Wednesday, February 24, 2021

Breach News:

Kia hits a bump in the road with ransomware, Underwriters Laboratories didn’t check their cyber safety, Simon Fraser University is back for a cyberattack encore, enhance your password power and see how increased phishing risk means it’s time to increase cyber resilience for your clients.



United States – Automatic Fund Transfer Services

https://www.bleepingcomputer.com/news/security/us-cities-disclose-data-breaches-after-vendors-ransomware-attack/

Exploit: Ransomware

Automatic Funds Transfer Services (AFTS): Payment Processor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.879 = Severe 

Cuba ransomware is the culprit of an attack at AFTS, a payment processor that serves state government clients including the states of California and Washington. This cyberattack has caused major disruption to AFTS operations, making their website unavailable and impacting payment processing. The gang claims to have stolen financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.847 = Severe 

It is unclear how many individuals may have been impacted. The California Department of Motor Vehicles and several cities in Washington state have released data breach notifications. The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details. 

Customers Impacted: Unknown



United States – Kia Motors America

https://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/

Exploit: Ransomware

Kia Motors America: Ransomware

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.381 = Severe

Kia Motors America has experienced a suspected ransomware attack that has had a severe impact on its entire US operation. crippling some functions and impacting others for dealers and consumers. Sevices impacted include mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: 50 million



United States – Sequoia Capital 

https://www.axios.com/sequoia-capital-says-it-was-hacked-590dcdd6-fe49-46c6-8422-60a944272302.html

Exploit:  Phishing

Sequoia Capital: Venture Capital Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.933 = Severe 

Sequoia Capital, a major venture capital firm, announced this week that it has experienced a phishing-related cyberattack. The firm invests in companies like Airbnb, DoorDash, Robinhood and cybersecurity firms like FireEye and Carbon Black. Sequoia’s investors include university endowments, tech executives and charitable foundations.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown



United States – Underwriters Laboratories

https://www.bleepingcomputer.com/news/security/underwriters-laboratories-ul-certification-giant-hit-by-ransomware/ 

Exploit: Ransomware

Underwriters Laboratories: Safety Regulator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.022 = Severe 

Underwriters Laboratories, the oldest and largest device safety certifier in the world, should have checked the safety of their email systems a little more closely. They’ve experienced a ransomware attack that has encrypted its servers and caused them to shut down systems while they recover. 

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown




Canada – Simon Fraser University

https://www.cbc.ca/news/canada/british-columbia/sfu-warns-cybertattack-exposed-personal-information-of-about-200-000-students-and-staff-1.5916153 

Exploit: Hacking

Simon Fraser University: Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.623 = Severe 

Simon Fraser University is in the spotlight again after another data breach. Cybercriminals breached a server that stored information on student and employee ID numbers and other data, including admissions or academic standing. This is the second data breach at Simon Fraser University in 12 months.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.117 = Severe 

The server contained personal information for some current and former students, faculty, staff and student applicants including student or employee ID numbers. 

Customers Impacted: 200,000






The Netherlands – Dutch Research Council (NWO) 

https://cybernews.com/news/internet-registry-for-europe-experienced-a-credential-stuffing-attack-claims-it-was-unsuccessful/ 

Exploit: Malware

Dutch Research Council: Government Entity

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.913 = Severe

NWO has reported that it was the victim of a malware attack. Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future. Impacted functions include the organization’s email service (Outlook) and online resources for two entities under NWO, the Netherlands Initiative for Education Research (NRO) and the National Governing Body for Practice-oriented Research (SIA).

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown



The Netherlands – Réseaux IP Européens Network Coordination Centre (RIPE NCC)

https://cybernews.com/news/internet-registry-for-europe-experienced-a-credential-stuffing-attack-claims-it-was-unsuccessful/ 

Exploit: Credential Stuffing

Réseaux IP Européens Network Coordination Centre (RIPE NCC): World Regulatory Body

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.913 = Severe

RIPE NCC has reported that it recently defended against a credential stuffing attack that attempted to breach its single sign-on system. There was minimal disruption and the organization has resumed operations normally.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown





France – Beneteau SA 

https://www.bloomberg.com/news/articles/2021-02-21/beneteau-to-suspend-some-production-after-cyberattack 

