top of page
  • Avantia Threat Update


This Past Week: Elton Musk's Brain Computer will blow your mind; Tele-Health under attack by Cyber Baddies; English Hacker sentenced to 5 years jail in America; Alien Malware can steal passwords from Android Apps; Google announces "overlaying" of Covid 19 Hotspots on its mapping software worldwide; Ransomware proves fatal in Germany as a hospital is left unable to treat a woman in distress: The fallout from the BlackBaud breach gets more serious and more expensive for the victims and Major Breaches in INDIA; AUSTRALIA; UNITED KINGDOM; CANADA; GERMANY and UNITED STATES.

TOP Dark Web ID Trends: 

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Finance & Insurance

Top Employee Count: 501+



Musk reckons his brain-computer interface could one day help humans merge with AI, record their memories, or download their consciousness. Could he be right? He couldn't resist a small joke when he gave the world a first look at Neuralink, the brain-computer interface (BCI) project that he's been working on for the past two years. "I think it's going to blow your minds," he said. The aim of his startup is to develop technology to tackle neurological problems, from damage caused by brain or spine trauma to the type of memory problems that can become more common in people as they age. The idea is to solve these problems with an implantable digital device that can interpret, and possibly alter, the electrical signals made by neurons in the brain. "If you can correct these signals you can solve everything from memory loss, hearing loss, blindness, paralysis depression, insomnia, extreme pain, seizures, anxiety, addiction, strokes, brain damage; these can all be solved with an implantable neural link," Musk said at the demonstration of the technology, which also unexpectedly featured live pigs that had actually been implanted with the company's technology. The demo, led by Musk and streamed earlier this month, was the first major update on Neuralink's development since last summer. Musk used the demo to show off the latest iteration of the company's hardware: a small, circular device that attaches to the surface of the brain, gathering data from the cortex and passing it on to external computing systems for analysis.  The system was demonstrated in situ in a pig, gathering data on the animal's neural activity when its snout touched something, and creating a visual representation of that information. But for all the excitement of what Musk also called the equivalent of "a Fitbit in your skull" (including a minor hitch when the pig became camera shy) all the technology concepts showcased during the demo had been seen elsewhere before now. Several different types of working brain-computer interfaces already exist, gathering data on electrical signals from the user's brain and translating them into data that can be interpreted by machines.  And while Neuralink has yet to implant any of its devices into human subjects, a number of research laboratories have done just that -- to date, a handful of individuals have been fitted with functioning brain-computer interface devices. Typically, they are people who have suffered a spinal injury that's left them paralysed, and who use BCIs help them regain some of that lost function. (One notable user has already been able to recover enough movement in his hands to play Guitar Hero.) "Other than the implementation of the system they built, all of the things they showed are things that have been shown in the past," neural engineer Edoardo d'Anna, a postdoctoral associate in the Department of Physical Medicine and Rehabilitation at the University of Pittsburgh, tells ZDNet. "So from a scientific point of view, there was nothing novel in that sense." Musk's achievement is instead in building something that is starting to resemble a product that might actually help real patients, rather than a research project -- the stage many other BCIs are currently at.  And that's not the only difference between Neuralink's implementation of a brain-computer interface and those now used elsewhere. While many current BCIs often involve wired systems, Musk's uses Bluetooth Low Energy to communicate wirelessly. Traditional BCIs use arrays that integrate with the brain using rigid electrodes; Neuralink uses flexible threads. Usually, BCIs leave their users with a box of hardware that sits outside the skull; the Neuralink shouldn't be visible externally. Most research-BCI hardware is implanted by a human neurosurgeon; Neuralink has a robot to do most of the same surgical heavy-lifting. "They've done a very nice job of the engineering," says Professor Andrew Jackson, professor of neural interfaces at Newcastle University. "They've made progress in all the areas where you would expect a well-resourced, well-funded tech company to make progress. That means things like miniaturising electronics, making things low power off a battery, getting things to operate wirelessly.  "It's a bit unfair to say, but to some extent, these are low-hanging fruit for a big investment from a Silicon Valley tech company, because traditionally a lot of the technology that has been used in neuroscience has been done on a much smaller budget than this, and so things haven't always been kind of optimised to the same level that you are used to in that consumer electronics world," he says. While the Neuralink demonstration may not have come loaded with never-before-seen technology, it does serve as an illustration of how the technology is progressing towards commercialisation. "I think the bigger question is what are the new things that can be done with this technology? I think that's to some extent a more interesting question," says Jackson. It's also a question that Musk isn't short of answers to. Most BCI work currently ongoing falls into two camps: either it's looking at making consumer-grade, non-invasive kit that could ultimately offer a way of interacting with devices like smartphones --  UIs based on thoughts rather than key presses or voice commands -- or medical-grade systems to help people with brain or spinal injuries overcome paralysis. Musk has far broader aims for his BCI, however. The demo offered the possibility of curing numerous medical conditions, as well as more futuristic aims from telepathically summoning a Tesla to downloading your consciousness and being able to download memories. Achieving those aims would need a whole new set of functionality to be included in the Neuralink device, and the surgical robot would need to learn new techniques. For example, the current Neuralink sits on the surface of the brain, while some of the longer-term uses of the device Musk touted would mean it would need access to the deeper structures of the brain. Hooking up electronics to deep-brain structures has already been done -- deep-brain stimulation is already used for treating conditions such as Parkinson's -- but it's something of a blunt instrument. Doing something like Musk is proposing would need a much more subtle approach, and not one we've seen discussed by the company yet. It would also require Neuralink to stimulate the brain (sending data into the brain, rather than reading information from it), though there's been no discussion of any stimulation technology from the company so far. Some of the more long-term, almost sci-fi, visions for Neuralink would also mean addressing some of the black holes in our knowledge of certain areas of neuroscience. Playing back memories and similar applications would first need us to have a better understanding of what memory is and which bits of the brain are involved -- scientists have a good idea, but there's no consensus on whether we know all the pieces (and it all gets more complicated when you start thinking about different types of memory -- remembering your last holiday, how to play the piano, or a list of the Queens and Kings of England by date all live in different brain regions). "The short-term goal that they talked about of impacting someone who's paralysed and giving them control over a cursor and keyboard or something like that, that is something we know how to do. There's no doubt you can build a product like that, that is totally achievable," says d'Anna. But he says the long-term ideas like capturing your memories and replaying them are something we know very little about. "There's significant gaps in our scientific understanding that needs to be addressed before we can even talk about doing them," he adds. Does that mean such ideas might be held up by the need for more neuroscience research? Dr Tennore Ramesh, non-clinical lecturer at the University of Sheffield's Department of Neuroscience, believes that AI could enable some of Neuralink's long-term goals, whether we come to understand the neuroscience behind them or not. Treating it as if it's a neuroscience problem "is the wrong way of thinking. It's actually an engineering problem," he says. "The neurons are sending information in bits -- it's almost like a computer program. Of course, it's more complicated than that but, especially with the advent of artificial intelligence and things like that, I think it is pretty feasible," he says. "In terms of using AI for solving this, though, does it mean that we'll understand how the brain functions? Probably not, because many of these AIs are basically black boxes, but it doesn't mean that we can't put them to use or utilise whatever functionality they provide. So from that point of view, maybe we may not understand the neuroscience very much, but it doesn't mean that we can't make a product that can do those things," Ramesh says. Either way, the function of setting goals for the Neuralink that outstrip current scientific and engineering capabilities not only gives scientists a bold vision to aim for, but it also generates hype and interest in the company -- unlike the researchers who have worked on BCIs in labs, Musk ultimately has to turn a profit, and that's something he can only do if he can convince the world that Neuralink is as much a consumer device as it is a medical one. That also means convincing thousands of average people with no health conditions to undergo brain surgery. For most, the idea of having a chunk of skull bored out just to a get Fitbit installed is going to seem outrageous -- the one on their wrist works fine, thanks -- but replaying memories, downloading consciousness or merging with AI offers buyers the prospect of cheating death in an oblique way. That prospect could be decades away, at least, but perhaps in the long-term, the messaging of 'get a neural interface, avoid mortality' might be persuasive to many.


