<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/4/2022

SHARE

Top News

Florida's Broward Health Confirms October 2021 Breach

Florida's Broward Health hospital system has notified employees and patients of a data breach that occurred on Oct. 15 and compromised a wide range of personal and medical information. An attacker gained entry to the Broward Health network via the office of a third-party medical provider that was allowed access to the system to provide healthcare services, officials confirm in a disclosure of the incident. Broward Health detected the attack on Oct. 19 and contained the incident. READ MORE...

Breaches

Israeli newspaper Jerusalem Post is hacked, website defaced to include threats

Outsiders defaced the website of a prominent Israeli newspaper early Monday, posting a picture of an Israeli nuclear facility being destroyed by a missile along with a threat in both English and Hebrew. Hackers targeted the home page of the The Jerusalem Post, among the biggest newspapers in Israel, early Monday morning Israeli time, the paper reported. Above the image of the exploding facility was the message: "We are close to you where you do not think about it." READ MORE...


Shopping Platform PulseTV Discloses Potential Breach Impacting 200,000 People

PulseTV has started notifying roughly 200,000 users that their personal information and credit card data might have been compromised as a result of a cybersecurity breach. According to the online shopping platform, its website was "a common point of purchase" for a series of unauthorized credit card transactions, and both VISA and MasterCard cards have been affected. READ MORE...

Hacking

APT 'Aquatic Panda' Targets Universities with Log4Shell Exploit Tools

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group (APT) to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday. READ MORE...

Software Updates

Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide

Microsoft has released a fix for a harebrained Exchange Server bug that shut down on-premises mail delivery around the world just as clocks were chiming in the new year. The mass disruption stemmed from a date check failure in Exchange Server 2016 and 2019 that made it impossible for servers to accommodate the year 2022, prompting some to call it the Y2K22 bug. READ MORE...

Malware

Purple Fox malware distributed via malicious Telegram installers

A malicious Telegram for Desktop installer distributes the Purple Fox malware to install further malicious payloads on infected devices. The installer is a compiled AutoIt script named "Telegram Desktop.exe" that drops two files, an actual Telegram installer, and a malicious downloader. While the legitimate Telegram installer dropped alongside the downloader isn't executed, the AutoIT program does run the downloader (TextInputh.exe). READ MORE...


Portugal Media Giant Impresa Crippled by Ransomware Attack

Media giant Impresa, which owns the largest television station and newspaper in Portugal, was crippled by a ransomware attack just hours into 2022. The suspected ransomware gang behind the attack goes by the name Lapsus$. The attack included Impresa-owned website Expresso newspaper and television station SIC. Both remain offline Tuesday morning as the media giant continued its recovery from a New Year's weekend attack. Impacted is the server infrastructure critical to Impresa's operations. READ MORE...

Exploits/Vulnerabilities

Netgear leaves vulnerabilities unpatched in Nighthawk router

Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched. Nighthawk R6700 is a popular dual-bank WiFi router advertised with gaming-focused features, smart parental controls, and internal hardware that is sufficiently powerful to accommodate the needs of home power users. READ MORE...

On This Date

  • ...in 1853, Solomon Northup regains his freedom after being kidnapped and sold into slavery. His memoir "Twelve Years a Slave" became an Best Picture Oscar-winning film in 2013.
  • ...in 1936, Billboard Magazine publishes its first pop music charts.
  • ...in 2004, the NASA Spirit rover successfully lands on Mars.
  • ...in 2016, IUPAC and IUPAP announced the discovery of four new elements, completing the 7th row of the periodic table.