Cybersecurity news provided by NetworkTigers on Monday, 20 September 2021.
SAN MATEO, CA — Anonymous hacks Epik domain registrar, Texas cancer treatment center’s network shut down after attack, HP Omen software potentially exposed millions of gamers, Aviation sector discovered to have been under attack for two years, Arizona healthcare provider hacked, loses access to all data, Massachusetts attorney general initiates probe into T-Mobile breach, Maine healthcare company breach affects over 100,000 people, breach, 61 million fitness tracker records exposed in breach, Apple releases security update in response to Pegasus spyware, North Korean hacker group attacks via social media, Spyware a growing threat in industrial control systems.
Anonymous hacks Epik domain registrar
Anonymous, a well known hacktivist collective, has reportedly stolen a decade’s worth of information from Epik, a domain registrar that is recently known for hosting far-right websites such as Gab and Parler. Epik has thus far denied that the breach occurred, although independent researchers have been able to verify most of Anonymous’ claims. Epik was reportedly warned of vulnerabilities in its security weeks before the attack took place. Read more.
Texas cancer treatment center’s network shut down after attack
Texas-based Austin Cancer Centers has been forced to shut down its network after a cyberattack exposed the data of over 36,000 patients. The clinic reports that it is unable to determine if the hack was a ransomware attack at this time. The company is offering those affected free credit monitoring and fraud insurance. Read more.
HP Omen software potentially exposed millions of gamers
Hp Omen Gaming Hub, software included on HP Omen laptops and desktops meant to optimize gaming performance, was found to have a bug that exposed millions of gamers to the possibility of a cyberattack. The software has been patched, but it has also been revealed that the software itself was largely built by copying code from an already problematic open-source driver known as WinRing0.sys. Read more.
Aviation sector discovered to have been under attack for two years
Threat actors from Nigeria are suspected to be behind phishing campaigns that have been targeting the aviation sector with malware attacks over the last two years. The discovery sheds light on the reality that small-scale hackers with off-the-shelf technology can remain undetected for long periods of time as they carry out their attacks. Read more.
Arizona healthcare provider hacked, loses access to all data
Queens Creek, Arizona-based healthcare provider Desert Wells Family Medicine has lost almost all of its electronic health record data after falling victim to a cyberattack. The practice was hacked in May of this year. While the company had backed up all of its data prior to the hack, the criminals succeeded in encrypting both the backup data and the original files in a ransomware attack. Forensics experts report that it does not appear as though information was stolen prior to the encryption. Read more.
Massachusetts attorney general initiates probe into T-Mobile breach
This year’s breach of T-Mobile impacted almost 55 million individuals, exposing Social Security numbers, home addresses and more valuable data. Maura Healey, the attorney general of Massachusetts, has announced a probe into the breach in order to determine what safeguards T-Mobile had in place regarding the protection of sensitive customer information. The hack of T-Mobile was conducted by a 21 year old American living in Turkey who was able to break into the company’s servers from his mother’s residence. Read more.
Maine healthcare company breach affects over 100,000 people
Maine’s HealthReach Community Health Centers has reported a data breach that affects more than 100,000 people over the 11 community health centers the system is made up of. An attorney representing the company has stated that an employee at a third party data storage facility improperly disposed of hard drives that contained personal information belonging to HealthReach patients. HealthReach has not noticed any reported misuse of data at this time. Read more.
61 million fitness tracker records exposed in breach
61 million Fitbit and Apple fitness tracker records have been exposed due to an unsecured database according to security researchers at Website Planet. The database reportedly belongs to GetHealth, a company that provides universal access to data from hundreds of different wearable devices. While the data exposed does not contain Social Security numbers or payment info, GPS locations and travel patterns can give criminals insight into where people live and when they may not be home. Read more.
Apple releases security update in response to Pegasus spyware
Apple is recommending all users to update iOS, macOS and watchOS in order to defend against Pegasus spyware. Users of Apple products should immediately download and install iOS 14.8, iPadOS 14.8, watchOS 7.6.2 and macOS Big Sur 11.6. The OS updates have been released just before Apple’s iPhone 13 event this week. Read more.
North Korean hacker group attacks via social media
Kumsong 121, a hacker group from North Korea, has been using social media to engage in spear phishing attempts. The group’s tactics involve friending people on social media, engaging in conversation and then providing a link to malicious software that opens their computer to outside access. The group has also been targeting Android users, with their attacks allowing them to access audio recordings, photos and personal data stored on peoples’ smartphones. Read more.
Spyware a growing threat in industrial control systems
Russian security vendor Kaspersky has reported that one out of every three industrial control systems have been targeted by malicious hackers in the first half of 2021. Public-facing systems that include unpatched or outdated software are said to be magnets for remote attacks from malicious actors or politically-motivated hackers looking to steal data or gain insight into various industries. Read more.
More cybersecurity news
- Last week’s news
- Next week’s news
- All cybersecurity news and articles brought to you by NetworkTigers.
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402