IT Security Newsletter

IT Security Newsletter - 8/24/2022

Written by Cadre | Wed, Aug 24, 2022

Hackers demand $10 million from Paris hospital after ransomware attack

Malicious hackers are demanding $10 million from a French hospital they hit with ransomware last weekend. The Hospital Center Sud Francilien (CHSF) in Corbeil-Essonnes, south-east of Paris, was struck late on Saturday night, causing major disruption to health services. The following morning, CHSF announced that it had initiated an emergency "white plan" after the attack made it impossible for the hospital to access its business software, storage systems, and information systems related to patient admissions. READ MORE...

Attacker snags account details from streaming service Plex

Users of popular streaming and media organizing service Plex are waking up to an unpleasant email this morning saying, in the words of a Reg reader, "Plex have been hacked and their main site is down as we all rush to change passwords." The email, forwarded by several readers, states that a third-party attacker was able to access a "limited subset" of user accounts that "were hashed and secured in accordance with best practices." READ MORE...

Credential stuffing hammers US businesses as account data for sale in bulk

Cybercriminals are using proxies and configurations to mask and automate credential stuffing attacks targeting U.S. businesses, the FBI warned last week. Multiple public sites are selling compromised account credentials. A pair of these sites investigated by the FBI and the Australian Federal Police contained more than 300,000 unique credentials, the agency said in Thursday warning to private industry. READ MORE...

Ransomware attack surges tied to crypto spikes

The volume of ransomware threats surged in June to more than 1.2 million incidents, reaching levels last observed in January, according to Barracuda Networks research released Tuesday. The spikes in ransomware activity preceded periods of slowdown, dipping to a 2022 low of about 350,000 attempts in March. But these downward trends are temporary and often correlate to cryptocurrency values, Barracuda Networks CTO Fleming Shi said. READ MORE...

IBM Patches Severe Vulnerabilities in MQ Messaging Middleware

IBM this week announced patches for high-severity vulnerabilities in IBM MQ, warning that attackers could exploit them to bypass security restrictions or access sensitive information. Messaging and queuing middleware, IBM MQ provides enterprise-grade messaging between applications, enabling the transfer of data between programs and the sending of messages to multiple subscribers. READ MORE...

New 'Donut Leaks' extortion gang linked to recent ransomware attacks

A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Two victims disclosed these attacks without much information regarding who was involved. Over the weekend, DESFA confirmed they suffered a cyberattack after Ragnar Locker leaked screenshots of allegedly stolen data. READ MORE...

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

In September 2021 we told you about insecure Hikvision security cameras that were ready to be taken over remotely. However, according to a whitepaper published by CYFIRMA, tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update, and are therefore vulnerable to exploitation. According to the researcher that reported it last year, the vulnerability has existed at least since 2016. READ MORE...

Smartphone gyroscopes threaten air-gapped systems, researcher finds

An Israeli security researcher known for foiling air gap security measures has published a reminder of just how vulnerable the approaches are to both visual and ultrasonic threats. A pair of preprint papers from Mordechai Guri, head of R&D at Ben-Gurion University's Cyber Security Research Labs, detail new methods for transmitting data ultrasonically to smartphone gyroscopes and sending Morse code signals via LEDs on network interface cards (NICs). READ MORE...

  • ...in 1891, Thomas Edison files a patent for his motion picture camera.
  • ...in 1932, Amelia Earhart is the first woman to fly across the US non-stop.
  • ...in 1989, baseball commissioner A. Bartlett Giamatti bans Cincinnati Reds manager Pete Rose from baseball for gambling.
  • ...in 2006, Pluto is downgraded to a dwarf planet when the International Astronomical Union (IAU) redefines the term "planet."