Skip to main content

Friday Five: 7/01 Edition

by Chris Brook on Thursday October 26, 2023

Contact Us
Free Demo

It’s Friday! Catch up on the top infosec headlines with our weekly news roundup.

1. A Hacker is Advertising Millions of Stolen Health Records on the Dark Web by Zack Whittaker

Known as “thedarkoverlord”, a hacker is selling a batch of data that includes 9.2 million health insurance records from US patients for $480,000 on the dark web. These records include names, addresses, emails, phone numbers, DOB, and SSN’s. The hacker did not have any points to his name on the dark web, which shows that he is new to the site. Motherboard contacted some of the users, who confirmed that their information in the database is accurate. This large data breach is joining the long list of hacks into healthcare records. To read more on “thedarkoverlord” and how he acquired the health records, read the full article on ZDNet.

2. World-Check Terror Blacklist Leaked Online by Phil Muncaster

World-Check, an anti-terrorist database run by Thompson Reuters, has been leaked online. This breach has exposed more than two million records pertaining to organizations and individuals accused of criminal offenses. Notable security researcher, Chris Vickery discovered the breach and claimed that the two-year-old data was being held by an unprotected third party. This database contains law enforcement records, social media posts, and other sources that link these suspects to terrorism and crimes. Digital Guardians’ Luke Brown argues that even if the contents of a database are bad, whoever stores it has a responsibility to look after it and secure it. To learn more about this hack, read more on Infosecurity Magazine.

3. Hard Rock Las Vegas, Noodle and Co. Confirm Hacks by Tom Spring

This week, both Noodles & Company and Hard Rock Hotel and Casino Las Vegas have announced that their credit card payment systems have been breached and that customer credit information has been stolen. The breach at Noodles & Company was caused by a malware that had rooted in the card processing system in over four hundred locations between January 31, 2016 and June 2, 2016. After hearing about unusual credit card activities, the company started working with third-party investigators to secure its systems and customer information. At Hard Rock Hotel and Casino Las Vegas, card scraping malware pulled payment information from cards being read. The millions of customers who visited the hotel or restaurant between October 27, 2015 and March 21, 2016 are at risk. This breach follows the trend in PoS attacks in hotels and restaurants, including Wendy's. Learn more about the breach in the full article.

4. 1.2 Million Infected: Android Malware “Hummer” Could be Biggest Trojan Ever by Connor Forrest

A new malware called Hummer is estimated to be one of the largest families of Trojans ever. Based in China, it targets users in population-dense areas around the world. Like its predecessors, the Hummer malware will root itself in the phone and install apps and malware with surprising ferocity that cannot be stopped even by a factory reset. Experts believe that the malware has at least eighteen different rooting methods. To learn more about Hummer and how to remove it, read the complete article.

5. IRS Kills Electronic Filing PIN Feature Due to Repeated Attacks by Lucian Constantin

For the past few years, the IRS has allowed online tax software companies to provide customers with a PIN in order to make the tax return process more efficient. Hackers have continually targeted these PINs because they would unlock a trove of confidential information that could be sold for money on the dark web. As of last week, the IRS has revoked its PIN system due to the increased number of automated attacks on its systems and the successful breaching of 101,000 PINs. This means that taxpayers must use copies of their previous tax returns to manually fill in any prior year information that the IRS requests. Visit the full article for more information.

Tags:  Security News

Chris Brook

Chris Brook

Chris Brook is the editor of Digital Guardian’s Data Insider blog. He is a cybersecurity writer with nearly 15 years of experience reporting and writing about information security, attending infosec conferences like Black Hat and RSA, and interviewing hackers and security researchers. Prior to joining Digital Guardian–acquired by Fortra in 2021–he helped launch Threatpost, an independent news site that was a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

Recommended Resources

The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.