Cyber Bites

Kalispell Regional Healthcare (KRH) just reported a cyberattack that took place in late August and exposed patients’ health information. The Kalispell, Mont. facility had several employees fall for a phishing email scam, resulting in the attackers gaining the login credentials to KRH’s system, the hospital said in a statement. Source: SC Magazine

The Federal Trade Commission (FTC) today alerted consumers about the risk of mobile spyware that surreptitiously "stalks" smartphone users, snooping on call history, text messages, photos, GPS location, and browsing history. The warning comes the heels of the FTC's settlement this week with app firm Retina-X Studios LLC, which sold apps called MobileSpy, PhoneSheriff, and TeenShield that could be used as "stalking apps" or "stalkerware," the agency said. The FTC said Retina-X failed to ensure...

A Texas man was sentenced today to 145 months in federal prison for hacking the Los Angeles Superior Court (LASC) computer system and using its servers to deliver around 2 million malspam emails. 33-year-old Oriyomi Sadiq Aloba "was found guilty of one count of conspiracy to commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud, one count of unauthorized impairment of a protected computer, five counts of unauthorized access to a protected computer to obtain...

Britain's cyber-defence centre has thwarted more than one million cases of suspected payment card fraud in the last year, its annual review reveals. The National Cyber Security Centre (NCSC) said a dedicated anti-fraud effort stopped the cards being abused. It said it had stopped more than 1,800 cyber-attacks aimed at UK citizens and businesses in its first three years. Source: BBC

Three people, part of a Business Email Compromise (BEC) scammer group that stole roughly €10.7 million ($11,900,000) from 12 companies, were arrested in Spain by the Guardia Civil as part of Operation Lavanco. BEC (otherwise known as Email Account Compromise, CEO fraud, or CEO impersonation) fraud schemes are scams that allow crooks to trick a company's employees to wire out funds to attacker-controlled bank accounts they control via computer intrusion or by using social engineering. Source: Bleeping Computer

Japanese hotel chain HIS Group has apologised for ignoring warnings that its in-room robots were hackable to allow pervs to remotely view video footage from the devices. The Henn na Hotel is staffed by robots: guests can be checked in by humanoid or dinosaur reception bots before proceeding to their room. Source: The Register

A leak at Autoclerk, a reservations management system recently acquired by the Western Hotel & Resorts Group, exposed personal and travel information on hotel guests, including members of the U.S. government, military and Department of Homeland Security. “Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future,” according to a blog post by vpnMentor, whose researchers, led by Noam Rotem and...

Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing. "Alexa, steal my passwords." It's not a phrase a user is likely to utter, but security researchers in Germany have shown that it's possible for malicious apps — Alexa "skills" and Google Home "actions" — to launch phishing attacks on users, forward the compromised credentials to criminals, and do it all in apps...

When Doug Varey clicked on a pop-up ad offering computer security protection for 12 years for £556, he signed up. "I had no reason to suspect it wasn't genuine," he says. That was a mistake. Mr Varey was a victim of a common online scam known as computer software service fraud, which ended up costing him some £4,000. Indian police have now shut two call centres and arrested seven people suspected of involvement in the...

NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. Source: Tech Crunch