Cybersecurity news provided by NetworkTigers on Monday, 14 June 2021.
SAN MATEO, CA — Cybersecurity startup COO charged in cyberattack, McDonald’s data breached, annual “Hack the Army” event finds critical security gaps, Alaska still reeling from last month’s cyber attack, video game giant EA has source code stolen, list containing billions of hacked passwords posted online, JBS paid attackers $11 million ransom, New York City Law Department hacked, Colonial Pipeline hacked with single stolen password, FBI seizes ransom paid by Colonial Pipeline, ransomware attack on pipeline firm results in loss of 70GB of data, suspected cyberattack affects two Florida hospitals, Australian healthcare agency breached
Cybersecurity startup COO charged in cyberattack
Vikas Singla, Chief Operating Officer of Atlanta-based healthcare network security startup Securolytics, has been accused of an attack against Gwinnet Medical Center that disrupted phone and printer network service. Singla has pleaded not guilty to all 18 charges against him. Authorities believe that Singla carried the attack for personal gain. Read more.
McDonald’s data breached
McDonald’s employees in South Korea and Taiwan have had information exposed in a data breach. The company’s investigation into the breach has reportedly revealed that only a small number of files were accessed and that McDonald’s was able to quickly address the vulnerability due to a recent strengthening of their security. Affected employees are being contacted, and no payment information was accessed. Read more.
Annual “Hack the Army” event finds critical security gaps
This year’s “Hack the Army” event has revealed 238 vulnerabilities, 102 of them being critical and requiring immediate remediation. The event is an organized effort to allow hackers to comb through the Army’s systems in search of gaps in cybersecurity. “White hat” hackers that succeed in finding vulnerabilities are paid for their efforts. The event is intended to simulate an actual cyberattack from a malicious entity, thereby exposing any weaknesses within the Army’s networks. Read more.
Alaska still reeling from last month’s cyber attack
Alaska’s Department of Health and Social Services is still suffering from the effects of a cyberattack that took place in May. Over a dozen online services were affected and the department’s website was completely shut down. The department’s Commissioner remains uncertain regarding when systems will be fully operational, stating that the need for privacy is taking priority over a speedy recovery. Read more.
Video game giant EA has source code stolen
Video game developer EA has been reportedly breached, with criminals pilfering 780GB of data from the company. Hackers have apparently stolen the source code to FIFA 2021 as well as EA’s Frostbite game engine. The criminals intend to sell the data on the black market. A statement from EA says that while game code was stolen, no player information or any sensitive data was involved in the breach. Read more.
List containing billions of hacked passwords posted online
A list of 8.4 billion passwords, believed to be accumulated from past breaches, has been posted on a popular hacker forum online in a 100GB text file. The passwords are, according to the poster, anywhere from 6 to 20 characters long with non-ASCII characters and white spaces taken out. According to sources, most of the passwords are likely out of date, but all individuals are encouraged to use a reputable data leak checker to look for any breaches that they may have data available in. Read more.
JBS paid attackers $11 million ransom
The attackers who took meat supplier JBS offline have made off with their ransom, as the company has stated that it paid $11 million to bring its operations back online. In a statement, the company’s CEO said that the decision was made in order to “prevent any potential risk” to their customers. Ransomware gang REvil, believed to be based in either Russia or Eastern Europe, is thought to be behind the attack. Read more.
New York City Law Department hacked
The New York City Law Department’s computer systems were breached over the weekend, resulting in a precautionary shutdown as an investigation into the cyberattack is underway. It is currently unclear if sensitive data was leaked or stolen in the event. Due to the shutdown, many legal operations have been delayed with attorneys unable to access the information they need to conduct their work. Read more.
Colonial Pipeline hacked with single stolen password
The hack of the Colonial Pipeline that sent gas prices briefly soaring amid shortages for the parts of the country the pipeline serves was apparently carried out with the use of a single stolen password, according to the company’s CEO. The company’s VPN did not have multi-factor identification protocols in place. The company is still recovering from the cyberattack. Read more.
FBI seizes ransom paid by Colonial Pipeline
The FBI has announced that is has seized the majority of the $4.5 million ransom that Colonial Pipeline paid to the hacker group DarkSide in last month’s ransomware attack against the company. $2.3 million in the form of cryptocurrency has currently been reclaimed in an operation that is believed to be the first of its kind. The FBI is continuing its efforts to bring the criminals to justice, and has issued a statement saying that the usage of crypto is not an effective means with which to evade the law. Read more.
Ransomware attack on pipeline firm results in loss of 70GB of data
LineStar Integrity Services, a Houston-based company that sells auditing, compliance, maintenance, and technology services to pipeline customers, suffered a ransomware attack around the same time as the Colonial Pipeline. Until now, the company has kept the hack quiet, but a group of transparency advocates have discovered and made public the fact that the company actually lost 70 GB of data. While the attack did not affect operations, the information stolen could potentially be used by criminals to gain access to other companies and create more disruption. Read more.
Suspected cyberattack affects two Florida hospitals
The computer systems of two Florida hospitals showed suspicious activity, prompting experts to investigate the possibility of a cyberattack. The Villages Regional Hospital and the UF Health Leesburg Hospital both shut down many of their systems in order to protect patient information. The two hospitals also transitioned to using paper and pen as opposed to digital documents. Read more.
Australian healthcare agency breached
A statement from Australia’s New South Wales Health confirms that the agency’s data was compromised earlier this year due to a vulnerability in Accellion’s file sharing product, File Transfer Appliance. New South Wales Health has stated that medical records were not affected, nor do they still use the software. New South Wales Health has set up a cyber incident hotline in the event that patients need to be reached or have questions. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402