Your weekly cybersecurity news recap is here! Check out what you might have missed this week:
A cybercrime group known as UNC6040 deployed a vishing (voice phishing) attack on Google in which they impersonated IT staff to gain access to Salesforce systems used by the company.
The group used customized python scripts to make it more difficult to trace them and their activity. After guiding the victim to install a malicious app during the vishing call, the group gains the ability to access and exfiltrate sensitive information.
Google was able to mitigate the attack before it escalated too far, and claims that the compromised information was information that was already publicly available.
(–Source: Mashable India
Read More: Google Confirms It Was Hacked After ‘Vishing’ Cyberattack; Is Your Data Compromised? Here’s What We Know – Tech )
WinRAR has released an update to patch a zero-day vulnerability which allowed hackers to obtain arbitrary code execution by crafting malicious archive files. This vulnerability was being actively exploited before the patch.
Information about the vulnerability was being advertised on the Russian dark web in early July of this year.
(–Source: The Hacker News
Read More: WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately )
The city of St. Paul experienced a cyberattack that compromised 43 gigabytes of sensitive company information.
In late July, the city’s IT team discovered suspicious activity within the city’s systems and took the systems offline to mitigate the attack. The data includes things such as work documents, IDs, and even some personal files.
The group responsible demanded a ransom, which the city did not pay out.
(–Source: CBS Minnesota
Read More: Group behind St. Paul cyberattack alleges posting 43 gigabytes of stolen data online, mayor says )
The Pennsylvania Attorney General’s Office experienced a cyber incident earlier this week that brought down the website, phone lines and email accounts. The website is back up following the incident and displays a notice letting visitors know that they may experience temporary delays in filing complaints and accessing home improvement contractor pages.
While further details about the incident have not been released, it has been confirmed that the Attorney General’s IT team has been working around the clock and teaming up with law enforcement to resolve the incident.
(–Source: Yahoo! News
Read More: Pennsylvania Attorney General’s website restored after “cyber incident” )
More information has been released about the Allianz Life Insurance data breach that occurred in mid-July, involving the hacking of a CRM platform used by the company.
The information compromised in this incident belonged to Allianz customers, financial professionals, and some employees, exposing the sensitive information of 1.4 million Americans. Though not many details have been released about the attack itself, Allianz has confirmed that the hackers used social engineering tactics, and there is no evidence that any of the company’s network or systems were accessed.
(–Source: FOX News on MSN
Read More: Allianz Life Insurance data breach exposes 1.4 million Americans )
