Ohio clinic suffers massive breach150GB of data from the Central Ohio Urology Group has been leaked via Twitter. Hackers from Pravvy Sector [1] accessed the clinic's financial spreadsheets, HR documents and patient records. These contained patients' personal information including their names, addresses, phone numbers, dates of birth and treatments received. 2016 has already seen 49 hacking-related US medical data breaches affecting at least 500 people each. New Gozi campaign targets Japan, Spain, PolandThe latest version of the Gozi banking trojan [2] includes an increased role for human operators during the infection process and the ability to bypass some behavioural biometrics defences. Currently active in several countries including Japan, Spain and Poland, this version is targeting financial organisations including PayPal, PNB Paribas, ING Bank and many more. This new variant uses web injection attacks that rely on malicious DLLs loaded in the user's browser to show overlays on top of a Web page when the victim is visiting a banking portal supported by the trojan's modules. By showing a fake page on top of the original banking portal, these modules can collect login credentials and also hijack the payment transfer page.Using a tactic that has been employed by trojans in the past, Gozi uses human operators for larger thefts and for smaller accounts, it tends to be automated.More details here [3].Fake Android app infects over 10,000 usersAlthough Google has now removed several versions of the Prisma photo filter app, it only managed to do so after they had been downloaded over 1.5 million times and infected over 10,000 with malware. Criminals took to Google Pay Store to upload infected versions of the app before it had been officially released there. Although many of the fake apps were harmless, researchers at ESET discovered one containing a modular trojan that was capable of downloading smaller components with more intrusive behaviour. The fake Prisma app was collecting personal information on users including their phone numbers, operator name, country name, language and so on.Following this, the trojan embedded within would request and download a phishing module that showed an interstitial on top of the user's screen, asking them for their Google credentials in order to upgrade to Android 6.0.Israeli security firm uncovers ISIS plans to attack US militay baseCyber-intelligence firm Intsights claims to have discovered new terrorist attacks after hacking an ISIS forum on the Dark Web, hosted by the Telegram service. A map of US military bases from around the world was shared on the forum, and Intsights says it found plans to attack selected locations in Kuwait, Bahrain, and Saudi Arabia. These bases were selected because the US and its allies had used them to launch air strikes on ISIS militants in both Syria and Iraq. The same map also contained the locations of Israeli military bases.Multiplayer online gaming servers revived after Lizard Squad DDoSThe servers of Overwatch and Hearthstone, two massively multiplayer online games (MMOs), have been brought back up following a DDoS attack suspected to have been launched by Lizard Squad [4]. The hacker group is best known for allegedly taking down Xbox Live and PlayStation Network in 2014.The attack downed Blizzard's Battle.Net servers for around 3 hours and left players unable to log in. The news comes in the wake of Blizzard unleashing a wave of lifetime bans for players caught cheating, with many affected users threatening a DDoS in retaliation. The Silobreaker TeamDisclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
[1] https://my.silobreaker.com/view360.aspx?item=11_1041114612#?q=Organization:%22Pravyy%20Sector%20(hacker%20group)%22&rd=true
[2] https://my.silobreaker.com/view360.aspx?item=11_537775056#?q=Keyphrase:%22Gozi%20Trojan%22&rd=true
[3] https://buguroo.com/threat-intelligence-labs-new-gozi-campaigns-to-avoid-web-fraud-detection-target-global-brands
[4] https://my.silobreaker.com/view360.aspx?item=11_768575768#?q=Organization:%22Lizard%20Squad%22&rd=true