Hackers are using cookies to sidestep two-factor authentication

Fionna Agomuah reports: “Cookie stealing” is among the latest trends in cybercrimes that hackers are using to bypass credentials and access private databases, according to Sophos. Typical security advice for organizations has been to move their most sensitive information to cloud services or to use multifactor authentication (MFA) as a safety means. However, bad...

Bits ‘n Pieces (Trozos y Piezas)

Brazil – Prefeitura do Rio The Prefeitura do Rio posted an announcement on its website about a cyberattack. In machine translation, it reads: Rio’s City Hall systems suffered a hacker attack in the early hours of Monday, 08/15. All services of the City Hall Portal were preventively taken offline to ensure data protection. We are...

Whitworth reaches ‘final resolution’ in network security breach

Erin Robinson reports: Whitworth University officials say they have reached a “final resolution” in a network security breach. The university’s information systems were hacked in late July. A message to the Whitworth community says there is a chance personal student, alumni, employer or donor information was compromised. If an investigation determines that is the...

Estonia thwarts cyberattack claimed by pro-Russia KillNet following removal of Soviet monument

Ines Kagubare reports: Estonian officials said the country successfully thwarted a cyberattack on Wednesday that targeted both its public and private institutions. Estonia’s undersecretary for digital transformation, Luukas Ilves, said on Twitter that the country was able to disrupt one of “the most extensive cyber attacks faced since 2007.” Ilves added that the attacks were...

SFERRA Fine Linens notifying individuals of breach

What we know so far: On or about April 24, 2022, SFERRA became aware of suspicious activity on its computer servers. The investigation found that certain files may have been subject to unauthorized access between April 14, 2022, and April 24, 2022. The impacted information varied by individual but may include name, address, date of...

LockBit claims ransomware attack on security giant Entrust

Lawrence Abrams reports: The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Last month, BleepingComputer broke the story that Entrust suffered a ransomware attack on June 18th, 2022. Starting in early June, Entrust had begun to tell customers that they suffered a cyberattack where data was stolen from internal...

Ca: St. Joe’s creates new executive position for security of patient files amid backlash

Sebastian Bron reports: St. Joseph’s Healthcare Hamilton has created a new executive position dedicated to protecting patient privacy in the wake of a litany of intentional staff breaches. The hospital said Wednesday the senior post will oversee a revamped privacy policy, recently overhauled amid staunch criticism after five employees snooped into the sensitive health records...

Humana, Cotiviti settle class action affecting 65,000 members

There’s an update to a breach reported on DataBreaches that involved both a business associate (Cotiviti) and insider wrong-doing by an employee of a subcontractor of the business associate (Visionary). Humana and Cotiviti agreed to a class action settlement to resolve claims they jeopardized consumer data in a 2020 data breach. The settlement benefits...

BlackByte ransomware gang is back with new extortion tactics

Lawrence Abrams reports: The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. Read more...