A response to a phishing email has resulted in the PHI of 2,789 Kaleida Health patients being made accessible Attack.Databreach to cybercriminals . Kaleida Health discovered the attack on May 24 , 2017 , prompting a full investigation which involved hiring a third-party computer forensic firm . An analysis of its systems showed that by responding to the phishing email , the employee had provided access Attack.Databreach to his/her email account . While access Attack.Databreach to Kaleida Health ’ s EHR was not gained Attack.Databreach , the email account contained a range of protected health information of a small subset of its patients . The types of data in the account varied for each patient , but may have included names , dates of birth , medical record numbers , diagnoses , treatment and other clinical data . However , no financial information or Social Security numbers were exposed Attack.Databreach at any time . While access Attack.Databreach to the email account was possible , no evidence was uncovered to suggest that the emails were accessed Attack.Databreach or any protected health information was viewed or copied Attack.Databreach . However , since the possibility of data access could not be ruled out with a high degree of certainty , all affected patients have been notified of the incident by mail . Phishing Attack.Phishing has grown to be one of the most serious threats to healthcare organizations . As we have already seen this year , record numbers of successful W-2 phishing attacks Attack.Phishing have been reported and many healthcare employees have fallen for these phishing scams Attack.Phishing . Providing security awareness training to employees can help to reduce risk , although a single training session every year is no longer sufficient . Training must be an ongoing process .

Another critical security hole has been found Vulnerability-related.DiscoverVulnerability in Apache Struts 2 , requiring an immediate update . The vulnerability – CVE-2018-11776 – affects Vulnerability-related.DiscoverVulnerability core code and allows miscreants to pull off remote code execution against vulnerable servers and websites . It affects Vulnerability-related.DiscoverVulnerability all versions of Struts 2 , the popular open-source framework for Java web apps . The Apache Software Foundation has `` urgently advised '' anyone using Struts to update Vulnerability-related.PatchVulnerability to the latest version immediately , noting that the last time a critical hole was found Vulnerability-related.DiscoverVulnerability , the holes were being exploited Vulnerability-related.DiscoverVulnerability in the wild just a day later . In other words , if you delay in patching Vulnerability-related.PatchVulnerability , your organization will be compromised in short order via this bug , if you are running vulnerable systems . It was that earlier flaw that led to a nightmare data breach Attack.Databreach from credit company Equifax after it failed to patch Vulnerability-related.PatchVulnerability swiftly enough . The details of nearly 150 million people were exposed Attack.Databreach , costing the company more than $ 600m , so this is not something to be taken lightly . The company that discovered Vulnerability-related.DiscoverVulnerability the vulnerability – Semmle Security Research Team – warns that this latest one is actually worse that the one last year , which it also found Vulnerability-related.DiscoverVulnerability . It has published a blog post with more information . Semmle found Vulnerability-related.DiscoverVulnerability the hole back in April and reported Vulnerability-related.DiscoverVulnerability it to Apache , which put out Vulnerability-related.PatchVulnerability a patch in June that it has now pulled Vulnerability-related.PatchVulnerability into formal updates ( 2.3.35 for those using version 2.3 and 2.5.17 for those on 2.5 ) . As mentioned , the vulnerability is in the core code and does n't require additional plugins to work . It is caused by insufficient validation of untrusted user data in the core of the Struts framework , and can be exploited in several different ways . Semmle says it has identified two different vectors but warns there may be others . Since it can be used remotely and due to the fact that Struts is typically used to create applications that are on the public internet , hackers are going to be especially focused on exploiting it so they can gain access to corporate networks . And there are some big targets out there : Apache Struts is extremely common with most large corporations using it somewhere in their systems for web apps . Semmle 's VP of engineering , Pavel Avgustinov , had this to say about the hole on Wednesday this week : `` Critical remote code execution vulnerabilities like the one that affected Vulnerability-related.DiscoverVulnerability Equifax and the one we announced today are incredibly dangerous for several reasons : Struts is used for publicly-accessible customer-facing websites , vulnerable systems are easily identified , and the flaw is easy to exploit Vulnerability-related.DiscoverVulnerability . A hacker can find their way in within minutes , and exfiltrate Attack.Databreach data or stage further attacks from the compromised system . It ’ s crucially important to update affected systems immediately ; to wait is to take an irresponsible risk . '' This is very far from the first time that big security holes have been found Vulnerability-related.DiscoverVulnerability in Struts , leading some to recommend that people simply stop using it .