Exploit: Malware

Beneteau SA: Maritime Vessel Builder 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.062 = Severe 

French boat builder Beneteau SA has experienced a malware attack that has forced it to temporarily suspend some operations. The company says that it will be deploying backups and production at some of its units, particularly in France, will have to slow down or stop for a few days.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown








1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Protect Against the Number One Cause of a Data Breach – Human Error

CISOs around the world agree – human error is the most dangerous threat that any cybersecurity plan can face. In a recent study, 55% of survey respondents noted that human error and lack of cybersecurity awareness is their top concern. Even though they were concerned, 44% of the survey respondents stated they did not know how to discover who should be counted among the most at-risk employees for a major mistake.

So how can an organization add protection that helps guard against damage done by employee cybersecurity mistakes if it doesn’t know who might be in line to make those mistakes? By adding a strong guardian that protects your systems and data from all sorts of cybersecurity disasters that’s both effective and cost-effective.

Using a secure identity and access management solution like Passly to guard your access points is the fastest way to stop many of today’s worst threats without breaking the bank. It’s a crucial mitigation for today’s flexible workforce, enhancing security no matter where your staff is working from. That’s why more than 40% of CISOs chose secure identity and access management as their top cybersecurity priority in 2021.


should you diclose a data breach represented by the words "hacking detected" in red on a blue and white touchscreen

The biggest shield that you gain against cybercrime with Passly is multifactor authentication. This single mitigation on its own can stop more than 90% of password-based cybercrime. That includes the majority of attacks based on credential compromise, the damage from password theft by phishing, the dangers of reused passwords and many other common human error driven catastrophes. Multifactor authentication is an absolute must-have for every business. 

Every employee makes errors. Security awareness training and building a strong cybersecurity culture are important to reducing the incidence of mistakes, but you’ll never stop them all. By taking the proper precautions against damage caused by human error, you can keep your systems and data safe even when staffers aren’t on their toes.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Breach News:

A Florida municipal water plant breach raises alarm, ransomware impacts hospital care in France, our special look at 3 ways that MSPs and SMBs can work together to fight ransomware plus how to make a battle plan for your MSP’s charge to greater profit!


United States – Syracuse University

http://dailyorange.com/2021/02/names-social-security-numbers-of-syracuse-university-students-exposed-in-data-breach/ 

Exploit: Unauthorized Access to Email

Syracuse University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.379 = Severe 

An unknown party gained unauthorized access to an employee’s email account at Syracuse University. The university launched an investigation with a third party firm that determined in early January that emails and attachments in the account that had been improperly accessed did contain names and Social Security numbers of students, and those affected who have been informed by letter. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.347 = Severe 

Impacted students may have had names and Social Security numbers exposed. officials aren’t clear on how much data was stolen or who may have taken it. Students should be alert to potential identity theft or spear phishing attempts

Customers Impacted: 10,000



United States – Chess.com 

https://www.hackread.com/vulnerability-chess-com-50-million-user-records-accessed/

Exploit: Security Vulnerability

Chess.com: Gaming and Resource Site 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe

Security researchers found a critical bunch of vulnerabilities in chess.com’s API. The flaws could have been exploited to access any account on the site. They could also be used to gain full access to the site through its administrator panel. The website quickly fixed the problem after they were informed. There’s no current evidence that it was accessed by bad actors before it was patched. 

Customers Impacted: 50 million



United States – Nebraska Medicine 

https://apnews.com/article/technology-data-privacy-nebraska-94d8a76d2b772a3014773023c989d71a

Exploit:  Malware

Nebraska Medicine: Health System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.663 = Severe 

Nebraska Medicine and the University of Nebraska Medical Center have begun notifying patients and employees whose personal information may have been compromised in a breach in late 2020. Bad actors gained access to Nebraska Medicine and UNMC’s shared network using unnamed malware. The breach led to the interruption of some services including the postponement of patient appointments and required staff in the system’s hospitals and clinics to chart by hand.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.101 = Severe 

Nebraska Medicine officials say that the incident did not result in unauthorized access to the health system’s shared electronic medical record application. However, an unspecified number of records that included information such as names, addresses, health insurance data, Social Security numbers and clinical information was compromised. Patients and employees should carefully watch for identity theft, spear phishing or fraud attempts using this data. 