Telehealth services have proven to be an essential, socially distanced lifeline between patients and providers during the COVID-19 pandemic, but it’s important to keep in mind that they are also a potential avenue for cyber attack. While private insurers and the U.S. government rapidly extend access to telecommunication-based medical services for millions of patients and doctors, they are also creating an expanded digital footprint for cybercriminals to target. To help the healthcare community understand and secure this growing source of vulnerability, Booz Allen’s cyber threat intelligence analysts are keeping a close eye on the rapid U.S. tele-health expansion and the opportunities that it presents to cybercriminals. While the concept of telehealth predates the COVID-19 period, the outbreak has radically accelerated its actualization. As more patients demand and utilize tele-health and telemedicine solutions, private insurers and public providers such as Medicare and Medicaid are quickly adapting in response. The speed of this adaptation has been a boon to patients and clinicians, but it has also created significant challenges. With process and technology investments locked in, and demand for telehealth unlikely to dissipate even after the pandemic subsides, it's likely that this telehealth expansion will remain active and even growing for some time. This is a good thing. Done right, telehealth makes accessing a doctor almost as easy as checking your email—all you need is a laptop or a smartphone and an internet connection. It holds the potential to improve medical service delivery, lower the cost of healthcare, enable better home management of health conditions, eliminate the hassle of frequent office visits, and more. But these benefits will require health organizations to store and process far more data, and greatly expand their digital infrastructures. To keep their patients, data, and IT systems safe in this environment, they must keep security among their top priorities. While patients and doctors see enormous benefits in the rapid rise of telehealth, hidden security challenges could result in risks that outweigh the rewards. The challenge of keeping patient information safe and secure on various telehealth devices is unfortunately one that has yet to be adequately addressed. Softer regulations such as relaxed security and oversight protections are another concern. Government organizations are stating openly that they may not enforce rules designed to protect patient data or conduct audits for new patient billing. The government’s decision to raise the possibility of waiving certain regulations designed to protect patient data has made the operating field more opaque. These examples are just the tip of the iceberg, but they make it plain that striking a balance between making telehealth accessible for millions and protecting privacy and infrastructure from hackers is not going to be easy. Hastily put together telehealth systems could create a wealth of exploitable vulnerabilities for savvy cybercriminals. Relaxed regulatory enforcement could lead providers to leverage live video systems that do not meet HIPAA requirements. A compromised device might enable a hacker to:

Commit medical billing fraud; Illegally access live videos between patients and doctors; Gain unauthorized entry into devices; And hack cloud-based services where patient data is stored

Cybercriminals are likely already profiting from security vulnerabilities in our young and rapidly developing telehealth system. If health organizations and government regulators don’t make telehealth security a greater priority now, this exploitation will only grow, putting patients, doctors, and the nation’s healthcare infrastructure at risk.


The front man for the notorious Dark Overlord hacker gang, which threatened to leak stolen confidential information unless paid off, has been sentenced to five years behind bars in America. Nathan Wyatt, 39, formerly of London, England, was sent down on Monday by a judge in a federal district court in eastern Missouri. He was also told to pay $1,467,048 in restitution to his victims. The Brit had pleaded guilty to conspiracy to commit computer fraud and aggravated identity theft. The father-of-three has been stateside since he was extradited in December last year. Prior to that, Wyatt was in a British cooler for crimes involving stolen credit card details and blackmail. He enjoyed a brief bout of fame when he claimed he had hacked the iCloud account of Pippa Middleton, though he was later cleared in a police probe. Wyatt was among a crew of miscreants who since 2016 operated under the Dark Overlord brand: they would hack people and organizations, and threaten to dump their victims' private documents onto the web unless payment – typically between $75,000 and $350,000 in Bitcoin – was coughed up. His role in the gang was particularly nasty. As the point man of the operation, he was tasked with directly contacting victims, and acting as the go-between. This included making threats against the friends and family of those the gang was trying to extort. Did your daddy tell you he refused to pay us when we stole his company files? Court filings detail how, while trying to strong-arm hacked businesses into paying, Wyatt would send creepy, intimidating messages with detailed information about the spouses, parents, and children of those at the companies Dark Overlord was targeting. In one case he went so far as to directly contact a victim's daughter. "You look peaceful… by the way did your daddy tell you he refused to pay us when we stole his company files," the teen girl was told. "In four days we will be releasing for sale thousands of patient info. including yours." Among the companies targeted were doctors' offices, accountants, a medical records company, and banks in the US. "He created, validated, and maintained phone accounts, a PayPal account, virtual private networks, and a Twitter account that were used to maliciously hack and extort multiple US companies," American prosecutors noted in their sentencing letter [PDF]. "These attacks unscrupulously preyed on the sensitivity of personal medical and financial records to stoke fear and seek ransom payments." By contrast, it is reported Wyatt was contrite during his sentencing, held via a Zoom call, breaking down in tears and claiming he struggles with mental illness. “I’d like to apologize for the role that I played in this,” Wyatt sobbed. “I can promise you that I just want to go home to my family. I’m out of that world, and I don’t want to see another computer for the rest of my life.” The Dept of Justice's Acting Assistant Attorney General Brian Rabbitt said in a statement: “Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain. “Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.” Judge Ronnie White opted to hand down the five year term, in line with prosecutors' recommendations.


Security researchers have discovered and analyzed a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications. Named Alien, this new trojan has been active since the start of the year and has been offered as a Malware-as-a-Service (MaaS) offering on underground hacking forums. In a report shared this week with ZDNet, security researchers from ThreatFabric dug deep into forum posts and Alien samples to understand the malware's evolution, tricks, and features. According to researchers, Alien is not truly a new piece of code but was actually based on the source code of a rival malware gang named Cerberus. Cerberus, while an active MaaS last year, fizzled out this year, with its owner trying to sell its codebase and customer base, before eventually leaking it for free. ThreatFabric says Cerberus died out because Google's security team found a way to detect and clean infected devices. But even if Alien was based on an older Cerberus version, Alien doesn't seem to have this problem, and its MaaS stepped in to fill the void left by Cerberus' demise. ThreatFabric says Alien is part of a new generation of Android banking trojans that have also integrated remote-access features into their codebases. This makes Alien a dangerous concoction to get infected with. Not only can Alien show fake login screens and collect passwords for various apps and services, but it can also grant the hackers access to devices to use said credentials or even perform other actions. Currently, according to ThreatFabric, Alien boasts the following capabilities:

Can overlay content on top of other apps (feature used for phishing login credentials); Log keyboard input; Provide remote access to a device after installing a TeamViewer instance; Harvest, send, or forward SMS messages; Steal contacts list; Collect device details and app lists; Collect geo-location data; Make USSD requests; Forward calls; Install and start other apps; Start browsers on desired pages; Lock the screen for a ransomware-like feature; Sniff notifications showed on the device; Steal 2FA codes generated by authenticator apps

That's quite an impressive array of features. ThreatFabric says these are mostly used for fraud-related operations, as most Android trojans tend to be these days, with the hackers targeting online accounts, searching for money. During its analysis, researchers said they found that Alien had support for showing fake login pages for 226 other Android applications (full list in the ThreatFabric report).  Most of these fake login pages were aimed at intercepting credentials for e-banking apps, clearly supporting its assessment that Alien was intended for fraud. However, Alien targeted other apps as well, such as email, social, instant messaging, and cryptocurrency apps (i.e., Gmail, Facebook, Telegram, Twitter, Snapchat, WhatsApp, etc.). Most of the banking apps targeted by Alien developers were for financial institutions based mostly in Spain, Turkey, Germany, the US, Italy, France, Poland, Australia, and the UK. ThreatFabric didn't include details about how Alien makes its way onto users' devices, primarily because this varies based on how the Alien MaaS customers (other criminal groups) chose to distribute it. "A lot of it seems distributed via phishing sites, for example malicious page tricking the victims into downloading fake software updates or fake Corona apps (still a common trick at the moment)," Gaetan van Diemen, a malware analyst at ThreatFabric, told ZDNet. "Another method observed to be used is the SMS, once they infect a device they collect the contact list which they then reuse for further spreading of their malware campaign," he added. Some malicious apps make it on the Play Store, once in a while, but most of the time, they're distributed through other channels, van Diemen said. All of these shady Alien-tainted apps can be easily spotted as they often require users to grant them access to an admin user or to the Accessibility service. As self-evident of an advice "don't install apps from shady sites and grant them admin rights" might sound, not all Android users are technical enough to understand it, and many users will download and install apps from any location, and then just click through all the prompts during installations. This is how malware operates in general, targeting non-technical users, and not the "experts." And there are many of these non-technical users around, hence why Android malware is big business these days on hacking forums. So...  Here’s the “take Away”: Don't install apps from shady sites and grant them admin rights.


Google has added a "COVID layer" to the Maps platform, granting users up-to-date information on infection trends across state and city.  The update will begin to appear on Android and iOS over this week, worldwide. According to Sujoy Banerjee, Product Manager of Google Maps, users will be able to access the data layer through a new top right-hand corner tab called "COVID-19 info."  You will then see a seven-day average of new COVID-19 cases per 100,000 people for the area you are looking at in Maps. Labels indicate whether or not caseloads are increasing or decreasing. To make it easier for viewers to understand the data on show, Google has also included color coding:

Grey: Less than 1 case

Yellow: 1 - 10 cases

Orange: 10 - 20 cases

Dark orange: 20 - 30 cases

Red: 30 - 40 cases

Dark red: 40+ cases

Banerjee describes the tool as a means to "show critical information about COVID-19 cases in an area so you can make more informed decisions about where to go and what to do."

The information is pulled from authorities on the spread of the novel coronavirus, including Johns Hopkins -- which has already provided a real-time dashboard -- the New York Times, JHU CSSE COVID-19 Data, Brihanmumbai Municipal Corporation, and Wikipedia, all of which use public organizations as sources for case reports including government ministries, local health agencies, and the World Health Organization (WHO).  Google says that once the rollout is complete, case data will be visible for all 220 countries and territories supported in Google Maps.  State, province, county, and city-level data will be included where available, but as not every country or local authority reports new cases quickly -- or at all -- some areas may be colored grey and have no trend information on display. In June, Google added new transit features to Maps including local alerts for trips likely to be impacted by COVID-19 restrictions, driving notifications for COVID-19 checkpoints, and the inclusion of medical centers for testing. 


THREAT FOCUS: Artech Information Systems - UNITED STATES

Exploit: Ransomware

Artech Information Systems: Staffing Firm  

Risk to Business: 1.602 = Extreme - Artech Information Systems, one of the largest IT staffing companies in the US, just announced that they’d had a data breach exposing personal, financial, and health information of some of its clients. The company was informed by security researchers that the REvil gang advertised 337MB of stolen data in January, but Artech first sent out breach notifications at the beginning of September, despite completing its investigation at the end of June, leaving clients exposed to risk for 8 months.

Individual Risk: 2.424 = Severe - The stolen files contained PII including names, Social Security numbers, medical information, health insurance information, financial information, payment card information, driver’s license/state identification numbers, government-issued identification numbers, passport numbers, visa numbers, electronic/digital signatures, usernames, and passwords. information. Affected clients have been notified and told to monitor their bank statements for suspicious activity and be on the lookout for fraud and identity theft. The firm is offering free credit monitoring and identity protection to all affected customers.

Customers Impacted: 10,000+

How it Could Affect Your Business: Ransomware is a terrifying specter, but it can be ameliorated. What can’t is a failure to even tell your clients that they’re at risk for 8 months or more.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Ransomware is usually delivered as the result of a phishing attack. Graphus brings powerful automatic phishing protection to the table, featuring a smart AI that evolves with your business.  Phone 07 30109711 or email for more info.

THREAT FOCUS: Department of Veterans Affairs - UNITED STATES

Exploit: Unauthorized Access (Credential Compromise)

Department of Veterans Affairs: Federal Agency

Risk to Business: 1.667 = Severe - The Department of Veterans Affairs (VA) informed affected users on Monday of a data breach that resulted in the exposure of 46,000 veterans’ personal information. The incident stemmed from unauthorized users accessing an application within the Financial Service Center (FSC) to steal payment away from community health care providers. In a statement, the VA said malicious actors used “social engineering techniques” and exploited “authentication protocols” to gain access to the system. Recent additional information that has come to light indicates that 17,000 community care providers may also have been affected.

Individual Risk: 1.806 = Severe - No information has been provided about the exact nature of the compromised information. The VA has directed those who suspect that they may have been impacted to email or mail questions to the VA

Customers Impacted: 46,000 veterans and 17,000 medical care providers

How it Could Affect Your Business: Social engineering attacks, typically in the form of password theft or phishing, can devastate a business, especially if it results in the compromise of a privileged account.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Security awareness and phishing resistance training is not something companies can afford to cut back on. The cost-effective solutions in our digital risk protection platform fulfill the need for updated training without breaking the bank. Call Avantia on 07 30109711 and learn how a BullPhish ID Staff penetration Test can assist you in finding the ‘weak links’ in your chain. 


Exploit: Credential Stuffing

Activision Blizzard: Video Game Developer

Risk to Business: 1.995 = Severe - Cybersecurity researchers have uncovered the files for more than 500,000 accounts for the company’s Call of Duty franchise with login data compromised. The eSports site Dexerto reported that a data breach occurred on September 20 and that the credentials to access these accounts have been leaked publicly. Activision Blizzard is denying the incident, but many gaming and cybersecurity news outlets have reported evidence of the incident, including directly affected user records

Individual Risk: 1.965 = Severe - Call of Duty account holders should monitor their account for unauthorized activity. No information has been reported on whether or not financial information or PII was included in this breach. Players should also be alert to potential spear phishing using this information.

Customers Impacted: Unknown

How it Could Affect Your Business: Failing to acknowledge a data breach that’s widely reported and confirmed is not the way to start repairing your company’s reputation or your clients’ trust after an incident.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue:  Credential stuffing attacks are fueled by Dark Web data. Guard your company against credential stuffing attacks powered the information available in huge Dark Web data dumps by monitoring your company’s credentials for compromise with Dark Web ID. More than 65% of the data on the Dark Web can damage businesses. Put the power of Dark Web ID to work for you to guard against credential compromise danger. Call 07 3010 9711 today for a free ‘real time’ demonstration to discover if your critical credentials are listed on the Dark Web for sale to Cuber Criminals to exploit.

THREAT FOCUS: Newhall School District - UNITED STATES

Exploit: Ransomware

Newhall School District: School System 

Risk to Business: 2.351 = Severe - A cyberattack against the Newhall School District in Valencia, CA affected all distance learning across 10 schools, shutting down remote learning for 6,000 elementary school students. Newhall’s servers have been shut down and teachers are attempting to keep students learning while the incident is investigated and systems are restored with pencil and paper assignments.

Individual Risk: No information was reported as compromised in this incident

Customers Impacted: 6,000 students

How it Could Affect Your Business: Attacks on education have been skyrocketing, and failure to update security awareness and phishing resistance to keep up opens schools to this massive threat.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Protect your clients from ransomware with the 1 -2 punch of updated training with BullPhish ID and automated phishing protection from Graphus, your perfectly integrated anti-phishing guardians. To find out more please call Avantia on 07 30109711 or Email

THREAT FOCUS: University Hospital New Jersey - UNITED STATES

Exploit: Ransomware

University Hospital New Jersey: Healthcare Provider 

Risk to Business: 2.391 = Severe - The SunCrypt ransomware operation has leaked data allegedly stolen from University Hospital New Jersey (UHNJ) in a ransomware attack. The attackers have leaked 1.6 GB ff the 240 GB of data containing over 48,000 documents. The documents contain patient information release authorization forms, copies of driving licenses, Social Security Numbers (SSNs), date of birth (DOB), and records about the Board of Directors.

Individual Risk: 2.027 = Severe - People who have received medical treatment at the hospital may have had their PII compromised, and should be alert for spear phishing attempts, identity theft, or blackmail attempts tied to this information Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is often the unwelcome gift that comes with a phishing email. By failing to train staffers to resist phishing attacks, companies leave themselves open for ransomware infections.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Automate your company’s defense against phishing with Graphus and put three layers of protection between a phishing email and your data fast. For more info call Avantia on 07 30109711 or Email

THREAT FOCUS: College of Nurses Ontario - CANADA

Exploit: Ransomware

College of Nurses Ontario: Professional Organization 

Risk to Business: 2.107 = Severe - The College of Nurses of Ontario (CNO), which oversees about 188,000 members, discovered that it had been impacted by ransomware on Sept. 8. CNO is still trying to figure out if the personal information of its 300 employees and 195,500 members has been compromised as has been reported by cybersecurity researchers who spotted information on the Dark Web. Many services, including “Find a Nurse”, have been shut down as the investigation and recovery progresses.

Individual Risk: 2.397 = Severe - The organization has not officially informed members of a PII or financial data breach but based on researcher reports, PII was affected. Members should be wary of phishing attempts using this information. Customers Impacted: 195,000 nurses and 300 staffers

How it Could Affect Your Business: Information gets to the Dark Web quickly these days, making obfuscating an incident a challenge, Rebuilding customer trust starts with admitting that there’s a problem instead of covering up an incident, especially one that’s been widely reported.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Information like this lives forever on the Dark Web. Dark Web ID provides 24/7/365 protection against compromised user credentials alerting you if they appear in Dark Web markets. For a FREE no obligation Dark Web scan for your compromised credentials call 07 30-109711 or Email


Exploit: Accidental Data Exposure  

Public Health Wales: Government Agency 

Risk to Business: 2.112 = Severe - Personal data concerning 18,105 residents of Wales who tested positive for COVID-19 was uploaded by mistake to a public server and spent 20 hours online in August, Public Health Wales said on Monday. The agency says that for the majority of cases, 16,179 people, the information consisted of initials, dates of birth, geographical area, and sex. For 1,926 people living in nursing homes and supported housing, the information also included the names of the homes.

Individual Risk: 2.771 = Moderate - While no financial information was exposed, the data that was exposed could open victims up to spear phishing or blackmail attempts.

Customers Impacted: 18,105

How it Could Affect Your Business: The number one cause of a data breach is human error. Increasing security awareness training can decrease the number of staff errors that become cybersecurity disasters.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Security awareness training can reduce cybersecurity risks by up to 70%. See how training with solutions like BullPhish ID reduces your risk as a key component of our digital risk protection platform. Call 07 30109711 for more information.

THREAT FOCUS: University Hospital Dusseldorf - GERMANY

Exploit: Ransomware

University Hospital Dusseldorf: Healthcare Provider 

Risk to Business: 2.314 = Severe - In a chilling series of events, ransomware invaded 30 servers at University Hospital Dusseldorf, crashing systems and forcing the hospital to turn away emergency patients. As a result, a woman who needed immediate emergency care was sent to a hospital 20 miles away in Wuppertal and died from treatment delays. This is the first reported death that directly resulted from a cyberattack

Individual Risk: No individual information was been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware can shut an organization down entirely, especially an organization that’s dependent on cloud applications or technology-driven equipment like a hospital, with sometimes disastrous results. Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: 

Protect your systems from ransomware with Graphus, the automated phishing guardian that’s on duty 24/7/365. Graphus starts protecting you from email threats on day 1, with no IT professional setup needed. Call Avantia on 07 30109711 to find out more.


Exploit: Unsecured Database Retailer 

Risk to Business: 2.327 = Severe - A misconfigured database is to blame in an incident at the German retail giant Failure to even lock the company’s production server database exposed 6.4 terabytes of data containing 6 billion records and leaking the personal information of over 700,000 customers. The company compounded the mistake by leaving the database open for more than a month, even after being informed about the mistake. It wasn’t rectified until Germany’s CERT became involved

Individual Risk: 2.701 = Severe - In formation exposed in this incident includes purchase invoices, full names, IP addresses, internal logs, phone numbers, email addresses, home addresses, hashed passwords, payment methods without payment data, and family data including children’s names, dates of birth, and gender.

Customers Impacted: 700,000

How it Could Affect Your Business: Failing to secure a database with so much as a password is a rookie mistake that shows a culture of neglect toward cybersecurity best practices, and it will make customers less likely to do business with them. Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Don’t just rely on a password to secure access to your business’ most sensitive information like customer records. Passly provides strong security that deploys in days, not weeks to secure your points of entry at a price that you’ll love. Call Avantia on 07 30109711 to find out more.


Exploit: Ransomware

Anglicare Sydney: Family Services and Mental Healthcare Organization

Risk to Business: 2.077 = Severe - Anglicare Sydney has revealed that 17 gigabytes of data were transmitted to a remote location on August 31 as part of an ongoing ransomware incident. The company maintains that it will not pay any ransom and that the main system relating to Anglicare Sydney’s Out of Home Care program, which includes the foster care program, was not impacted. The company has not released details on what information was stolen.

Individual Risk: No personal or financial data has been reported as compromised in this breach so far, but it remains under investigation.

Customers Impacted: Unknown

How it Could Affect Your Business: Failing to keep information secure as a service provider in such a sensitive industry can impact a company’s reputation as a reliable partner, and have a negative effect on future contract bids.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: This kind of information is highly prized in the Dark Web data markets – data from any health and human services source is a hot commodity. Dark Web ID helps keep your organization safe from Dark Web data like compromised credentials. 

THREAT FOCUS: University of Tasmania - AUSTRALIA

Exploit: Accidental Data Exposure 

University of Tasmania: Institution of Higher Learning   Risk to Business: 2.217 = Severe - That classic human error is to blame for the accidental exposure of students’ personal data to faculty members at the University of Tasmania. In a security bungle, the personal information of 19,900 students was made public through a misconfigured Microsoft Office365 SharePoint site that was accessible to anyone with a email address.

Individual Risk: 2.419 = Severe - The University has established a dedicated support line – 1800 019 897 – to assist students with any questions or concerns about their personal information, and experts in national identity and cyber support services IDCARE have also been engaged to provide independent advice and support to students, including dedicated case managers who work with individuals to develop tailored response plans.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware can devastate your business while creating a storm of negative publicity, expensive recovery costs, and operational difficulties that’s hard to sail through.

Breach Risk Levels

1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Stop ransomware cold by adding automatic phishing defense with Graphus. Plus, when you choose to add Threat Intelligence to your Graphus Insights Dashboard, you’ll get detailed information on the threats that your company has faced recently. For more information please contact Avantia on 07 30109711

THREAT FOCUS: National Informatics Centre - INDIA

Exploit: Malware

National Informatics Centre: Government Department 

Risk to Business: 2.217 = Severe - 100 computers at India’s National Informatics Centre (NIC) were infected with damaging malware, locking up many operations at the agency that is responsible for securing critical cyber infrastructure in the country. The investigation led to an infected email received and opened by a NIC staffer from a third party service provider. Individual Risk: No individual information is reported as impacted in this incident.

Customers Affected: Unknown

How it Could Affect Your Business: Employees falling for a phishing email can cause any company a world of trouble. Just one fatal click is enough to wreak havoc.

Breach Risk Levels 1 – 1.5 = Extreme Risk 1.51 – 2.49 = Severe Risk 2.5 – 3 = Moderate Risk Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Stop phishing email from reaching employee inboxes to prevent that fatal click with automated phishing protection from Graphus. Call Avantia on 07 30109711 to see how.



The BlackBaud Breach Just Keeps Getting Worse, Illustrating the Dangers of Third Party Threats

The fallout from the huge breach at fundraising and non-profit services provider BlackBaud is continuing to land, impacting colleges, foundations, trusts, and other organizations throughout the US, Canada, and the UK.

The breach exposed the donor and fundraising program details of non-profits of every size, but it’s spawned an unexpected new wrinkle – the exposure of data that it had collected and maintained for hospitals around the US, a circumstance that could have major repercussions.

Shockwaves stated traveling through the medical community as the first reports of patient information compromised as a result of the BlackBaud breach began to come to light. It’s estimated that more than 1 million records were exposed. Here’s a list of just a few of the impacted institutions:

Children’s Hospital of Minnesota (Minneapolis, MN)

Trinity Health of New England (Boston, MA)

Virginia Commonwealth University Hospital ( Richmond, VA)

Our Lady of the Lake Regional Medical Center (Baton Rouge, LA)

The Christ Hospital Health Network in Cincinnati.

UMass Memorial Medical Center (Worcester, MA).

Vidant Health in (Greenville, NC)

Texas Children’s Hospital (Houston, TX)

ChristianaCare in (Newark, DE)

Trinity Health in Livonia, MI)

Montefiore Medical Center (New York, NY)

Catholic Medical Center (Manchester, NH)

Memorial Sloan Kettering Cancer Center (New York, NY)

Atrium Health (Charlotte, NC)

Catholic Health (Buffalo, NY)

MultiCare Health System (Tacoma, WA)

Northern Light Health Foundation (Brewer, ME)

NorthShore University Health System (Evanston, IL)

Northwestern Memorial HealthCare (Chicago)

Saint Luke’s Health System (Kansas City, MO)

Spectrum Health (Grand Rapids, MI)

UF Health (Gainesville, FL)

UK HealthCare (Lexington, KY)

UT Health San Antonio(San Antonio, TX

Inova Health System (Falls Church, VA)

Protecting your company from danger created by a third party vendor is crucial to building a strong cybersecurity strategy. No business is an island – we all do business with partners, vendors, service providers, and other entities. and those folks will do business with other entities.

While we can strive to choose the best partners by carefully reviewing the security postures of other companies, variables like insider threats, and cybercrime as a service ensure that no company is guaranteed “safe”. Adding protections on your end to mitigate potential compromise is the only way to protect your business from third party risk danger.




Many cybersecurity incidents today are the result of internal security issues that no firewall or anti-virus could have prevented.  Cyber Hawk combines machine learning and intelligent tagging to identify anomalous activity, suspicious changes, and threats caused by misconfigurations.  It is uploaded remotely on your Windows-based Endpoints (Desktops/Laptops/Tablets) and keeps you posted of any potential internal security issues going on inside your network. Set the time for the daily scan and Cyber Hawk reports back with an email alert sent to any address you specify. The daily alerts aggregate the issues that were detected during the past 24 hours and can be sorted either by priority/severity (high, medium and low) of the threat, or by the type of issue (threat, anomaly, change).


+61 7 30109711 /



Avantia Corporate Services Pty Ltd T/A Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, other members of the 5 Eyes Alliance, the Australian Cyber Security Centers, and other sources in 56 countries who provide cyber breach and cyber security information in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.

*COPYRIGHT 2020* Avantia Corporate Services - All Rights Reserved.


bottom of page