Six million of Verizon 's US customers had their personal and account information exposed Attack.Databreach , including PIN numbers . Verizon Communications suffered a major data leak Attack.Databreach due to a misconfigured cloud server that exposed Attack.Databreach data on 6 million of its customers . The leak was the result of its third-party provider NICE Systems incorrectly configuring Verizon 's cloud-based file repository housed in an Amazon Web Services S3 bucket on NICE 's cloud server , according to UpGuard , which issued a report on the breach today . Verizon customer names , addresses , account information , including account personal identification numbers ( PINs ) , were compromised Attack.Databreach . UpGuard in its data estimated that up to 14 million customer records were exposed Attack.Databreach , but Verizon stated that data on 6 million of its users was affected . In one file alone , there were 6,000 PINs that were publicly exposed Attack.Databreach , according to Dan O'Sullivan , a cyber resilience analyst for UpGuard . What 's unique about this leak Attack.Databreach is that it was not just personal data that was publicly exposed Attack.Databreach but also PINs , according to O'Sullivan . `` The PINs are used to identify a customer to a customer care person , '' O'Sullivan says , noting that an attacker could impersonate the user by using the PIN and then gain access to that individual 's account . Verizon issued a statement acknowledging the public exposure Attack.Databreach of its customer data , but stressed that no loss or theft Attack.Databreach of Verizon or Verizon customer information occurred . The telecom giant also noted : `` To the extent PINs were included in the data set , the PINs are used to authenticate a customer calling our wireline call center , but do not provide online access to customer accounts , '' Verizon stated . `` An employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access , '' Verizon said . How it Went Down NICE was hired to help Verizon improve its residential and small business wireline self-service call center portal , according to Verizon 's statement . As part of this project , NICE needed certain data that included a limited amount of personal and cell phone number information . None of the information stored for the project included social security numbers , according to Verizon . Meanwhile , on June 8 , UpGuard 's cyber risk research director Chris Vickery came across the AWS S3 data repository and its subdomain `` verizon-sftp . '' The repository held six folders with titles spanning `` Jan-2017 '' to `` June-2017 '' and a number of other files with a .zip format . Vickery was able to fully download the repository because it was configured to be publicly accessible to anyone entering the S3 URL . Following the discovery , UpGuard contacted Verizon on June 13 to inform the telecom giant of the data leakage Attack.Databreach and then on June 22 the exposure was sealed up , according to UpGuard 's report . `` There was a fairly long duration of time before it was fixed , which is troubling , '' O'Sullivan says . Verizon is not the first company to encounter data leakage Attack.Databreach as a result of permissions set to public rather than private on Amazon 's S3 bucket . Earlier this year , UpGuard also discovered a similar situation that involved the Republican National Committee ( RNC ) , which left millions of voter records exposed Attack.Databreach on the cloud account . As in the Verizon case , the RNC relied on a third party vendor to handle its cloud storage needs and it too used Amazon 's AWS S3 . That third-party also improperly set the database to public rather than private . `` The number one thing to keep in mind if you are a CISO is evaluating your third-party vendors . You can have the best security in the world and the best visibility into your systems , but if you pass it onto a third-party vendor without checking out how well they handle their security , then you have done that all in vain , '' O'Sullivan says . `` Verizon did not own the server that was involved here , but it will own the consequences . '' Rich Campagna , CEO of Bitglass , stressed the importance of security teams ensuring services used are configured securely . `` This massive data leak Attack.Databreach could have been avoided by using specific data-centric security tools , which can ensure appropriate configuration of cloud services , deny unauthorized access Attack.Databreach , and encrypt sensitive data at rest , '' Campagna said in a statement .

