Health Care
Education
IT & Telecom
Government
CISO/CTO
DevSecops
Product
Our Product
We are Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
Threatspy
Solutions
By Industry
Health Care
Education
IT & Telecom
By Role
Government
CISO/CTO
DevSecops
Resources
Resource Library
Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.
Threat Feeds
Threat Research
White Paper
SB Blogs
Subscribe to Our Weekly Threat Digest
Company
Contact Us
Have queries, feedback or prospects? Get in touch and we shall be with you shortly.
Our Story
Our Team
Careers
Press & Media
Contact Us
Request Demo
By submitting this form, you agree to our Subscription Agreement and Legal Policies.
Be informed in your inbox
Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.
PHI
Healthcare
Data Breach
3 million patients of Advocate Aurora Health suffered data breach
Inappropriate use of Meta Pixel has resulted in the data breach of 3 million patients of Advocate Aurora Health compromising protected health information…
21-Oct-2022
3 min read
Related Articles
Ragnar Locker
Ransomware
Data Leak
Ragnar Locker operatives accidentally leaked stolen details of Zwijndrecht polic...
A data leak incident initiated by the operators of Ragnar Locker ransomware exposed the stolen data of Zwijndrecht police, believing that it was the municipality of Zwijndrecht. The leaked data includes thousands of license plates, penalties, criminal report files, employee information, investigation reports, and other documents exposed in the breach.  ***Ragnar Locker operatives accidentally misidentified the wrong target*** Including all data maintained by the Zwijndrecht police from 2006 until September 2022, this data breach has been called one of the largest impacts on public agencies in Belgium. Zwijndrecht police department issued a Facebook post in response to the local media coverage, minimizing the significance of the entire incident while claiming that the ransomware operators had only gained access to a certain section of the network containing administrative details. Later it was further confirmed, interpreting that they primarily targeted the workers over there.  ***Zwijndrecht police statement on Facebook*** Marc Snels, chief of police in Zwijndrecht, stated to the [VRT Television network](http://www.vrt.be/vrtnws/nl/2022/11/24/hacking-politie-zwijndrecht/) that human error is believed to be the possible reason behind this data breach and that the police department is currently informing all affected individuals. _" However, not all information has been compromised. The majority of the data on this system pertains to our employees and includes things like employee rosters and pictures from company events, "_ discloses VRT Television. _"Even though we attempt to post sensitive material solely on the professional network, it is true that there is occasionally sensitive information on that network. Those blunders are the result of fallible humans. For instance, penalties and PVs have been shared publicly. Furthermore, there are pictures of children being abused. Obviously, that's a pretty difficult situation."_ - Zwijndrecht Police Department Commissioner. the effects are far broader than first thought The compromise on the municipal Zwijndrecht network is nonetheless relevant for thousands of individuals, even if it did not affect the national police network in Belgium. A Belgian journalist named Kenneth Dée revealed the incident to the public through [Het Laatste Nieuws](https://www.hln.be/zwijndrecht/een-van-de-grootste-datalekken-bij-politie-ooit-hacker-gooit-flitsboetes-nummerplaten-en-zelfs-fotos-van-mishandelde-kinderen-op-straat~ab10b42d/?cb=fd288fd7f9eba529322c28432f34ef4a&auth_rd=1), saying that the attackers hacked into the police department's network via a poorly secured Citrix endpoint. The data analysis conducted by Dée showed subscriber information and SMS for those who were the subject of an undercover police inquiry. Additionally, the exposed information includes traffic camera video, revealing individuals' movements on certain days and times. This leak has far-reaching consequences for Belgian law enforcement and is the biggest of its kind in the country's history. Local law enforcement agencies should see this as a wake-up call, and maybe it will prompt them to alter the way they currently manage individuals' personal information. However, a criminal action has been initiated by the prosecutor that addresses the hacking event explicitly, even though the country's data protection body has not yet declared an inquiry. Even if the exposed individuals should replace their license plates, IDs, passports, etc. Dobbelaere-Welvaert warns that _"the consequences of this security event might be for a lifetime, and stealing identity is no joke. You can't simply change where you live, but even if you alter all papers, the implications of this security incident could be for a lifetime,"_ she adds. _"In my view, no smart camera should be activated until all police network systems are fully safeguarded."_
27-Nov-2022
4 min read
SandWorm
Ransomware
Russia
Sandworm, an infamous Russian military threat group, has been connected to a new...
Sandworm, an infamous Russian military threat group, has been connected to a new wave of ransomware attacks against businesses across Ukraine. It was discovered on Monday by Slovakian software firm ESET dubbed as RansomBoggs. Researchers said that the ransomware program developed on .NET is novel, its dissemination is comparable to earlier attacks linked to Sandworm. According to the report, _"a PowerShell script used to disseminate the.NET ransomware from the domain controller is almost identical to one spotted last April during the Industroyer2 attacks on the energy industry."_ In March, devastating malware known as CaddyWiper was delivered in attacks against Ukrainian organizations using the same PowerShell script, POWERGAP, that was used to distribute RansomBoggs payloads on the networks of its victims. After being transmitted over a victim's network, RansomBoggs uses a random key (created randomly, RSA encrypted, and written to aes.bin) to encrypt files and appends a.chsch extension to all encrypted files. The RSA public key may either be hardcoded in the virus or sent as an input, depending on the attack version. In addition to encrypting files, the ransomware also leaves ransom letters in the name of James P. Sullivan (the protagonist of the Monsters, Inc. film), with other allusions to the film hidden inside the malware's code. A message from RansomBoggs demanding payment In other words, RansomBoggs has left a ransom letter (ESET) Additionally, Microsoft earlier this month connected the Sandworm cyber-espionage gang (tracked by Redmond as IRIDIUM) to the Prestige ransomware attacks against transportation and logistics businesses in Ukraine and Poland since October. According to MSTIC, "The Prestige campaign may indicate a calculated change in IRIDIUM's destructive assault calculus," which means that there is a greater danger for those who provide or transport help to Ukraine. More generally, it might pose a threat to Eastern European groups that the Russian government sees as giving war support. Before the Cyclops Blink botnet was disrupted in February, a joint security alert released by U.S. and U.K. cybersecurity organizations had already linked it to a Russian military threat cell. Unit 74455 of the Russian GRU's Main Center for Special Technologies is said to be home to Sandworm, an elite gang of Russian hackers who have been active for at least two decades (GTsST). Previous research has connected them to attacks that resulted in the KillDisk wiper attacks against Ukrainian banks and the Ukrainian blackouts of 2015 and 2016 It's suspected that the NotPetya ransomware, which began causing billions in damages in June 2017, was also created by Sandworm. In October 2020, the United States Department of Justice filed charges against six operatives of the organization for coordinating hacking activities related to the NotPetya ransomware outbreak, the PyeongChang 2018 Olympic Winter Games, and the 2017 French elections.
26-Nov-2022
3 min read
Data Leak
WhatsApp Database Leak Puts Nearly 500 Million Active Users At Risk: Mobile Numb...
A threat actor reportedly claimed to be offering a 2022 version of an updated database consisting of 487 million WhatsApp users' phone numbers appearing in a malicious advertisement flashing over underground hacking forums. The collection allegedly includes details across 84 nations, including more than 32 million American WhatsApp users. While Egyptians (45 million), Italians (35 million), Saudis (29 million), French (20 million), and Turks (15 million) all have a significant representation distributed globally. In addition, approximately 11 million Britishers and over 10 million Russian phone numbers are included in this dataset which is now up for sale. According to [Cybernews](https://cybernews.com/news/whatsapp-data-leak/), who first brought this to limelight stated that the threat actor behind this has been selling the US dataset only for $7,000, whereas the German dataset is for $2,000 and the UK dataset for $2,500.  ***Screenshot of WhatsApp's leaking advertisement*** Security researchers have managed to obtain a subset of WhatsApp's database, which includes a combined sample of 1914 from British and American users, upon verifying it was even confirmed that all these numbers belong to active WhatsApp users. it was obvious to see that the seller refused to elaborate much on how they got this. Meanwhile, they have also informed WhatsApp about this incident however, we are yet to see any substantial update on that lately. [Meta](https://www.secureblink.com/cyber-security-news/russian-news-spoofing-campaign-spreading-rumors-taken-down-by-meta), which has been under heavy questions for allowing data scraping and collection by third parties, had over 533 million user details leaked into an anonymous forum. To all intents and purposes, the actor was giving out the dataset for free. A dataset composed of information allegedly stolen from 500 million [LinkedIn accounts](https://www.secureblink.com/cyber-security-news/linkedin-suffered-yet-another-massive-data-breach-exposing-700m-users-data-on-dark-web) was offered for sale on a well-known hacker site only days after a large [Facebook data breach](https://www.secureblink.com/cyber-security-news/millions-generated-luring-facebook-users-by-a-massive-phishing-attack) made the news. Cybernews security research team leader Mantas Sasnauskas stated, _" In this era, we all leave an extensive digital footprint, and IT giants like Meta should take all procedures and methods to preserve that data."_ We need to consider whether including the phrase _"scraping or platform abuse is not authorized"_ in the T&Cs will really suffice. Threat actors are least bothered to care about such sensitive details, thus, it becomes highly imperative to imply certain preventive measures to minimize the underlying risks.
25-Nov-2022
3 min read
Secure Blink breaks down application security risk into measurable, manageable processes to help IT teams go beyond traditional scans and adaptively reduce emerging risks.
