.png)
As we brace ourselves for Black Friday chaos, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week. This week we saw more FBI warnings of email scams relating to the ongoing crisis in Gaza and Isreal, heard about a COO hacking hospitals to boost his own business and why we all need to be on the look out for crab attacks! Keep reading to stay up to date on the latest cyber security news.
1. FBI Warns: 5 Weeks In, Gaza Email Scams Still Thriving
Abnormal Security recently detected an email attack in which threat actors exploited the ongoing crisis in Gaza and Israel to solicit fraudulent cryptocurrency donations. This month, different branches of the FBI have published alerts that cybercriminals are masquerading as fundraisers and charities, using emails, social media, cold calls, and crowdfunding websites, to convince victims that their money will go to either Palestinian or Israeli victims of the conflict. Read the full article for advice on how to avoid these scams.
Just yesterday we were made aware of new research uncovering multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix, Synaptics, and ELAN that are embedded into the devices.
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Initial estimates about the number of impacted individuals varied as Welltok didn’t immediately disclose this information.
However, earlier this week, the firm reported on the U.S. Department of Health and Human Services breach portal that the data breach has been confirmed to impact 8,493,379 people. This figure places the Welltok breach as the second largest MOVEit data breach after services contractor Maximus, whose data breach affected 11 million people.
The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company's business. Singla was charged with 17 counts of intentional damage to a protected computer and one count of obtaining information from a protected computer. Prosecutors say that the defendant's attack on GMC's ASCOM phone system, printers, and digitiser resulted in more than $817,000 in financial losses. Click on the article to discover his recommended sentence.
Delivery and shipping themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. The attack chains commence with emails bearing PDF attachments containing URLs that, when clicked, download a JavaScript file designed to retrieve and launch the WailingCrab loader hosted on Discord.