Family genealogy and DNA testing site MyHeritage announced on Monday a security breach Attack.Databreach during which an attacker made off with account details for over 92 million MyHeritage users . In a statement on its website , MyHeritage said it became aware of the incident on Monday , the same day of the announcement . The incident came to light after a security researcher found an archive on a third-party server containing the personal details of 92,283,889 MyHeritage users . Only emails and hashed password were exposed Attack.Databreach . The archive contained only emails and hashed passwords , but not payment card details or DNA test result . MyHeritage says it uses third-party payment processors for financial operations , meaning payment data was never stored on its systems , while DNA test results were saved on separate servers from the one that managed user accounts . Based on the creation dates of some accounts , the breach appears to have taken place on October 26 , 2017 . It is unclear if the breach is the result of a hacker attack or because of a malicious employee selling the company 's data . MyHeritage says that user accounts are safe , as the passwords were hashed using a per-user unique cryptographic key . `` MyHeritage does not store user passwords , but rather a one-way hash of each password , in which the hash key differs for each customer , '' the company said . `` Since Oct 26 , 2017 ( the date of the breach ) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised Attack.Databreach . '' The company announced the breach in the same day it found out about it because of the EU 's GDPR legislation that forces companies activating in the EU to disclose any security incident within three days of finding out . MyHeritage says it has now reached out to a cyber-security firm to help it investigate the breach severity and what other systems the hacker might have accessed . MyHeritage to roll out 2FA The company also promised to roll out a two-factor authentication ( 2FA ) feature for user accounts , so even if the hacker manages to decrypt the hashed passwords , these would be useless without the second-step verification code . It goes without saying that MyHeritage users should change their passwords as soon as possible . The MyHeritage incident marks the biggest data breach Attack.Databreach of the year , and the biggest leak Attack.Databreach since last year 's Equifax hack Attack.Databreach .

Security experts say they are skeptical that a group of hackers called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials . A more plausible explanation , they say , is that crooks used credential stuffing attacks to amass a limited number of valid Apple usernames and passwords in attempt to extort money Attack.Ransom from Apple . Earlier this week , the group identifying itself as the Turkish Crime Family claimed to have a database of 750 million iCloud.com , me.com and mac.com email addresses and credentials . “ There have not been any breaches Attack.Databreach in any of Apple ’ s systems including iCloud and Apple ID , ” Apple said in a statement . “ The alleged list of email addresses and passwords appears to have been obtained Attack.Databreach from previously compromised Attack.Databreach third-party services ” . Hackers behind the claim are demanding Attack.Ransom Apple pay Attack.Ransom them $ 75,000 in cryptocurrency or give Attack.Ransom them $ 100,000 in iTunes vouchers , according to reports . If demands are not met by April 7 , the group said it will begin deleting data stored on iCloud accounts en masse . An independent analysis of 54 samples of the breached account data provided to ZDNet by the hackers were valid . However , security experts such as Troy Hunt , who runs the data breach repository HaveIBeenPwned.com , still isn ’ t convinced . Hunt told Threatpost he suspects the hack is a hoax , admitting he has not seen the any samples of the breached data . “ It ’ s entirely possible whoever is behind this could have username and password pairs that work on a limited number of Apple accounts in just the same way as re-used credentials will work across all sorts of other accounts , ” Hunt said . He said the Turkish Crime Family likely has a far smaller pool of valid Apple credentials than it claims . Shuman Ghosemajumder , CTO of the firm Shape Security told Threatpost he suspects the hackers may have used credential stuffing attacks , using data from previous breaches , to gain access to an undetermined number of iCloud accounts . Shape Security estimates that last year alone 3.3 billion credentials were exposed Attack.Databreach via breaches . Despite credential stuffing ’ s low success rate of 1 percent to 2 percent , Ghosemajumder