FinalSite ransomware attack damages thousands of school websites.

Views expressed in this cybersecurity-cybercrime news summary are those of the reporters and correspondents.

Accessed on 07 January 2022, 1334 UTC.

Content provided by “Cyware.com.”

Source:  https://cyware.com/cyber-security-news-articles

Please click link or scroll down to read your selections.

Latest Cybersecurity News And Articles

FinalSite Ransomware Attack Results in Outages for Thousands of School Websites

FinalSite claims to provide solutions for over 8,000 schools and universities. On Tuesday, Finalsite-based websites of school districts were found to be unreachable or were displaying errors.

New Mac Malware Samples Underscore Growing Threat

A handful of malware samples that emerged in 2021 demonstrated once again that Apple’s technologies, while less prone to attack and compromise than Windows systems, are not invulnerable.

FlexBooker Discloses Data Breach Impacting Over 3.7 Million Accounts

The incident took place in December 2021 after a threat actor compromised one of the company’s Amazon Web Services (AWS) accounts, according to Australian security researcher Troy Hunt.

Supply chain cybersecurity: Pain or pleasure?

Cyberattacks have become so advanced that the starting point of an attack is often not the primary target, but the weakest part of the underlying software or hardware supply chain.

US Online Pharmacy Ravkoo Links Data Breach to AWS Portal Incident

Ravkoo disclosed a data breach after the company’s AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed.

Network and security teams must collaborate to successfully deliver digital transformation

A successful partnership can also accelerate the resolution of security issues whilst increasing network resilience, helping both network and security teams to achieve their goals.

Cyberattack on Fertility Centers of Illinois Impacts Thousands of Patients’ Health Information

Fertility Centers of Illinois (FCI) reported the data breach to the Department of Health and Human Services’ Office for Civil Rights (OCR) as affecting 79,943 current and former patients.

Avoiding Cybersecurity Staff Burnout: Keeping Employees Productive and Engaged

Security professionals are already in short supply. Combine that with alert fatigue, a demand surge, and the 24×7 nature of the modern workplace, and it’s clear why employee burnout is increasing.

US arrests suspect who stole unpublished books in phishing attacks

An Italian man allegedly involved in a multi-year scheme to fraudulently obtain hundreds of prepublication manuscripts was arrested at the John F. Kennedy International Airport, in New York.

Night Sky is the latest ransomware targeting corporate networks

According to MalwareHunterteam, who first spotted the new ransomware strain, the Night Sky operation started on December 27th and has since published the data of two victims.

Cyber Awareness 2022: Consider Deepfakes, NFTs and More

From deepfakes to crypto crime to in-flight drone-based data theft, cyber awareness in 2022 will look a bit different. Good cyber awareness means knowing these risks and preparing for it.

JFrog researchers find JNDI vulnerability in H2 database consoles similar to log4shell

Security researchers from JFrog said on Thursday that they discovered a critical JNDI-based vulnerability in the H2 database console exploiting a root cause similar to Log4Shell.

The Log4j debacle showed again that public disclosure of 0-days only helps attackers

Public vulnerability disclosure happens quite frequently, for vulnerabilities in a wide variety of software, from the most esoteric to the most mundane (and widely used).

Indian academic bookseller Oswaal Books fixes alleged RCE and other serious vulnerabilities with Shopify relaunch

Vulnerabilities in the e-commerce domain of Indian bookseller Oswaal Books could have allowed attackers to seize control of the website, a security researcher has claimed.

New Web Skimmer Campaign Attacks via Cloud Video Distribution Supply Chain

Sotheby’s Brightcove account was breached by hackers who deployed a skimmer to pilfer payment card details from more than 100 of its luxury real estate websites.

The Use of Phishing Toolkits to ByPass 2FA is on the Rise

Cybersecurity researchers claimed to have found over a thousand phishing toolkits that are able to hack two-factor authentication, allowing hackers to conduct sophisticated attacks on a target system. It is bizarre to admit that most of these MitM phishing toolkits in use by attackers are based on … Read More

Java RMI services often vulnerable to SSRF attacks

Java RMI services can be attacked through server-side request forgery (SSRF) attacks, according to a detailed analysis of the problem by security researcher Tobias Neitzel.

Chemicals Company Element Solutions Discloses Cybersecurity Incident

The company said it had detected an intrusion on some of its IT systems and it “promptly took action to contain it and implement business continuity and data recovery protocols.”

Attackers Exploit Flaw in Google Docs’ Comments Feature

Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers at Avanan have discovered.

FBI Warns About Ongoing Google Voice Authentication Scams

According to the FBI, the fraudsters are targeting those who have posted their phone number as a form of contact when trying to sell various items on online marketplaces or social media apps.

Government Offices Across Albuquerque, Los Ranchos, and Tijeras Shut Down to Disruptive Cyberattack

The IT systems and public offices in the county are expected to remain closed throughout Thursday and the rest of the week as well, as officials deal with the cyberattack’s aftermath.

Online Fraudsters Impersonated FINRA Broker Dealers via 150 Scam Sites to Dupe 70 Investors

In conversations with victims who reached out for investment opportunities, the fraudsters impersonated FINRA broker-dealers claiming to be from the financial institutions they spoofed on scam sites.

North Korean Attackers’ Peculiar Interest in Cryptocurrency

Experts claimed that state-backed North Korean hackers have stolen nearly $1.7 billion worth of cryptocurrency from various exchanges in the past five years. Federal prosecutors from the U.S. believe that the Government of North Korea regards cryptocurrency as a long-term investment. Crypto exchang … Read More

Health tech vendor QRS faces lawsuit after data theft impacting 319,000 patients

In November 2021, QRS reported that an attacker breached a single patient portal server for three days in August, leading to the unauthorized access to and likely exfiltration of patient-related data.

US Police Warn of Parking Meters with Phishing QR Codes

The QR codes found by Austin police department directed unsuspecting users to a fraudulent website that would ask for payment details with a false promise that their parking session would be paid for.

Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up’

The latest charges – handed down in a superseding indictment returned by a federal grand jury – add to previous charges of obstruction of justice and ‘misprision of a felony’.

Crypto platform ARBIX flagged as a rugpull, transfers $10 million

Arbix Finance, a yield farming platform, has been flagged as a ‘rugpull,’ deleting its site, Twitter, and Telegram channel and transferring $10 million worth of deposited cryptocurrency.

SlimPay fined for exposing bank data of 12 million

SlimPay, a payment services company, has been fined ~$203,000 by the French CNIL regulatory body after it was found holding sensitive customer data on a publicly accessible server for five years.

Deception as a Form of Defense

Deception techniques use misleading tactics to lure attackers, from fake network environments to honeypots, to catch them operating undetected while collecting information to help dissect any attack.