Cybersecurity news provided by NetworkTigers on Monday, 24 January 2022.
SAN MATEO, CA — Open Subtitles hacked due to outdated security, Ohio health system attacked with ransomware, COVID scams increase by 500% due to Omicron, Apple Safari bug exposes user data, cyberattack affects Red Cross, Minnesota family clinic breached, Beijing Olympics app contains critical privacy flaw, New Mexico school attacked with ransomware, top stolen credit card marketplace shutting down, Crypto.com hacked, Ukraine claims Russia behind “hybrid” cyberattack war.
Open Subtitles hacked due to outdated security
Open Subtitles, a popular website that is used to download thousands of subtitle files for shows and movies in different languages, has been the victim of a ransomware attack that has exposed user data including IP addresses and passwords. Open Subtitles was launched in 2006, and reportedly has not had its security measures updated since. The site was hacked via a weak administrative password. Read more.
Ohio health system attacked with ransomware
Ohio-based Memorial Health Systems has reported that in August of 2021 it suffered a ransomware attack. The attack at the time caused the rescheduling of procedures and other disruptions to services. Statements following the attack lead readers to believe that the hospital system paid a ransom to regain their data. In December of last year it was determined that patient data may have been accessed or stolen, and Memorial Health Systems has offered affected individuals free credit monitoring services. Read more.
COVID scams increase by 500% due to Omicron
Phishing scams that are designed to capitalize on pandemic anxiety have skyrocketed 500% in the wake of worries over the latest Omicron variant of the COVID-19 virus, according to a report from Barracuda Networks. Malicious actors often try to capitalize on current events, and the pandemic has provided ample opportunities for people to craft scams based on vaccinations, testing and regulation rollouts as the pandemic continues into its third year. Read more.
Apple Safari bug exposes user data
A flaw present in Safari 15 allows for the use of malicious code to track a victim’s internet activity and possibly reveal their identity according to researchers at FingerprintJS. Apple has marked the flaw as “resolved,” although they have yet to release an update to close the vulnerability. Falling victim to this exploit requires nothing more than visiting a malicious website that has been designed to take advantage of it. Read more.
Cyberattack affects Red Cross
An attack against a subcontractor used by the International Committee of the Red Cross has reportedly compromised the data of more than 500,000 “highly vulnerable” people. While the data accessed has yet to be leaked, the Red Cross has had to temporarily shut down IT infrastructure that is used to help reunite families separated by incidents such as conflict or natural disaster. It is not currently known what company the attack was launched against nor who may be responsible. Read more.
Minnesota family clinic breached
Entira Family Clinics, based in St. Paul, Minnesota, has reported that a breach had taken place involving a third party that it employs for cloud services. Nearly 200,000 patients are affected by the breach, although Entira has stated that no improper use of any data has thus far been detected. Affected individuals have been offered complimentary credit monitoring services. Read more.
Beijing Olympics app contains critical privacy flaw
The MY2022 app that attendees of the upcoming Beijing Winter Olympics need to manage documents and communication has been found to have a serious flaw that allows a third party to work around the encryption it uses. Information that users are required to upload to the app includes passport information, travel history and health data. The app’s flaws are drawing considerable concern given that Olympic events are prime targets for cyberattacks. Read more.
New Mexico school attacked with ransomware
The Albuquerque Schools student information system was attacked with ransomware, according to a statement from the Superintendent. The FBI and law enforcement are reportedly investigating the attack, which is said to not have exposed any sensitive personal information. The Superintendent’s statement did not make clear if the attack was initiated from outside the country or from within US borders. Read more.
Top stolen credit card marketplace shutting down
UniCC, a leading marketplace for the buying and selling of stolen credit card credentials, has announced that it is shutting down operations. While the administrators of the site imply that they are simply unable or unwilling to keep up with the demands of running illicit black market operations, researchers feel that pressure from authorities may be causing them to quit. Additionally, some feel that the site’s administrators are using the volatility of the underground market as a means to cut their losses while making off with any unspent balances that their users may not spend before the marketplace goes offline. Read more.
Popular crypto exchange Crypto.com has been hacked, with numerous reports of accounts having funds withdrawn by unauthorized users. In response, the company restricted withdrawals on the platform. The hackers are suspected to have accessed user data after getting through two factor authentication, and Crypto.com is urging all users to reset their login credentials. Read more.
Ukraine claims Russia behind “hybrid” cyberattack war
Ukraine, after suffering a widespread cyberattack that defaced numerous government websites, is claiming that there is sufficient evidence to place blame for the incident on Russia’s efforts at initiating a “hybrid” war with the country. Tensions with Russia have been heightened as Moscow is demanding that Ukraine, a former Soviet state, not be permitted to join NATO. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses, health care and government agencies globally. www.networktigers.com
NetworkTigers provides the latest industry and cybersecurity news in a weekly roundup at news.networktigers.com.