said , when applied to a large enough cache of data ( purchased on the dark web by the database ) the hackers may have enough information to successfully crack thousands of Apple accounts . “ There are certainly enough credentials spilled onto the internet to think someone could use credential stuffing techniques to pull together a convincing number of valid accounts in attempt to extort Attack.Ransom Apple for ransom money Attack.Ransom , ” Ghosemajumder said . Patrick Wardle , director of research at Synack , echoed the same credential theory suggesting that breaches Attack.Databreach over the past year have given hackers ample opportunity to pull together some valid iCloud account credentials . Since approaching Apple earlier this month with its demands , the Turkish Crime Family has been inconsistent about how many account credentials it allegedly possesses . Speaking to various different media outlets , the group has said it had 200 million credentials to as many as 750 million . The hacking group said that its repository isn ’ t the result of one breach , rather multiple . On Thursday , the group claimed to have a database of 750 million credentials , 250 million of which are “ checked and working , ” according to the group . Meanwhile , Apple says it ’ s actively monitoring to prevent unauthorized access to user accounts and is working with law enforcement to identify the criminals behind the Turkish Crime Family extortion scheme Attack.Ransom .

On April 14 , the company disclosed to the California attorney general that a December 2015 breach Attack.Databreach compromised Attack.Databreach more sensitive information than first thought . It also disclosed new attacks Attack.Databreach from earlier this year that exposed Attack.Databreach names , contact information , email addresses and purchase histories , although the retailer says it repelled most of the attacks . The dual notifications mark the latest problems for the company , which disclosed in early 2014 that its payment systems were infected with malware that stole Attack.Databreach 350,000 payment card details . Over the past few years , retailers such as Target , Home Depot and others have battled to keep their card payments systems malware-free ( see Neiman Marcus Downsizes Breach Estimate ) . The 2015 incident started around Dec 26 . In a notification to California about a month later , the retailer said it was believed attackers cycled through login credentials that were likely obtained Attack.Databreach through other data breaches Attack.Databreach . A total of 5,200 accounts were accessed Attack.Databreach , and 70 of those accounts were used to make fraudulent purchases . Although email addresses and passwords were not exposed Attack.Databreach , the original notification noted , access Attack.Databreach to the accounts would have revealed names , saved contact information , purchase histories and the last four digits of payment card numbers . The affected websites included other brands run by Neiman Marcus , including Bergdorf Goodman , Last Call , CUSP and Horchow . According to its latest notification , however , Neiman Marcus Group now says full payment card numbers and expiration dates were exposed Attack.Databreach in the 2015 incident Attack.Databreach . The latest attack disclosed by Neiman Marcus Group , which occurred around Jan 17 , mirrors the one from December 2015 . It affects the websites of Neiman Marcus , Bergdorf Goodman , Last Call , CUSP , Horchow and a loyalty program called InCircle . Again , the company believes that attackers recycled other stolen credentials in an attempt to see which ones still worked on its sites . It appears that some of the credentials did unlock accounts . The breach Attack.Databreach exposed Attack.Databreach names , contact information , email addresses , purchase histories and the last four digits of payment card numbers . It did n't specify the number of accounts affected . The attackers were also able to access Attack.Databreach some InCircle gift card numbers , the company says . Web services can slow down hackers when suspicious activity is noticed , such as rapid login attempts from a small range of IP addresses . Those defensive systems can be fooled , however , by slowing down login attempts and trying to plausibly geographically vary where those attempts originate . For those affected by the January incident , Neimen Marcus Group is enforcing a mandatory password reset . It 's an action that 's not undertaken lightly for fear of alienating users , but it 's a sign of how serious a service feels the risk is to users or customers . The company also is offering those affected a one-year subscription to an identity theft service .

