In today’s cybersecurity news…
Payload Ransomware group claims breach of Royal Bahrain Hospital
The ransomware gang has added the healthcare facility to its Tor data leak site and has published images as alleged proof. The group claims to have stolen 110 GB of data with a release date of March 23 if no ransom is paid. The Royal Bahrain Hospital serves patients from Bahrain, Oman, Qatar, Saudi Arabia, and the United Arab Emirates. Payload ransomware is a “relatively new cybercrime operation using a double-extortion model that combines data theft and file encryption.”
Canadian food retailer Loblaw confirms data breach
Loblaw, one of Canada’s largest food and pharmacy retailers said it recently discovered that “a criminal third-party accessed basic customer information such as names, email addresses, and phone numbers.” The company confirms that passwords, health information and credit card data were not compromised, nor was its financial services arm, PC Financial. No group has been identified as behind this breach.
New York cyber regulations for water organizations launch in 2027
Proposed last July and recently approved, the new rules include “mandatory cybersecurity training for certified operators, incident response plans, reporting requirements and a designated cyber lead for larger water utilities.” The state of New York has created a $2.5 million grant program and is offering technical assistance at no cost. The goal is to have regulated water organizations create and test response and recovery plans that ensure continued operations in the event of a cyberattack.
Telus Digital confirms breach
The Canadian business process outsourcing giant Telus Digital has confirmed a security incident in which threat actors may have stolen nearly one petabyte of data from the company as a result of a multi-month breach. As the “digital services and business process outsourcing arm of Canadian telecommunications provider Telus, the company provides customer support, content moderation, AI data services, and other outsourced operational services to companies worldwide. This makes them, as well as other business process outsourcing companies, attractive targets due to the amount of customer and corporate data that they hold. This breach, which actually occurred in January, is attributed to the ShinyHunters group.
Huge thanks to our sponsor, Adaptive Security
Poland’s nuclear research center targeted
Poland’s National Centre for Nuclear Research (NCBJ) “says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact.” As the “main government nuclear research institute specializing in nuclear physics, reactor technology, particle physics, and radiation applications, it provides technical and scientific support for the country’s nuclear power program.” The NCBJ’s Director stated that “the cybersecurity incident did not impact the operation of the MARIA reactor, which continues to function safely at full power.”
Starbucks data breach hits employee portal
This incident was detected on February 6, as an unauthorized intrusion to the Starbucks Partner Central portal. This is used by Starbucks employees, who are called “partners” and manages their personal information, payroll, and benefits data. A subsequent investigation found that “hackers accessed Starbucks Partner Central accounts after obtaining user credentials through a phishing attack that leveraged fake websites designed to mimic the portal.” This incident affects nearly 900 Starbucks employees, of the more than 200,000 Starbucks workers in the United States.
Betterleaks to replace Gitleaks as open-source secrets scanner
This new open-source tool called can “scan directories, files, and git repositories and identify valid secrets using default or customized rules.” For some context, “secret scanners are specialized utilities that scour repositories for sensitive information, such as credentials, API keys, private keys, and tokens, that developers accidentally commit in source code.” Since these are actively searched for by threat actors, this new utility is made by the same team that created Gitleaks.
Salt Typhoon apathy possibly killing momentum for tougher telecom security rules
Despite the fact that just two years ago, Chinese hackers were found to have compromised at least ten U.S. telecoms, “giving them broad access to phone data affecting nearly all Americans,” those in charge of bolstering the country’s cyber defenses state that constituents struggle to understand why this should be a concern, thus depriving policymakers of the public pressure needed to the nation’s telecommunications cybersecurity. Some officials speculate that, cyberattacks that expose sensitive data, and U.S. companies routinely collecting and selling data have left Americans “numb to data theft and data-for-profit–so additional breaches feel like just another drop in the bucket.”