Over the weekend the IT systems for the Lazio region of Italy were taken offline after identifying a ransomware attack. In addition to the region’s online public services, their Covid-19 vaccination portal was also affected, though officials have confirmed that vaccination appointments will still be conducted normally and are working to verify if any information was stolen during the attack. Security researchers working with the Lazio region officials are still in the process of determining which ransomware group is responsible, either RansomEXX or a variant of LockBit 2.0.
OneMoreLead database exposes millions of records
Researchers have recently discovered a misconfigured Elasticsearch database belonging to the marketing firm OneMoreLead, that contains over 126 million records, though there is a good probability of duplicate entries. Amongst the records was a significant amount of extremely sensitive personal information, which could be easily used to conduct malicious phishing attacks against both individuals and organizations, leaving upwards of 60 million people vulnerable.
Microsoft 365 phishing campaign continues
A highly targeted phishing campaign has been plaguing Office 365 users for some time now, and officials for Microsoft are urging users to be even more vigilant when opening email links from legitimate-looking senders. The malicious links send victims to seemingly real Microsoft landing pages but are phishing pages that will request login credentials before allowing the victim to continue to the promised document.
Estonian ID database breached
An Estonian man was arrested at the end of July for illicitly accessing the Estonian government’s Identity Document Database and stole ID scans of over 280,000 citizens. Officials believe that there is no way to commit fraud from just ID photos, and that all affected individuals need not worry about obtaining new identification documents. Fortunately, officials have also confirmed that the data was not transferred beyond the thief's computer, or used in any malicious way, but did expose some major flaws in the government’s computer systems.
Raccoon Stealer receives crucial updates
The notorious Raccoon Stealer has received some incredible improvements over the last few months, namely the ability to spread as a dropper disguised as various installers for in-demand software, and hunt for cryptocurrency data alongside its usual financial data gathering on the infected machine. More worrying is the stealer-as-a-service business model that is being used to allow this malware to be bundled with other malicious payloads to maximize the profits from the target system or network.