Cybersecurity news provided by NetworkTigers on Monday, 9 August 2021.
SAN MATEO, CA — Ransom paid to to protect Missouri residents’ data, university breach exposes 355,000 email addresses, senior care website leaks data for millions of users, Senate audit finds most federal agencies unprepared for cyberattack, company running password manager hacked, vulnerability discovered in electric vehicle chargers, report: nearly 3 out of 4 organizations hacked via phishing, Pennsylvania health network hacked, Infosecurity Magazine suffers attack, rebooting phone can stop most phone hacks, Microsoft “PrintNightmare” hack grants outside admin access, Solarwinds hackers breached federal prosecutor email accounts.
Ransom paid to to protect Missouri residents’ data
A July attack against government computers in Joplin, Missouri resulted in an insurer paying an $320,000 ransom to keep hackers from leaking stolen data. The hack shut down the city’s computer systems and caused disruption in the city’s online services. The identity of the attacker is not yet known and the city is working with a third party firm to further investigate the incident. Affected individuals will be contacted. Read more.
University breach exposes 355,000 email addresses
The University of Kentucky has suffered a data breach that has exposed 355,000 email addresses belonging to students and staff. The breach was the result of a vulnerability in a server being used by the university. Exposed information was not limited to residents of Kentucky, as data belonging to those residing in all 50 states and 22 other other countries was also exposed. The university has notified the appropriate authorities of the breach. Read more.
Senior care website leaks data for millions of users
Senior car review website SeniorAdvisor suffered a data breach that has resulted in the leaking of the personal data of millions of North American senior citizens. A misconfigured Amazon S3 bucket used by the company left 182GB of personal data exposed. The data was not encrypted and did not require a password to access. It included names, email addresses, and phone numbers. Read more.
Senate audit finds most federal agencies unprepared for cyberattack
At least 8 federal agencies have failed in a recent audit performed to determine preparedness for cyberattacks. A report titled “Federal Cybersecurity: America’s Data STILL At Risk” graded agencies and found that the majority of them did not meet requirements due to using outdated or unpatched software and not requiring adequate authorization for many systems. Read more.
Company running password manager hacked
Click Studios, a company that runs password manager Passwordstate, suffered a cyberattack earlier this year in which hackers attempted to steal passwords. Customers have been disappointed with the company’s silence after issuing a directive to change their passwords in the wake of the attack. The breach took place over 28 hours. Read more.
Vulnerability discovered in electric vehicle chargers
Cybersecurity firm Pan Test Partners has reported a security flaw in 6 different electric vehicle chargers. The vulnerabilities allow a malicious hacker to affect a vehicle’s charging, view account information, and possibly even breach their home network. The vulnerability in the chargers is an example of how increasingly interconnected appliances create potential security issues. Read more.
Report: nearly 3 out of 4 organizations hacked via phishing
A report from the 20210 Insider Data Breach Survey says that 73% of all organizations have suffered a data breach related to successful phishing attempts. The report indicates that the increase in attacks is due to remote workforces as well as increased sophistication when it comes to phishing scams. In almost a quarter of organizations surveyed, the employee who was hacked was fired or resigned. Read more.
Pennsylvania health network hacked
Pennsylvania’s Lehigh Valley Health Network (LVHN) suffered a data breach in January of this year as a result of the Accellion vulnerability. Patient information including medical record numbers, account numbers, dates of service and payer information was stolen in the hack. Impacted individuals are being offered credit monitoring services and little additional information has been reported about the beach. Read more.
Infosecurity Magazine suffers attack
Infosecurity Magazine, a U.K.-based source for news regarding cybersecurity and hacks, has suffered a major DDoS attack. The hack has left the website offline for over a week, with contributors taking to Soundcloud to report headlines and news in a daily podcast. The hack of Infosecurity Magazine highlights the danger faced by those who end up in the crosshairs of malicious hackers. Read more.
Rebooting phone can stop most phone hacks
Cybersecurity researchers suggest that turning phones off and then back on again is an effective way to thwart most phone hacks. The rebooting of a smart phone may provide just enough of an obstacle to make such attacks not worth a criminal’s effort, according to security authorities. The suggestion to reboot phones periodically comes on the heels of reports of hacks that require no clicking from the phone’s user to take effect. Read more.
Microsoft “PrintNightmare” hack grants outside admin access
Cybersecurity researcher Brian Delpy has shown that a vulnerability within Windows that requires an outside actor to pose as a printer to exploit can be used to access admin level controls within the system. Delpy presumes that hackers are already using this backdoor to break into sensitive computer networks. Microsoft has not yet provided an official fix for this exploit. Read more.
Solarwinds hackers breached federal prosecutor email accounts
The damage from last year’s massive hack of Solarwinds continues to be discovered, as the Justice Department has reported that some of the most prominent federal prosecutors around the country had their email accounts broken into. The email accounts contained sensitive information such as informant names and important case data. No further details about the information exposed in these hacks has been reported at this time. Read more.
More cybersecurity news
- Last week’s news
- Next week’s news
- All cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402