Bitglass Security Spotlight: Surveillance Vulnerability Impacts Ring

Here are the top stories of recent weeks:  

• Security Vulnerability Discovered That Exposes Ring Doorbells WI-Fi Network and Passwords 
• Threat Actors Are Continuously Attempting to Hack into Connectwise Automate Systems
• Fake Court Summons Emails Used to Deliver Data-Stealing Malware in Latest Phishing Campaign
• A New York City Hospital Is the Latest Victim to a Ransomware Attack
• Veritas, The DNA Testing Startup Confirms Data Breach

Newly Discovered Security Vulnerability Exposes Ring Doorbells’ Wi-Fi Network and Passwords 

The security flaw enables hackers to not only view login information and passwords for Wi-Fi networks in plain text, but also allows them to conduct surveillance. The Amazon-owned doorbell was sending owners’ login information in plaintext as the doorbell joined the local network – consequently allowing hackers within the vicinity to intercept the sensitive information, gain access to users’ networks, and conduct surveillance in real-time. This vulnerability was discovered and addressed in September of 2018, but Amazon did not disclose this information until last week. 

Sponsorships Available

Sponsorships Available

Sponsorships Available

Threat Actors are Continuously Attempting to Hack into ConnectWise Automate Systems

Hackers are trying to infiltrate ConnectWise Automate Systems’ on-premises customer network to install ransomware. The Florida-based remote IT management solutions asserts that there have been numerous attempts to break into its network. The threat actors are attempting to take over servers and infect the company’s entire fleet of computers. There are currently more than 100,000 IT professionals utilizing the SaaS platform and many of them have come forward asking for clarity as to which ports are being targeted, but the company has yet to respond. 

Fake Court Summons Emails Used to Deliver Malware in Latest Phishing Campaign

A U.S. based hacking campaign is targeting employees in insurance and retail industries with phishing emails – from users falsely claiming to be with the Ministry of Justice. The emails are embedded with information-stealing malware links, which takes victims to a cloud hosting provider that redirects and deploys a form of malware called “Predator the Thief”. This form of malware steals usernames, passwords, browser data, and cryptocurrency wallet information. 

A New York City Hospital Falls Victim to a Ransomware Attack

A ransomware attack hit a New York City hospital that refused to pay a ransom led to patient data being compromised. The Brooklyn Hospital Center acknowledges that a ransom for decrypting the files was not paid and after diligent remediation efforts, they were unsuccessful in recovering their patients’ protected health information. There is currently no estimation as to how many patients were affected in this attack and the hospital asserts that there is currently no backup procedure to safeguard the data. The stolen data includes patients’ names, as well as dental and cardiac images. 

DNA Testing Startup, Veritas, Confirms Data Breach

With over 26 million consumers globally signing up for at-home genetics testing, the health startups handling this sensitive information have become a prime target for threat actors. Veritas, a growing genome testing startup, was affected by a data breach that directly impacted their customer-facing portal. However, the company has not elaborated on what information was leaked, when the breach occurred, or how many customers were impacted. In fact, Veritas has not issued a public statement or acknowledged the breach on its site. In this competitive landscape, startups cannot afford to mismanage sensitive data.