Cybersecurity news provided by NetworkTigers on Monday, 2 August 2021.
SAN MATEO, CA — CISA issues Top Routinely Exploited Vulnerabilities report, Canadians’ data exposed in breach of parking server, Amazon fined over data privacy, hackers thought to have used Pegasus to hack Tawianese politicians’ messages, San Diego hospital attacked by hackers, crippling hospital cyberattack the result of phishing scam, Virginia police department’s data for sale on dark web, Florida unemployment system hacked, major cyberattack carried out against South African port, retailer Guess discloses breach details, Chinese petition website allegedly hacked by U.S.
CISA issues Top Routinely Exploited Vulnerabilities report
CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) has released a report detailing the most often exploited vulnerabilities from 2020 and thus far in 2021. The Joint Cybersecurity Advisory contains mitigation recommendations and can be downloaded as a PDF. Read more.
Amazon fined $887 million for E.U. privacy violations
Amazon is being fined a record $887 million for alleged violations of user privacy data by the Luxembourg National Commission for Data Protection. The fine is in regard to the way that Amazon uses user information for targeted advertising. Amazon has stated that they intend to appeal the fine. Read more.
Canadians’ data exposed in breach of parking server
The Calgary Parking Authority has had its server breached, leaking personal information for a large but currently unknown number of users. The report says that some of the data exposed in the database contains passwords, full names, addresses, payment information, and more. The Calgary Parking Authority has enlisted the help of a third party agency to help recover from the incident. Read more.
Hackers thought to have used Pegasus to hack Tawianese politicians’ messages
LINE, an app used by high-level Taiwanese politicians to send messages confidentially, has been hacked. The accounts of 100 officials have been found to have been breached, with the perpetrators thought to have been using NSO’s Pegasus spyware to access messages. The leaked data is said to be a matter of national security. Read more.
San Diego hospital attacked by hackers
California’s UC San Diego Health has confirmed that it has been breached due to unauthorized users gaining access to employee email accounts. UC San Diego Health, upon the discovery of the breach, terminated the accounts. The hospital is working with the FBI to determine the best course of action regarding the hack. They have reported that the accounts in question contained personal data pertaining to both patients and staff. Read more.
Crippling hospital cyberattack the result of phishing scam
A cyberattack carried out against the University of Vermont Health Network (UVM) last year that resulted in the disruption of six hospitals was the result of an employee opening a personal email on a company laptop while on vacation, according to a report from the UVM. The findings imply that the attack against the network was not targeted, but a broad phishing scheme carried out by a known criminal gang. Read more.
Virginia police department’s data for sale on dark web
A January cyberattack on Bristol, Virginia’s police department has resulted in sensitive information being posted for sale on the dark web for $30,000. The seller claims to have 2 terabytes of extracted information including the data of employees, citizens, offenses, prosecutions, mail archives, video camera footage, document scans, and more. Read more.
Florida unemployment system hacked
58,000 Florida citizens may have had their personal data such as driver’s license numbers, bank account numbers, claim details, and Social Security numbers stolen in a hack on the state’s unemployment insurance system. The attack was discovered last week and is said to have occurred between April 27 and July 16 of this year. Read more.
Major cyberattack carried out against South African port
South African shipping company Transnet has suffered a cyberattack that has resulted in a halt of operations at three major container terminal ports. The company is taking all necessary steps to mitigate disruption, but has not disclosed any further information pertaining to the attack regarding who may be responsible or what data may have been exposed. The attack is resulting in major delays and unreliability. Read more.
Retailer Guess discloses breach details
Fashion retailer Guess has disclosed that a data breach it suffered in February of this year has exposed the information of 1,300 people. Data leaked includes Social Security numbers, passport numbers and financial account information. While Guess has not placed blame on any specific group for the attack, ransomware gang DarkSide has the retailer listed as a past victim. Read more.
Chinese petition website allegedly hacked by U.S.
The Global Times, a Chinese Communist Party tabloid hosting a petition in support of an inquiry into a U.S. biological laboratory at Fort Detrick, Maryland regarding COVID-19, is claiming to have been the victim of two U.S.-based cyber attacks. The Global Times newspaper, which created the petition, has said that its servers have withstood the attack and no damage was done. It should be noted that the Global Times has a history of disinformation and presenting news from a nationalistic perspective. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402