InfoSecBulletin Cybersecurity for mankind
The education sector seems to be a constant target for cyberattacks. Two such incidents came into the spotlight. The first one includes a Washington school district that fell prey to a phishing scam, costing them hundreds of thousands of dollars. The other incident involves a data breach at the University of Urology, which affected the PHI of thousands of patients. In other news, there’s an update on the Capita breach; pensioners beware. Here are the top 10 highlights from the past 24 hours.
01
The Adna School District, Washington, suffered a sophisticated phishing scam that defrauded it of $346,000. The scam involved a construction project, where a multi-step procedure was established for reviewing and approving payments for the work done.
02
The University of Urology, NYC, informed of an unauthorized intrusion into its system that potentially impacted the PHI and other personal information of 56,816 patients.
03
Cleafy spotted a new web-inject toolkit, dubbed drIBAN, targeting Italian corporate banking customers in an ongoing financial fraud campaign since 2019.
04
Local officials reported that the Hillsborough County Supervisor of Elections Office‘s server was breached, less than a week after the official certification of the 2023 Tampa Municipal Runoff Election results.
05
The U.K government announced a new fraud strategy to tackle the issue of telephone and online scams, which includes a $30 million investment in a replacement to the Action Fraud reporting hub.
06
The North Korean Kimsuky APT group is employing a new version of its ReconShark, a reconnaissance malware, to target government organizations, research centers, universities, and think tanks in the U.S., Europe, and Asia – warned Sentinel Labs.
07
Capita informed its pension customers that some of their data stored in its servers was potentially compromised in the March data breach. Further probe into the incident is ongoing.
08
Packagist, the repository for PHP software packages, has disclosed that someone who gained access to four inactive accounts on the platform has hijacked more than a dozen packages with over 500 million installations to date.
09
IT and cybersecurity solutions provider Sourcepass raised $65 million in a venture round led by Metropolitan Partners Group, bringing the total funding raised by the company to $135 million.
10
Fraud detection startup Moonsense raised $4.2 million in seed funding co-led by Race Capital and XYZ Ventures, with participation from Foothill Ventures, TheGP, and others.
