Cybersecurity news provided by NetworkTigers on Monday, 13 September 2021.
SAN MATEO, CA — Hacker steals and deletes popular Instagram account after holding it ransom, WordPress releases security update, New Zealand bank reeling after hack, Howard University continues to cancel classes due to cyberattack, United Nations hacked, Hackers leak 500,000 VPN passwords to dark web, attacks on IoT devices double, French visa applicants’ data exposed in cyberattack, attempted cyberattack carried out against Pennsylvania utility company, Texas school district hacked.
Hacker steals and deletes popular Instagram account after holding it ransom
Dadsnet, a father-focused parenting-themed Instagram account, has been deleted after being taken over by a hacker who asked the account’s founders for over $40,000 in ransom. The account was broken into and had its profile photo and name changed. The original owners tried unsuccessfully to restore their access to the account, but ultimately failed. After 36 hours without payment, the account was deleted by the hacker, who referred to themself as “The King.” Read more.
WordPress releases security update
WordPress has released an update that it says fixes 60 bugs and 3 security vulnerabilities within the CMS. Due to the security patches in this release, it is recommended that users update their software immediately. Sites with automatic background updates are already switching over to version 5.8.1. A full list of changes is available. Read more.
New Zealand bank reeling after hack
New Zealand’s ANZ bank has been hit with a Distributed Denial of Service attack, leaving its customers unable to access online banking services. It remains unclear who is responsible for the attack, and the bank has been encouraging patience from its customers via social media. ANZ is assuring customers that they are working to resume services as soon as possible. Read more.
Howard University continues to cancel classes due to cyberattack
Washington state’s Howard University was targeted by a ransomware attack last Friday, the fallout of which has resulted in a network shutdown and online/hybrid classes canceled for the majority of the current week. Students have been using wifi from outside sources or cellular hotspots while faculty and staff continue to struggle with how to best move forward while the school’s network remains offline. Read more.
United Nations hacked
Hackers have allegedly broken into the computer system of the United Nations using login credentials stolen from a UN employee and purchased on the dark web, according to cybersecurity research firm Resecurity. The intrusions occurred between April 5 and August 2 of this year. Since no damage was done to the UN’s network, it is theorized that the hackers were interested in gathering information. Researchers believe that data was stolen throughout the time period in which the intrusions were taking place. Read more.
Hackers leak 500,000 VPN passwords to dark web
A hacker going by the name of “Orange” has leaked the passwords belonging to over 500,000 users of Fortinet’s VPN service. Orange is believed to be a member of ransomware gang Groove. The hacker seems to have used a previously discovered and patched vulnerability within the product. In an unusual turn of events, the information has been posted online for free with Orange asking for no payment in return. Read more.
Attacks on IoT devices double
A report has indicated that attacks on IoT devices have doubled from the second half of 2020 to the first half of 2021. As the popularity of connected devices has increased, so have the attacks on them, with most users not understanding that such devices can potentially provide access to their network if unprotected. Hacked IoT devices can also be used to illegally mine for cryptocurrency. Read more.
French visa applicants’ data exposed in cyberattack
The French Ministry of Foreign Affairs and the Ministry of the Interior reported that 8,700 French visa applicants have had their personal information exposed in a cyberattack that targeted their website. While the ministry claims that the threat was quickly extinguished, it did say that data such as passport numbers and birthdays were leaked in the breach. Read more.
Attempted cyberattack carried out against Pennsylvania utility company
Pennsylvania-based power provider FirstEnergy has locked all users accounts down, requiring new passwords after access was attempted by an unauthorized user. The company noticed that a large amount of login attempts were being made from a source that appeared to be outside of the company. While most of the attempts were not successful, FirstEnergy said that some logins did make it into the network. No sensitive customer information is available through the targeted accounts. Read more.
Texas school district hacked
The Dallas Independent School District, one of the country’s largest school districts, has been hacked, exposing the personal data of students, employees and contractors that has been stored over the past 11 years. The data has not yet been seen to have been sold or misused. The school district has offered free credit monitoring for those affected and does not yet know how the breach was carried out. Read more.
More cybersecurity news
- Last week’s news
- Next week’s news
- All cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402