The Broward Health network suffered a data breach potentially compromising the information of nearly 1.3 million patients and employees. In other cybersecurity news, the New York Attorney General completed an investigation revealing 1.1 million compromised accounts from 17 companies.
Hundreds of real estate sites infected by embedded video players
Over 100 real estate sites were infected by a new malware campaign spreading by a compromised video player. Once the video player is embedded on the site, malicious scripts begin working away to steal credentials and launch additional scripts that could download malicious payloads. This campaign succeeded because it was highly obfuscated and drew little attention to itself. It also ran under the guise that most web developers aren’t completely thorough when allowing various scripts to run unchecked.
Hackers steal 2 decades of data in ransomware attack
Sensitive data on thousands of employees from the last 20 years has been compromised following a ransomware attack on McMenamins, a venue operator located in Oregon. Letters have been sent to employees dating back to 2010, but employees from the previous decade had to learn of the leak from a message on the company’s site. This is because their information had been encrypted rather than stolen so they couldn’t be contacted by McMenamins staff. The attack occurred in early December, when officials discovered unauthorized access to their systems and began working to counteract the intrusion.
ZLoader campaign claims victims in over 100 countries
A new campaign by the infamous Zloader banking trojan has hit over 2,000 victims in 111 countries. ZLoader is disguising itself as a Java installation for a remote management software, rather than from email phishing that they were known to use in the past. Once on the system, the attacker can install additional payloads that use a legitimate file, appContast.dll, which is digitally signed by Microsoft. But in this case, it has been modified with extra data that downloads the final ZLoader payload. This campaign has been active since November, when researchers first began identifying victims.
Florida hospital system reveals major data breach
The Broward Health network in Florida began contacting nearly 1.3 million patients and employees who may have had their sensitive information compromised in a third-party cyberattack. By using a partnered company’s system access to illicitly gain access to Broward’s systems, attackers were able to exfiltrate patient and employee data. Along with alerting the victims of the breach, they are also offering 24 months of credit and identity monitoring.
New York Attorney General finds millions of compromised user accounts
After several months of investigations, officials for the New York Office of the Attorney General (NY OAG) have revealed a compilation of over 1.1 million customer accounts from 17 different companies that have been compromised and used in credential stuffing attacks. These types of attacks use a massive database of login credentials and attempt to sign into a variety of websites, in hopes of using them for other malicious activities. The OAG has already contacted the companies involved, so they can hopefully push out a mandatory password reset to the affected customers.
