Cybersecurity news provided by NetworkTigers on Monday, 1 March 2021.
SAN MATEO, CA — Cybercriminals target Oxford University, Clubhouse chat room app data breach, Accellion software vulnerability, Kentucky unemployment website victim of cyber attack, ransomware attack on airplane manufacturer Bombadier, Illinois hospital reverts to paper records, connected vehicles easy targets, Apple iCloud vulnerability patched
Hackers zero in on Oxford University lab’s COVID-19 research
Cybercriminals have targeted an Oxford University laboratory performing COVID-19 studies in an effort to access and sell their research data. While hackers boasted about breaking into their system, the University has stated that the attack has not had an effect on their research which does not actually take place where the breach occurred. Additionally, no patient data or records appear to have been compromised in the attack. The pandemic has resulted in a great increase in university and laboratory-based hacking attempts as foreign actors target international institutions attempting to steal data related to the virus and ongoing vaccine research. Read more.
Popular chat app Clubhouse audio breach raises privacy concerns
Audio chat room app Clubhouse appears not to be up to the task of safeguarding user data, as an attacker has proven that the app’s live audio could be pulled and streamed to third-party websites. The breach comes only a week after the app’s developers stated that they were working to improve security. Clubhouse’s back-end operations are handled by Chinese startup Agora, Inc. which also raises privacy concerns for Chinese citizens with regard to dissident political speech being exposed. The Stanfield Internet Observatory, first to raise concerns about the app, has stated that all users of Clubhouse should assume that their chats are being recorded. Read more.
Multinational cybersecurity advisory on Accellion hack released
In response to the far reaching effects of the exploitation of a vulnerability in a piece of Accellion software, the United States, Australia, New Zealand, the United Kingdom, and Singapore have released a Joint Cybersecurity Advisory. The document lists technical details regarding the exploit, how and when the software was hacked, and what steps are to be taken to help lessen or prevent further damage from bad actors. The document is available online and as a downloadable PDF. Read more.
Cyberattack takes Kentucky unemployment website offline
Throwing yet another wrench into an already stressful and frustrating process, Kentucky residents attempting to log in to the state’s unemployment insurance website last Wednesday were temporarily unable to due to an attempted cyberattack. As per officials, hackers sought to overwhelm the site using random login names, but failed to actually reach any sensitive information. The website was back online Wednesday afternoon, but the incident speaks volumes about the importance of web security in regard to state and government data. Read more.
Michigan hospital suffers email attack
Covenant HealthCare, a hospital located in Saginaw, Michigan, has had a data breach due to an unauthorized person accessing two user email accounts. Sensitive information was exposed in the hack, and the hospital has reached out to those affected. No misuse of the data has been reported so far, although Covenant has made it clear that they were not able to find contact information for all of the individuals who have been affected. Read More.
Airplane manufacturer falls victim to ransomware attack
Canadian airplane manufacturer Bombardier has reportedly fallen victim to a ransomware attack that has resulted in the company’s intellectual property and designs being freely posted on the dark web. While not explicitly stated, it is believed that Bombardier’s data was compromised in the recent and widespread hack of a third-party file transferring app developed by Accellion. The company has stated that, at this point, no sensitive personal data related to the breach has been posted online. Read more.
Illinois hospital reverts to paper records in response to cyberattack
The IT department at St. Margaret’s Health – Spring Valley has completely shut down web based operations including email and patient portals after suffering a cyberattack. While the hospital staff does not currently know how the breach occurred, they state that there is no evidence that patient records were accessed. As a result of the attack, the hospital has temporarily reverted to paper records. Telephone and fax services have been deemed safe. The hospital does not yet have a timeline in place for when its network will be back online. Read more.
Connected vehicles found to be easily hacked
A recent report reveals that connected vehicles are easy targets for even low skilled hackers. Malicious attacks could result in blocking safety features or jamming wireless transmissions in order to disrupt vehicle operation. While the attacks are unlikely due to the simple fact that they can’t currently be monetized by hackers, the study makes the case that these vehicles provide many options for bad actors to take advantage of and further reinforces the need for vigilance and security in an ever more connected digital landscape. Read more.
Apple fixes iCloud vulnerability
A weakness in Apple’s iCloud that could allow a hacker to embed malicious code within certain apps has been patched by Apple. The vulnerability requires a series of very specific and somewhat convoluted steps to exploit and was discovered by bug bounty hunter Vishal Bharad. As per Apple’s bounty program, Bharad was paid $5,000 for unearthing the flaw. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402