Cybersecurity news provided by NetworkTigers on Monday, 3 January 2022.
SAN MATEO, CA — Hacker group uses Log4Shell in attempted university attack, Apache releases new Log4j update, cyberattack stops newspaper presses in Norway, U.S. leads world in data breach victims, in spite of scare LastPass did not suffer password breach, T-Mobile suffers another cyberattack, Eventful 2021 makes cybersecurity a 2022 priority for US government, Shutterfly falls victim to Conti ransomware, cyberattack decline seen in Q3 2021.
Hacker group uses Log4Shell in attempted university attack
An “undisclosed academic institution” narrowly escaped an attack using the Log4Shell vulnerability courtesy of the China-based hacking group “Aquatic Panda.” The attack was disrupted by CrowdStrike, a cybersecurity firm that has been closely monitoring Log4Shell activity since the exploit was publicly disclosed. Read more.
Apache releases new Log4j update
As efforts continue to mitigate damage from the Log4j exploit, Apache has been releasing updates related to newly discovered ways in which the vulnerability can be used by bad actors. The company’s latest patch closes the fifth security gap discovered since the weakness was first found. While subsequent exploits have been more complicated to leverage than the first one, Log4j will likely continue to undergo patching and updating as 2022 unfolds. Read more.
Cyberattack stops newspaper presses in Norway
78 newspapers owned by Amedia, Norway’s largest newspaper publisher, have had their printers halted in the wake of a cyberattack. Affecting the company’s computer systems, the hack has also prevented people from starting or ending their subscriptions. The situation is currently being monitored, with no report yet on whether or not customer or employee data has been accessed. Read more.
U.S. leads world in data breach victims
According to data presented by Surfshark, the U.S. leads the world in the number of data breach victims with a 50 million account lead over the next highest country, Iran. The numbers also show a 22% increase over those from 2020, highlighting the exponential growth rate of cybercrime. Surfshark’s data shows that the U.S. experienced 214.4 million reported breaches in 2021. Read more.
In spite of scare LastPass did not suffer password breach
Users of LastPass password manager received emails alerting them to blocked login attempts, prompting concerns of a cyberattack. The company has stated that the alerts were sent in error and that no evidence of any security breach has been discovered. However, LastPass says it is continuing to monitor and investigate the situation. Read more.
T-Mobile suffers another cyberattack
T-Mobile, having been targeted in a major cyberattack earlier this year, has reportedly suffered another, albeit much smaller, hack. Reportedly, a small number of the carrier’s customers have either fallen victim to SIM swapping attacks, had their personal plan information exposed or both. T-Mobile has confirmed the breach and has stated that they are working to immediately address the security concerns of affected customers. Read more.
Eventful 2021 makes cybersecurity a 2022 priority for US government
High profile cyberattacks, ransomware gang activity and state-sponsored hackers have sparked interest on Capitol Hill in taking a close look at cybersecurity and prioritising policies that seek to bolster defenses and mitigate the damage that cyber criminals are capable of. Because of bipartisan agreement on the importance of cybersecurity, is is likely that 2022 will be a busy year for the US congress with regard to bills and discussion around fortifying information and increasing the accountability of both criminals and those that fail to properly disclose and address breaches and hacks. Read more.
Shutterfly falls victim to Conti ransomware
Popular photo printing company Shutterfly has found itself on the receiving end of a ransomware attack carried out by Conti, a notorious Russian ransomware gang. The attack is said to have stolen corporate data and locked up devices, although it is currently unclear if customer financial data has also been accessed. Shutterfly is said to be negotiating with the gang, who has demanded millions of dollars. Read more.
Cyberattack decline seen in Q3 2021
Instances of unique cyberattacks declined in the third quarter of 2021 by 4.8%, according to a report from Positive Technologies. The decline is said to be the result of a general decrease in ransomware attacks, likely due to the largest ransomware gangs receiving increased pressure from authorities. Researchers also predict that groups providing ransomware as a service will look to instead rely on “employees” to carry out attacks as opposed to selling their services to third parties that are riskier and more prone to legal consequences. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.