A California auto loan company left the names , addresses , credit scores and partial Social Security numbers of up to 1 million people exposed Attack.Databreach on an insecure online database . The company behind the database is Alliance Direct Lending Corporation , according to Kromtech Security Research Center , which discovered the data earlier this week . It said the data was found on an unprotected Amazon server and that the data could have been exposed Attack.Databreach for up to two years . According to Alliance Direct Lending ’ s website , the company works with individuals and auto dealership partners to help car owners refinance existing auto loans . Data stored in the cloud was in clear text , according Diachenko . He said data also included several dozen recorded voice conversations with customers that disclosed full Social Security numbers of loan applicants . Sample data included the names of 114 car dealerships . According to Kromtech , it estimated between 550,000 to 1.1 million loan records from those dealers were exposed Attack.Databreach online . Dealers were located across the United States from California , Colorado , Florida and Massachusetts . Kromtech said it was unsure if additional third parties may have accessed Attack.Databreach the data . Privacy experts said the data in the hands of the wrong person would be a nightmare for victims . A criminal that knows the data comes from people who have refinanced their car loan and may have less than stellar credit , coupled with partial Social Security numbers , would be a dream come true . “ Things could go wrong on a variety of levels . The data could be used to phish additional data Attack.Phishing via email or phone scams . That ’ s not even mentioning the reputational damage to those in the database with bad credit scores , ” said Adam Levin , chairman and founder of CyberScout . The data found by Kromtech was on an Amazon ’ s AWS S3 server . AWS S3 is marketed as an easy-to-use web service that allows businesses to store and retrieve data at a moment ’ s notice . Data is stored in what Amazon calls buckets . “ The Kromtech Security Research Center has seen an increase in vulnerable AWS S3 buckets recently due to misconfigurations or public settings , ” Diachenko said . “ We have identified hundreds of misconfigured instances and we have been focused on helping to secure them as soon as we identify who the data belongs to. ” He said companies should consider Alliance Direct Lending ’ s example a sobering reminder that companies and individuals need to make sure their data is secure . For Diachenko , this is the latest in a string of insecure database he has helped uncover . In January , he was part of a research team that found 400,000 audio files associated with a Florida company ’ s telemarketing efforts were stored insecurely online . In February , Kromtech researchers found tens of thousands of sensitive documents insecurely stored online belonging to a print and marketing firm . Thousands of resumes and job applications from U.S. military veterans , law enforcement , and others were leaked Attack.Databreach by a recruiting vendor in an unsecured AWS S3 bucket .

With everything that ’ s gone down in 2016 it ’ s easy to forget Tim Cook ’ s and Apple ’ s battle with the FBI over data encryption laws . Apple took a strong stance though , and other tech giants followed suite leading to a victory of sorts for ( the little guy in ) online privacy . In this era of web exposure , it was a step in the right direction for those who feel our online identities are increasingly vulnerable on the web . All of this stands for little though when a security flaw in your operating system allows carefully encrypted messages to be effectively decrypted offline . That ’ s what happened to Apple with its iOS 9.2 operating system . Though the patches that ensued largely fixed Vulnerability-related.PatchVulnerability the problem , the whole issue has understandably left iOS users with questions . What really happened and are we at immediate risk ? A paper released in March by researchers at John Hopkins University exposed Vulnerability-related.DiscoverVulnerability weaknesses in Apple ’ s iMessage encryption protocol . It was found Vulnerability-related.DiscoverVulnerability that a determined hacker could intercept the encrypted messages between two iPhones and reveal the 64-digit key used to decrypt the messages . As iMessage doesn ’ t use a Message Authentication Code ( MAC ) or authenticated encryption scheme , it ’ s possible for the raw encryption stream , or “ ciphertext ” to be tampered with . iMessage instead , uses an ECDSA signature which simulates the functionality . It ’ s still no easy feat exploiting the security flaw detailed Vulnerability-related.DiscoverVulnerability by the researchers . The attacker would ultimately have to predict or know parts of the message they are decrypting in order to substitute these parts in the ciphertext . Knowing whether the substitution has been successful though , is a whole other process which may only be possible with attachment messages . The full details of the security flaw , and the complex way it can be exploited Vulnerability-related.DiscoverVulnerability are detailed Vulnerability-related.DiscoverVulnerability in the John Hopkins paper . The paper includes the recommendation that , in the long run , “ Apple should replace the entirety of iMessage with a messaging system that has been properly designed and formally verified ” . One thing that should be made clear is that these weaknesses were exposed Vulnerability-related.DiscoverVulnerability as a result of months of investigation by an expert team of cryptologists . The type of hacker that would take advantage of these weaknesses would undeniably be a sophisticated attacker . That of course doesn ’ t mean that Apple shouldn ’ t take great measures to eradicate this vulnerability in their system . Your messages , though , are not immediately at risk of being decrypted , and much less if you ’ ve installed the patches that came with iOS 9.3 and OS X 10.11.4 ( though they don ’ t completely fix Vulnerability-related.PatchVulnerability the problem ) . Tellingly , the flaws can ’ t be used to exploit numerous devices at the same time . As already mentioned , the process that was exposed by the John Hopskins paper is incredibly complex and relies on various steps that are by no means easy to complete successfully .

Yahoo CEO Marissa Mayer said she 'll forego her 2016 bonus and any stock award for this year after the company admitted it failed to properly investigate hack attacks Attack.Databreach that compromised Attack.Databreach more than a billion user accounts . Further ReadingYahoo admits it ’ s been hacked Attack.Databreach again , and 1 billion accounts were exposed Attack.Databreach `` When I learned in September 2016 that a large number of our user database files had been stolen Attack.Databreach , I worked with the team to disclose the incident Attack.Databreach to users , regulators , and government agencies , '' she wrote in a note published Monday on Tumblr . `` However , I am the CEO of the company and since this incident happened during my tenure , I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company ’ s hardworking employees , who contributed so much to Yahoo ’ s success in 2016 . '' Her note came as Yahoo for the first time said that outside investigators identified about 32 million accounts for which forged browser cookies were used or taken in 2015 and 2016 . The investigators said some of the forgeries were connected to the same nation-sponsored attackers who compromised Yahoo in 2014 . The cookies tied to the forgeries have since been invalidated . Yahoo also said that the 2014 attacks targeted 26 specific accounts by exploiting the company ’ s account management tool . The company went on to say unnamed senior executives failed to grasp the extent of the breach early enough . A filing submitted Monday with the US Securities and Exchange Commission stated : Based on its investigation , the Independent Committee concluded that the Company ’ s information security team had contemporaneous knowledge of the 2014 compromise of user accounts , as well as incidents by the same attacker involving cookie forging in 2015 and 2016 . In late 2014 , senior executives and relevant legal staff were aware that a state-sponsored actor had accessed certain user accounts by exploiting the Company ’ s account management tool . The Company took certain remedial actions , notifying 26 specifically targeted users and consulting with law enforcement . While significant additional security measures were implemented in response to those incidents , it appears certain senior executives did not properly comprehend or investigate , and therefore failed to act sufficiently upon , the full extent of knowledge known internally by the Company ’ s information security team . Specifically , as of December 2014 , the information security team understood that the attacker had exfiltrated Attack.Databreach copies of user database backup files containing the personal data of Yahoo users but it is unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood outside the information security team . However , the Independent Committee did not conclude that there was an intentional suppression of relevant information . Nonetheless , the Committee found that the relevant legal team had sufficient information to warrant substantial further inquiry in 2014 , and they did not sufficiently pursue it . As a result , the 2014 Security Incident was not properly investigated and analyzed at the time , and the Company was not adequately advised with respect to the legal and business risks associated with the 2014 Security Incident . The Independent Committee found that failures in communication , management , inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident .