Cyber Victor – a leading blog on cyber security

Livingston School District in New Jersey, US, was hit on November 21, 2019 by ransomware. This caused students to start their week 2 hours later, while the school’s administrators and staff were discussing how to handle the cyber attack.

The Livingston School District believes the breached data wasn’t further stolen or sold by attackers, but rather just locked. The district has 9 schools and about 6,000 students.

The amount and type of ransom requested, and whether it was paid, wasn’t disclosed.

As of this writing, most of the school district systems have been restored.

Read more about it here.

Macy’s started notifying some of its customers that it discovered a software skimmer on its web site, which was used by criminals to steal customer data.
The malicious software was discovered on October 15, 2019, and Macy’s believes the software skimmer was injected on October 7. The attackers injected it into the checkout page and the My Account wallet page of the macys.com website.
Information potentially accessed by the cybercriminals include: First Name, Last Name, Address, City, State, Zip, Phone Number, Email Address, Payment Card Number, Payment Card Security Code, Payment Card Expiration date if these items were typed into the webpage while on either the macys.com checkout page or in the My Account wallet page.
Read more about it here.

Researchers with the University of Michigan and the University of Electro-Communications (Tokyo) have devised a new technique, called “light commands,” to remotely hack popular voice assistants, such as Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant.

The “light commands” attack exploits a design flaw in the smart assistants microelectro-mechanical systems (MEMS) microphones. MEMS microphones convert voice commands into electrical signals, but researchers demonstrated that they can also react to laser light beams.

The researchers demonstrated how an attacker can inject arbitrary audio signals to the target microphone by aiming an amplitude-modulated light at the microphone’s aperture.

Read more about it here.

Global shipping and mailing services giant Pitney Bowes revealed it was hit by the Ryuk ransomware.

Pitney Bowes has more than 1.5 million clients in about 100 countries. According to a statement made by the company, no evidence that customer or employee data has been improperly accessed.

Read more about it here.

The DCH Health System said its hospitals in the west Alabama cities of Tuscaloosa, Northport and Fayette resumed admitting new patients on October 10, 2019. The 3 hospitals were hit on October 1, 2019 by a ransomware attack that paralyzed its systems.

While the hospitals were able to provide critical medical care to some patients during the 10 day period, non-emergency patients were diverted to other hospitals, and the hospital needed to use paper rather than electronic records when providing care.

The amount of ransom paid wasn’t disclosed.

Read more about it here.

Three hospitals in Alabama and seven in Australia have been hit with paralyzing ransomware attacks that are affecting their ability to take new patients. All three hospitals that make up the DCH Health System in Alabama were closed to new patients on October 1, 2019, as officials were coping with the attack. All but critical patients were turned away.

At the same time, seven hospitals in Australia were forced to either shut down systems or go into manual operation mode, following a ransomware attache of their information systems.

Read more about it here.

Researchers at Greenbone Networks vulnerability analysis and management company analyzed 2,300 Picture Archiving and Communication System (PACS) systems. Of the 2,300, 590 archiving systems were accessible from the Internet, exposing 24 million medical records from 52 countries. They contained 737 million images linked to this patient data, around 400 million of which are accessible or can be easily downloaded from the internet.

Many of these servers were set up and then forgotten about, or weren’t patched regularly.

Read more about it here.

Security researcher Avinash Jain discovered more than 8,000 Google Calendars exposed online, that were indexed by the Google search engine.

The issue isn’t new, however users may not be aware of it. It occurs when users make the Google calendar public.

“While this is an intended setting by the user and intended behavior of the service,” Jain says, “the main issue here is that anyone can view any public calendar by making a single Google search query, and without the calendar link being shared with them.”

Users should review their calendar sharing options – see https://support.google.com/a/answer/60765?hl=en.

Read more about it here.

According to internet security firm vpnMentor. 20.8 million records of Ecuadorian citizens had their data exposed by an unsecured Elasticsearch server run by an Ecuadorian marketing and analytics firm.

The country’s population is only 16.6 million. Most likely, the data leakage included duplicate records and data of deceased citizens.

The personal information leaked online included full names, dates of birth, national identity card numbers, tax identification numbers, employment information, names of family members, and more.

The database was secured on September 11, 2019, after vpnMentor notified its discovery to the Ecuador CERT (Computer Emergency Response Team) team.

Read more about it here.

Security researchers discovered an unsecured database containing 700,000 records from hotel franchise Choice Hotels. The MongoDB database contained 5.6 million records.

The database was hosted on a vendor’s server. Exposed records included guests names, email addresses, and phone numbers.

The hackers left a ransom note saying that 700,000 records had been stolen and backed up elsewhere, demanding 0.4 Bitcoin, or about $3,856. However, they didn’t lock up the data, making the ransom demand moot.

Read more about it here.