Cybersecurity News Round-Up: Week of August 8, 2022

Welcome back to our blog! It’s been yet another fascinating week in cybersecurity. 

We begin in China, where a hacker has claimed to have stolen the personal information of nearly 49 million users of Shanghai’s Covid app. In a post on Wednesday to Breach Forums, a hacker with the alias “XJP” stated “This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” and provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people. Reuters contacted eleven of the 47 people. Only two said their identification numbers were wrong.

In the UK, the National Health System has been dealing with a serious security incident after an attack last Thursday against a key service provider. According to The Guardian “at least nine NHS mental health trusts have been affected by the outage, reducing their access to patients’ records.” The story goes on to say that “The cyber-attack targeted systems used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings, triage, out-of-hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the trust.” 

Also in Europe, a massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. As of earlier this week, the DIHK said it was only relying on phone and fax for communications. Michael Bergmann, chief executive of DIHK, defined the attack as serious and massive, it also added that the organization was not able to estimate how long its systems will be down.

On Wednesday, networking giant Cisco released details about a breach that occurred in May. While the cybercriminals responsible for the May 24th incident stole some information, the company says the business wasn’t impacted. According to Dark Reading “[W]e took immediate action to contain and eradicate the bad actors, remediate the impact of the incident, and further harden our IT environment,” a company spokesman said in the statement sent to Dark Reading….