CYBER SECURITY NEWS – WEEK OF OCTOBER 31, 2022
Slovak, Polish parliaments hit by cyberattacks
- Cyberattacks hit the Slovak and Polish parliaments on Thursday, bringing down the voting system in Slovakia’s legislature, parliamentary authorities said.
- “The attack was multi-directional, including from inside the Russian Federation,” the Polish Senate said in a statement.
- Polish Senate speaker Tomasz Grodzki said it may be linked to the Senate’s vote Wednesday declaring the Russian government a “terrorist regime”.
New York Post hacked with offensive headlines targeting politicians
- The New York Post’s investigation indicates that the unauthorized conduct was committed by an employee, and they took appropriate action,
- New York Post confirmed today that it was hacked after its website and Twitter account were used by the attackers to publish offensive headlines and tweets targeting U.S. politicians.
- Currently, there is no information on how the attackers took control of the NY Post’s website and verified Twitter account.
Bed Bath & Beyond reviewing possible data breach
- Bed Bath & Beyond Inc said that a third party had this month improperly accessed its data through a phishing scam by accessing the hard drive and certain shared drives of one of its employees.
- The big-box retailer said it was reviewing the data that was accessed so it can determine whether the drives contained any sensitive or personally identifiable information.
- The home goods retailer added it has no reason to believe that any sensitive or personally identifiable information was accessed and this cybersecurity incident would likely not have a material impact on the company.
Dutch police arrest hacker who breached healthcare software vendor
- The stolen tens of thousands of documents might contain sensitive personal and medical data of patients of healthcare providers using the company’s systems.
- At this time, it has not been determined if the hacker shared or attempted to sell the stolen data, as is common in data breaches.
- The police traced the man after receiving a report from the hacked company and are currently examining the evidence collected during the arrest at the suspect’s home.
Student loan breach exposes 2.5m records
- 2.5 million people were affected, in a breach that could spell more trouble down the line.
- The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.
- By August 17th, the investigation determined that personal user information was accessed by an unauthorized party. That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders. Users’ financial information was not exposed.
Twilio reveals further security breach
- Communication tool provider Twilio has revealed that the same malicious actors responsible for a July breach at the firm also managed to compromise an employee a month prior, exposing customer information.
- The revelation was buried in a lengthy incident report updated and concluded yesterday.
- The report focuses mainly on the July–August incident in which attackers sent hundreds of “smishing” text messages to the mobile phones of current and former Twilio employees.