<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 6/3/2021

Breaches

Sensitive medical, financial data exposed in extortion of Massachusetts hospital

A hospital in Massachusetts quietly paid off a ransomware gang after a February hack that exposed patients' sensitive medical and financial data, the hospital said in a May 28 statement. Sturdy Memorial Hospital, a 126-bed facility in the city of Attleboro, said that the information exposed in the hacking incident may have included insurance claim numbers, medical history, treatment information, Social Security numbers, bank routing numbers and credit card numbers and security codes, among other data. READ MORE...

Hacking

Massachusetts' largest ferry service hit by ransomware attack

The Steamship Authority, Massachusetts' largest ferry service, was hit by a ransomware attack on Wednesday which led to ticketing and reservation disruptions. "The Woods Hole, Martha's Vineyard, and Nantucket Steamship Authority has been the target of a ransomware attack that is affecting operations as of Wednesday morning," the ferry service said on Wednesday. "There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality." READ MORE...


FUJIFILM shuts down network after suspected ransomware attack

FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread. FujiFilm, also known as just Fuji, is a Japanese multinational conglomerate headquartered in Tokyo, Japan, which initially started in optical film and cameras. It has grown to include pharmaceuticals, storage devices, photocopiers and printers (XEROX), and digital cameras. FUJIFILM earned $20.1 billion in 2020 and has 37,151 employees worldwide. READ MORE...

Malware

Exchange Servers Targeted by 'Epsilon Red' Malware

REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests. Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red. READ MORE...

Information Security

Processor Morphs Its Architecture to Make Hacking Really Hard

Exploiting memory leaks, injecting code into processes, and a variety of side-channel attacks could become much more difficult to pull off if a technique for creating a "morphable" processor architecture gains widespread adoption. The research effort, known as Morpheus, is a set of architectural changes to processors that implement two protections: the randomization of processor elements critical to program execution and the periodic encryption of those elements, a process called "churn." READ MORE...

Exploits/Vulnerabilities

Zerodium Offers $100,000 for Pidgin Zero-Day Exploits

Exploit acquisition firm Zerodium on Tuesday announced that it is offering $100,000 for severe vulnerabilities in Pidgin for Windows and Linux. Pidgin is a multi-platform instant messaging client that relies on the libpurple library to provide support for multiple messaging protocols, which allows users to use the same application with multiple messaging services. The exploit broker is looking for exploits that could be triggered remotely to achieve execution of arbitrary code. READ MORE...


Trend Micro Releases PoC Exploit for Vulnerability Affecting macOS, iOS

Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. The flaw, tracked as CVE-2021-30724, was discovered by Trend Micro researcher Mickey Jin, and it was patched by Apple on May 24 with the release of macOS 11.4, iOS 14.6 and iPadOS 14.6. The vulnerability can allow a local attacker to elevate privileges by sending specially crafted requests. READ MORE...

On This Date

  • ...in 1927, saxophonist Homer Louis "Boots" Randolph, famous for his 1963 hit "Yakety Sax", is born in Paducah, KY.
  • ...in 1950, singer-songwriter and '70s glam rocker Suzi Quatro is born in Detroit, MI.
  • ...in 1958, the University of Cincinnati gets its first computer, an IBM 650, which costs $28k per year to lease and uses less power than a cell phone.
  • ...in 1965, astronaut Ed White becomes the first American to walk in space, during the Gemini 4 mission.