a subsidiary of GuideWell Mutual Holding Corporation and a third-party administrator, provides customized administrative services to health plans and insurance companies. The exposed data includes full names, contact information, dates of birth, and Social Security numbers. However, financial account information, credit card numbers, medical treatment, and diagnostic information were not compromised. WebTPA informed benefit plan providers and insurance companies of the breach and sent notifications to affected individuals.

2. Banco Santander Confirms Data Breach, Assures Customers’ Transactions Remain Secure

Banco Santander, a major global bank, has suffered a data breach impacting customers in Spain, Chile, and Uruguay, as well as current and former employees. The breach occurred after an unauthorized actor accessed a database hosted by one of Santander's third-party service providers. While the bank has not disclosed the specific types of data exposed, it has assured customers that transaction information and online banking credentials were not affected. Santander has taken immediate action to contain the incident, block the compromised access, and implement additional fraud prevention controls to protect affected customers

3. Nissan Cybersecurity Incident Update: 53,000 Employees Affected

Japanese automaker, Nissan, experienced a significant cyberattack affecting 53,000 employees in North America. The breach, which occurred in November of the previous year, exposed Social Security numbers of both current and former employees. Following the breach, Nissan engaged in a thorough investigation, notified law enforcement, and implemented measures to contain and neutralize the threat. Despite the breach, Nissan has not detected any instances of fraud or identity theft resulting from the incident.

4. MediSecure Data Breach Confirms Impact on Personal and Health Information of Individuals

The MediSecure data breach is a significant cybersecurity incident that has impacted the personal and health information of individuals in Australia. The breach was confirmed by the Australian National Cyber Security Coordinator and is believed to have originated from a third-party vendor. The company has acknowledged the incident and stated that it has taken immediate steps to mitigate any potential impact on its systems. While the full extent of the breach is still being investigated, early indicators suggest that the incident originated from one of MediSecure’s third-party vendors.

5. Helsinki suffers data breach after hackers exploit unpatched flaw

The City of Helsinki is investigating a massive data breach on its education division, which was discovered in late April 2024. The breach impacted tens of thousands of students, guardians, and personnel. An unauthorized actor exploited a vulnerability in a remote access server to gain access to a network drive containing tens of millions of files. Although most files lacked personally identifiable information (PII), some included usernames, email addresses, personal IDs, physical addresses, and highly sensitive information such as fees, childhood education and care details, children's status, welfare requests, medical certificates, and more. The city's authorities have notified the Data Protection Ombudsman, the Police, and Traficom's National Cyber Security Centre, and are working to determine the extent of the breach.

Malware and Vulnerabilities

1. Adobe fixed multiple critical flaws in acrobat and reader

Adobe has released security updates to address multiple critical vulnerabilities in its widely used Acrobat and Reader software. The flaws could allow attackers to execute arbitrary code on affected systems. The updates patch 35 security issues across various Adobe products, including Acrobat, Reader, Illustrator, Substance 3D Painter, Aero, and Animate.

2. Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising

A ransomware operation is targeting Windows system administrators by promoting fake download sites for PuTTY and WinSCP through Google ads. The threat actors are using typosquatting domain names like putty. org and wnscp.net to impersonate the legitimate sites. When users click the download links, they are either redirected to the real sites or prompted to download a malicious ZIP archive. Running the Setup.exe installs a malicious DLL that executes an encrypted Python script, ultimately deploying the Sliver post-exploitation toolkit.

3. Microsoft fixes VPN failures caused by April Windows updates

Microsoft has fixed a known issue that was causing VPN connection failures across Windows client and server platforms after installing the April 2024 Windows security updates. The issue affected Windows 11, Windows 10, and Windows Server 2008 and later versions. Microsoft released cumulative updates during the May 2024 Patch to resolve the VPN failures. The affected Windows versions and corresponding cumulative updates include.



To view or add a comment, sign in

More articles by Mage Data

Insights from the community

Others also viewed

Explore topics