Customers Impacted: Unknown



United States – Oldsmar Water Treatment Plant 

https://threatpost.com/florida-water-plant-hack-credentials-breach/163919/

Exploit: Credential Compromise

Oldsmar Water Treatment: Municipal Water System Plant 

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.022 = Severe 

In an attack that made national headlines, bad actors are suspected of using stolen credentials to access operational systems at a Florida wastewater treatment plant. The attackers likely used remote access software to enter the operations system with the intent of changing the level of sodium hydroxide, more commonly known as lye, in the water from 100 parts per million to 11,100 parts per million. Other systems detected the chemical change and stopped it before anyone was hurt. Officials suspect that the compromised credentials may have been part of a huge 2017 data dump. 

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown





Canada – Canadian Discount Car and Truck Rentals

https://securereading.com/darkside-ransomware-gang-hits-canadian-rental-car-company/ 

Exploit: Ransomware

Canadian Discount Car and Truck Rentals: Vehicle Rental Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.668 = Severe 

The DarkSide ransomware gang claims to have stolen 120 GB of data from Canadian Discount Car and Truck Rentals. The snatched data includes marketing, finance, account, banking and franchisee information. The company’s clients are also unable to book or manage rentals online.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown







France – Dax-Cote de Argent Hospital

https://portswigger.net/daily-swig/dax-cote-dargent-hospital-in-france-hit-by-ransomware-attack 

Exploit: Ransomware

Dax-Cote de Argent Hospital: Medical Center 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.413 = Severe

A suspected Egregor ransomware attack has caused significant operational disruption at French medical center Dax-Cote de Argent Hospital. Staff were resorting to pen and paper for records, phone systems were knocked out of operation and critical departments including radiotherapy care were severely disrupted. Officials at the hospital system, which has six sites and around 1,000 beds, were quoted as saying that restoration of normal operations could be several weeks away.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown



France – Mutuelle Nationale des Hospitaliers (MNH)

https://www.bleepingcomputer.com/news/security/french-mnh-health-insurance-company-hit-by-ransomexx-ransomware/

Exploit: Ransomware

Mutuelle Nationale des Hospitaliers (MNH): Insurance Company 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.062 = Severe 

RansomExx ransomware is to blame for an attack at French health insurance company Mutuelle Nationale des Hospitaliers (MNH) that has severely disrupted the company’s operations. The company’s website displays a notice stating that it has been affected by a cyberattack that started on February 5th. This attack has caused their websites, customer portal and telephone platform to go down. The attack is ongoing and under investigation, but operations are severely limited for clients. 

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown



Poland – CD Projekt Red

https://www.theverge.com/2021/2/11/22278121/cd-projekt-red-ransomware-hack-cyberpunk-2077-the-witcher-3-auction-sale

Exploit: Ransomware

CD Projekt Red: Videogame Developer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.667 = Severe 

Beleaguered game developer CD Projekt Red faces a new challenge as cybercriminals have obtained and auctioned off part or all of the source code for its biggest game properties including Thronebreaker: The Witcher Tales spinoff, The Witcher 3, a ray-traced version of The Witcher 3Cyberpunk 2077, virtual card game Gwent and copies of the company’s internal documents. Experts suspect HelloKitty ransomware is behind the attack.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown



supply chain risk represented by a handshake overlaid with an image of a chain in green on a black background.

Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT



Australia – QIMR Berghofer Medical Research Institute 

https://portswigger.net/daily-swig/australian-research-institute-confirms-likely-data-breach-after-third-party-accellion-hack

Exploit: Third Party Data Breach

QIMR Berghofer Medical Research Institute: Medical Research Facility 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe 

Investigators handling a breach at QIMR Berghofer Medical Research Institute have announced that certain data stored in a file-sharing system from third-party service provider Accellion has been improperly accessed. Officials say that they were told that their data had been impacted by a breach at Accellion in December 2020, and subsequently discovered that around 4% of their data held by Accellion had been compromised. QIMR Berghofer said that it used Accellion’s services to share data related to clinical trials of anti-malaria drugs.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing. 

Customers Impacted: Unknown


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Breach News: