Cybersecurity news provided by NetworkTigers on Monday, 15 March 2021.
SAN MATEO, CA — Security firms may have leaked Exchange Server vulnerability details, White House warns patches are not enough to secure hacked systems, Japanese video game giant blames remote working for security breaches, Canadian taxpayer information locked to protect users, university computers offline for 4 days because or ransomware, brewing company suffers “cybersecurity incident,” Philippines government website hacked, Chinese hackers Hafnium compromise 30,000 US companies, data hosting company pays ransom to protect user data, 150,000 surveillance cameras hacked, and New Jersey state employee portal hacked.
Microsoft investigates security firms for leaks
Microsoft is currently looking into the security companies it works with to find out if they may have leaked critical vulnerability details about Exchange Server that could have been used by hackers. The investigation is due in part to what they feel is a suspicious spike in attacks on their software some time after the initial hack took place. Microsoft has stated that there is no indication that any information was leaked internally and that if any of their 80 or so partners were found to be guilty of violating the terms of their agreement they would face appropriate consequences. Read more.
Hackers continue to exploit patched versions of Microsoft Exchange Server
While the initial attack on Microsoft Exchange Server was spearheaded by a Chinese espionage collective known as Hafnium, the system’s vulnerability being made public has drawn the attention of other criminal parties interested in using the discovery to their advantage. The White House is reminding affected users that they are not out of the woods even if they install the recommended updates to their software. While the update effectively fixes the security flaw, patched versions of Exchange that had already had backdoor access installed in the initial wave of attacks still allow hackers unlawful access. As a result, it is recommended that all compromised systems be completely rebuilt. Read more.
Videogame publisher Capcom reacts to repeated security breaches
Japanese video game giant Capcom has suffered repeatedly punishing security breaches and attacks against its networks over the past year. Highlighting the challenges associated with remote work and cybersecurity, the company is attributing the series of incidents to the work-from-home scenario put in place as a result of the COVID-19 pandemic. According to Capcom, with hundreds of its employees working offsite, the company is simply unable to remedy the resulting gaps in the security of its data. Controversially, Capcom is now requiring employees to report to the office in spite of the continuing risk of infection. Read more.
Canadian federal tax agency to lock accounts due to username and password availability
The Canadian Revenue Agency has stated that it will be locking the accounts of over 800,000 Canadian taxpayers due to their login information, including passwords and usernames, being available to unauthorized users. The CRA claims that the information was not exposed due to a breach or cyberattack on their system, but were gained from a “variety of means” outside of their network. Canadians are being urged to monitor their accounts for unusual activity and to also change their passwords as a precautionary measure. Read more.
Baldwin Wallace University targeted in ransomware attempt
An attempted attack on the network of Berea, Ohio’s Baldwin Wallace University was thwarted by quickly responding staff, according to a statement made by the school’s head of IT. Believed to be the result of a phishing scam, the university’s network was compromised in an effort to acquire sensitive information to then be held for ransom. The activity was noticed as it was taking place, allowing those tasked with stopping it the advantage of being able to obstruct the attack before it was able to completely lock down the network. With the assistance of an outside security firm, the IT department was able to reclaim their computers and get systems back online in four days. Read more.
Molson Coors taken offline by “cybersecurity incident”
Chicago-based brewing giant Molson Coors has had its internal systems taken offline by what they are vaguely describing as a “cybersecurity incident.” The company has described that the situation has proved to be disruptive to business operations, causing delays in both production and shipments. A third party forensic IT company is investigating the incident and the company is hoping to get all systems back to regular operation shortly. Read more.
Philippines government website compromised in politically motivated hack
A group of hackers calling themselves “Cyber PH for Human Rights” has stated that they are responsible for the hacking of the Philippines’ main government website. The web portal was reportedly subjected to a “denial of service” attack which prevented users from accessing the site. Cyber PH for Human Rights claims that the hack was carried out as a form of protest against alleged human rights violations carried out by the current President. The Philippines National Bureau of Investigation is reportedly confident in their ability to track down those responsible. Read more.
Exploit by Chinese hacker group Hafnium compromised data of 30,000 United States organizations
The security risks related to Chinese hacker group Hafnium’s exploitation of a vulnerability within Microsoft Exchange Server continue to grow as it is currently estimated that around 30,000 U.S. organizations have had their data breached. While Microsoft has issued an urgent security update regarding the hack, many servers still remain unpatched and are therefore continually being targeted. It is stated that, at this point, Hafnium has infiltrated hundreds of thousands of servers all over the world. Read more.
Data hosting company pays ransom to protect user data
Minnesota-based data hosting company Netgain Technology had its information compromised at some point late last year. Exposed was the personal data of up to 200,000 patients and employees at Tacoma, Washington-based health care firm MultiCare Health System. Netgain Technology is said to have acted as swiftly as possible in order to mitigate damages associated with the attack, but was unsuccessful in preventing data from being stolen and involved in a ransomware attack. After consulting with law enforcement and cybersecurity officials, Netgain ultimately paid the ransom and retrieved the data. Read more.
Hackers gain access to thousands of security cameras
Silicon Valley security startup Verkada, Inc. has had its data breached by an international hacker collective. The attack has allowed the hackers to access live video footage from 150,000 surveillance cameras across a myriad of industries. Affected parties include schools, hospitals, prisons, and even electric vehicle manufacturer Tesla. The parties claiming credit for the hack state that their intention was to highlight the pervasiveness of video cameras throughout daily life and to show how easily the systems could be compromised. Access was gained due to administrator login credentials being exposed online. Read more.
New Jersey state employee portal hacked
Around 200 individuals have had sensitive data exposed in a cyberattack carried out against myNewJersey, a portal used by state employees. According to officials, the information accessed includes Social Security numbers, birthdays, and pension data. The hack was carried out using a tactic called “credential stuffing” in which bad actors were able to gain access to data using previously compromised login information gathered from the dark web. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402