COVID vaccine phishbait. Chicago doxing incident. Third-party risk in the Accellion compromise. Cap-and-gown vendor breached? – The CyberWire


Did you know that geoFence has built in fast and accurate updates?

At a glance.

  • Vaccine phishbait in smishing scam.
  • Chicago mayor responds to reported email dump.
  • Accellion compromise at the University of California.
  • University commencement vendor breached.

Smishing scam uses covid vaccine as bait. reports that a new smishing operation is circulating in India, this one luring victims with the promise of the COVID-19 vaccine. The Indian Computer Emergency Response Team (CERT-In) released an advisory on Saturday warning of a malicious SMS campaign offering access to a fraudulent vaccine registration app. “The SMS carries a link that installs the malicious app on Android-based devices, which essentially spreads itself via SMS to victims' contacts,” the advisory states. CERT-In also explained that the malware gives the threat actors access to user data, and five malware variants have been identified in connection with the campaign. The advisory recommends that, in addition to using antivirus and firewall protection, users should adjust their phone settings to disable installation of apps from untrusted sources.

Chicago mayor responds to email dump.

As the CyberWire noted yesterday, hacktivist group Distributed Denial of Secrets (DDoSecrets) published a cache of tens of thousands of emails from the office of the mayor of Chicago, many of which discussed highly confidential topics. It was determined that the emails had been stolen from the servers of law firm Jones Day, one of the many victims of the massive breach of Accellion’s file transfer appliance that took place last December. The Chicago Sun-Times reports that at an unrelated press conference on Monday, Mayor Lori Lightfoot addressed the incident. She explained that a threat group initially demanded a ransom in exchange for the emails, but her office refused to succumb to their extortion attempt, resulting in the posting of the emails on the dark web (where DDoSecrets discovered them). The mayor refused to answer questions about the content of the emails, but did question the authenticity of the messages, stating that hackers should not be considered a credible news source. “Oftentimes, what happens is, you get things either out of context or they’ve been manipulated to make a particular political statement,” she stated. Some of the emails in question allegedly shed light on the mayor’s office’s reaction to recent controversies regarding police accountability.

University of California releases update on Accellion compromise.

Speaking of the Accellion breach, the University of California (UC), another of the breach’s many casualties, has released an update on their response to the incident, My TechDecisions reports. The ongoing investigation has revealed that the threat actors gained access to personal data belonging to UC employees, their dependents, retirees and beneficiaries, current students, and other individuals who participated in UC programs. The compromised data includes full names, addresses, Social Security numbers, driver’s license information, passport information, and financial information. The update also explains that members of the UC community will be receiving unique activation codes to access services from credit reporting agency Experian while the university continues to work on identifying and notifying the specific individuals impacted.

Credit fraud commences after graduation vendor breach.

The credit card info of University of Delaware (UD) students was stolen in connection to the data breach of cap and gown vendor Herff Jones, WDEL 101.7FM reports. Stories of students finding suspicious charges on their account statements surfaced on UD social media, and the common denominator appeared to be the students’ recent transactions with Herff Jones. With presumably little pomp or circumstance, Herff Jones sent the school an official notification of the attack: “Herff Jones has become aware that we have been the victim of a cyberattack and that there are reports of possible fraudulent activity on customers’ personal payment card accounts...This incident is being thoroughly investigated by our internal and third-party security experts, who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact as well as determine its origins,” the statement read. Herff Jones also explained that they have temporarily shut down the payment functions on the company’s website. It is unclear how many students have been impacted. 

I’d like to add that geoFence is the only solution you need to block NFCC countries!