Reading Time: ~2 min.
Major IT Outsourcer Suffers After Phishing Attack
Global IT
services provider Wipro announced they are in the process of
investigating a data possibly affecting some of their clients. These types of
companies are popular for hackers because, by breaching a single IT service
company, they gain access to a far larger pool of victims through compromised credentials
belonging to client networks. It’s still unclear how long the hackers had
access to the systems, but some reports claim the attack was ongoing for
several months.
Age-Verification Hits UK Porn Viewers
The UK has passed a measure that will subject users to age-verifications
before being allowed to enter a pornographic website, as part of their ongoing
fight to make the UK safer online. This measure was originally introduced as a
way to decrease ransomware infections and slow the stream of stolen credentials
from paid accounts for higher-traffic sites. The new law has an 88% backing
from UK parents and will go into full effect on July 15.
Data Breach Affects Navicent Patients
A recent Navicent
Health announcement revealed the email systems of the health care
services provider were compromised in July, 2018, possibly affecting over
275,000 patients. While the remainder of their internal systems were untouched,
the email server did contain patient data, including social security numbers
and billing information. Fortunately, Navicent responded to the breach quickly
and began notifying the proper authorities, as well as their client base, in
addition to providing identity monitoring services for those whose information
was exposed.
Chrome for iOS Bug Redirects Users to Ads
A new bug, found only in the iOS
version of Chrome, has exposed up to half a million users to
unwanted advertising redirects, sometimes from legitimate websites. The bug works
by allowing malicious code to be executed from within page advertisements,
which can then overlay onto the device’s screen until clicked. The majority of
this campaign’s victims are based in the US and were targeted over a four-day
period in early April.
Microsoft Loses Subdomain for Live Tiles
A German researcher recently took control of a subdomain
used by Microsoft to assist websites with correctly formatting RSS
feeds into a usable XML format for Windows 8 and 10 Live Tiles. Because the
subdomain wasn’t registered to Microsoft or their Azure cloud services, and any
malicious actor could have compromised the domain, the researcher purchased it
and alerted Microsoft of his findings.
The post Cyber News Rundown: Phishing Attack on Global IT Outsourcer appeared first on Webroot Blog.