Data Privacy Weekly: Your Industry News Series

01. EvilProxy Phishing Targets 120K Microsoft 365 Users

The EvilProxy phishing campaign has targeted 120,000 Microsoft 365 users, focusing on MFA-protected accounts. Security firm Proofpoint discovered a surge in cloud account takeovers, impacting top executives. EvilProxy utilizes brand impersonation, bot evasion, and open redirections. This phishing-as-a-service platform steals authentication cookies from legitimate login forms, bypassing MFA.

Sold for $400/month, EvilProxy targets major accounts. A recent campaign by Proofpoint, using EvilProxy, impersonates brands like Adobe. The attack involves multiple redirections before a tailored EvilProxy phishing page. Notably, Turkish IPs are spared, possibly indicating a Turkish origin. VIP targets are prioritized, with breached accounts adding attacker-controlled MFA. Protection entails heightened security awareness, robust email filters, and FIDO-based keys.

Read More
EvilProxy Phishing Targets 120K Microsoft 365 Users
Massive Data Breach Exposes Northern Ireland Police Officers' Identities

02. Massive Data Breach Exposes Northern Ireland Police Officers’ Identities

A major data breach has exposed the names and ranks of all 10,000 serving police officers in Northern Ireland, causing serious concern for their safety. The Police Service of Northern Ireland (PSNI) accidentally shared this sensitive information in response to a Freedom of Information request. Given the ongoing threat to the police due to Northern Ireland-related terrorism, the breach is deemed disastrous. The breach occurred just months after a police officer was shot multiple times. The Federation representing officers demands urgent safeguards to prevent such breaches, emphasizing the high-security risks officers face in the region.

Read More

03. Massive UK Electoral Commission Data Breach Exposes 8 Years of Voter Data

A UK Electoral Commission breach revealed voter data from 2014 to 2022, detected a year later than the intrusion. Hackers accessed servers, including emails and electoral registers, prompting concerns over delayed reporting. Exposed details include names, addresses, emails, phone numbers, and images. Election processes remained unaffected, yet private data could be exploited for phishing and identity theft. Recipients are cautioned against suspicious emails, advising confirmation via phone instead of clicking links.

Read More
Massive UK Electoral Commission Data Breach Exposes 8 Years of Voter Data
Colorado Education Department Faces 16-Year Data Breach After Ransomware Attack

04. Colorado Education Department Faces 16-Year Data Breach After Ransomware Attack

The Colorado Education Department has revealed a data breach spanning 16 years due to a ransomware attack in June. The attack exposed students’ personal data including names and social security numbers. The department is investigating the breach’s extent and plans to notify affected individuals via mail or email. Free credit monitoring and identity theft protection services are being offered. Ransomware attacks on educational institutions are on the rise, highlighting the need for improved cybersecurity efforts across schools, colleges, and universities.

Read More

05. New ‘Inception’ Attack Exposes Sensitive Data on All AMD Zen CPUs

A fresh security breach called ‘Inception’ targets all AMD Zen CPUs, including the latest models, leaking sensitive data. Combining ‘Phantom speculation’ and ‘Training in Transient Execution’ techniques, researchers crafted this potent attack. It deceives CPUs into mishandling XOR instructions as recursive calls, allowing attackers to siphon off data from unprivileged processes. The leak rate is 39 bytes/sec, endangering passwords and RSA keys.

While Intel CPUs might also be affected by TTE variants, eIBRS mitigations hinder Phantom. Mitigation involves flushing the branch predictor state, but this hampers performance. AMD issued microcode updates for Zen 3 and Zen 4 CPUs to address this issue.

Read More
New 'Inception' Attack Exposes Sensitive Data on All AMD Zen CPUs

Explore More Topics

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo