Personal Information Compromised in Goodwill Website Hack
Nonprofit organization Goodwill has started notifying users of its ShopGoodwill[.]com e-commerce platform that their personal information was compromised as a result of a cybersecurity breach. The notice sent out by Goodwill via email was obtained by Australian researcher Troy Hunt, who runs the Have I Been Pwned data breach notification service. The company has informed users that an "unauthorized third party" accessed buyer contact information, including name, email address, phone number, etc. READ MORE...
Maryland Dept. of Health Responds to Ransomware Attack
A cyberattack affecting the Maryland Department of Health (MDH) has been confirmed a ransomware attack, the Depts. Of Health and Information Technology confirmed this week. The attack, first described as a "network security incident," was detected on Dec. 4, 2021. It took the MDH website offline and led to the removal of resources such as the pages people can access to apply for Medicaid or learn more about local nursing home safety. The incident also disrupted the state's reporting of COVID-19 data. READ MORE...
Microsoft resumes rollout of January Windows Server updates
The January 2022 Windows Server cumulative updates are once again available via Windows Update after being pulled yesterday without an official reason from Microsoft. On Tuesday, Microsoft released the January 2022 Patch Tuesday cumulative updates, with the KB5009624 update for Windows Server 2012 R2, KB5009557 for Windows Server 2019, and KB5009555 for Windows Server 2022. READ MORE...
Ukraine: Wiper malware masquerading as ransomware hits government organizations
In the wake of last week's attention-grabbing defacements of many Ukrainian government websites, Microsoft researchers have revealed evidence of a malware operation targeting multiple organizations in Ukraine, deploying what seems to be ransomware but is actually Master Boot Records (MBR) wiper malware. The team noted that it's possible that the attackers exploited CVE-2021-32648, a vulnerability in the October CMS, to reset the admin account password and gain access to it. READ MORE...
Former DHS official charged with stealing govt employees' PII
A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees' personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and acting IG between February 2008 and December 2013. READ MORE...
Critical Cisco Contact Center Bug Threatens Customer-Service Havoc
A critical security bug affecting Cisco's Unified Contact Center Enterprise (UCCE) portfolio could allow privilege-escalation and platform takeover. Cisco UCCE is an on-premises customer-service platform capable of supporting up to 24,000 customer-service agents using channels that include inbound voice, outbound voice, outbound interactive voice response (IVR) and digital channels. It also offers a feedback loop via post-call IVR, email and web intercept surveys. READ MORE...
- ...in 1929, the cartoon character Popeye first appears in the comic strip "Thimble Theatre", drawn by E.C. Segar.
- ...in 1933, TV ventriloquist Shari Lewis, creator of the characters Lamb Chop, Charlie Horse, and Hush Puppy, is born in New York City.
- ...in 1942, three-time heavyweight champion boxer Muhammad Ali is born (as Cassius Clay) in Louisville, KY.
- ...in 1961, President Dwight D. Eisenhower delivers his farewell address, warning against the rise of the "military-industrial complex."
