Following some suspicious activity on the employee email system back in March, officials for UC San Diego Health have finally confirmed that they have fallen victim to a phishing attack. The attackers would have had full access to the UC San Diego Health email services for roughly 4 months and may have gained access to a significant amount of highly sensitive patient medical records, though there is no confirmation on that information being used maliciously or up for sale.
Babuk Ransomware forum being held ransom by spammer
Over the past weekend, researchers have been following a ransomware feud taking place on the Babuk Ransomware’s dark web forum, which has been overwhelmed with pornographic spam and left with a $5,000 bitcoin ransom. While the Babuk group has been rather quiet since their supposed retirement and leaking of D.C. police data, this feud seems to prove that they are still in the ransomware business and are facing some industry conflicts.
UK Guntrader website breached
One of the largest online gun sale websites in the UK, Guntrader, has recently suffered a data breach that could heavily affect their 111,000 users. The stolen SQL database contained purchasing and identifying information on thousands of gun sales over the last 5 years, though it appears that actual payment card data wasn’t stored internally. Officials for Guntrader have already begun contacting the affected users and they have all been recommended to update their credentials and monitor their credit for any unusual activity.
Security incident at Northern Ireland’s Department of Health
Earlier this week, officials for Northern Ireland’s Department of Health have been working to temporarily shut down their COVID-19 vaccine cert services after discovering a security flaw that allowed users to view sensitive medical data of others. The system, which is used to issue digital certificates to verify vaccination status of individuals, has been taken offline until they are able to properly correct the flaw.
Apple patches major spyware vulnerability
Apple has recently pushed out iOS 14.71, which has resolved an actively exploited vulnerability that was allowing Pegasus spyware to be installed on victim devices without any input from the device’s owner. Victims of this spyware attack were mainly journalists and even some government officials with ties to high profile issues. While Apple wasn’t specific about the actual content of the patched version, they did confirm that they also fixed a known bug with the Touch ID system that was stopping users from unlocking their Apple watches.