ClearInfosec TIB Logo
Date:Oct 13, 2021
 
      Cyber Security News
  No honor among thieves: One in five targets of FIN12 hacking group is in healthcare
The group strikes big game targets with annual revenues of over $6 billion.
Read More...
  Rapid RYUK Ransomware Attack Group Christened as FIN12
Prolific ransomware cybercrime group's approach underscores a complicated, layered model of cybercrime.
Read More...
  Ransomware: Cyber criminals are still exploiting these old vulnerabilities so patch now
Years-old security vulnerabilities remain a common attack method for ransomware attacks because organisations aren't applying the patches to fix them.
Read More...
  Quest-owned fertility clinic announces data breach after August ransomware attack
350,000 patients of ReproSource had their medical data leaked and some even had SSNs and credit card numbers exposed as well.
Read More...
  FBI arrests engineer for selling nuclear warship data hidden in peanut butter sandwich
A husband and wife team tried to sell critical information on US submarine nuclear reactors.
Read More...
  Microsoft Azure fends off huge DDoS Attack
Microsoft successfully blocked a 2.4 Tbps Distributed Denial of Service (DDoS) attack on one of its European Azure cloud customers.
Read More...
      Best Practices
  6 ways the pandemic has triggered long-term security changes
Some of the changes to IT environments prompted by the COVID-19 pandemic—primarily work-from-home (WFH) and cloud adoption—are here to stay and will require ...
Read More...
  North American Orgs Hit With an Average of 497 Cyberattacks per Week
A new analysis confirms a surge in global cyberattacks since the COVID-19 pandemic began.
Read More...
  71% of Security Pros Find Patching to be Complex and Time Consuming Ivanti Study Confirms
Challenges with lack of time and vulnerability and patching prioritization are putting organizations at increased risk of cyberattacks.
Read More...
      New Threats and Vulnerabilities
  CVE-2021-20375
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper acce...
Read More...
  CVE-2021-37918
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Read More...
  CVE-2021-40439
Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial...
Read More...
  CVE-2021-40725
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerab...
Read More...
  CVE-2021-40189
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an...
Read More...
  CVE-2021-40500
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations ...
Read More...
      Patch Management
  Ransom disclosure law would give firms 48 hours to disclose payments to ransomware gangs
Organisations who find their networks hit by a ransomware attack may soon have to disclose within 48 hours any payments to their extortionists. Read more in ...
Read More...
  Man charged with hack which shared COVID-19 test details in protest against vaccine pass
Police in France have arrested and charged a 22-year-old man with hacking into a "secure" file-sharing systems used by a Parisian hospital trust, and stealing t...
Read More...
  Addressing the backup dilemma to ransomware recovery
The experts at security firm Bitdefender, in collaboration with "a trusted law enforcement partner", have made available a universal decryptor for victims of th...
Read More...
  Microsoft thwarts mega-DDoS attack on Azure platform
The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands, as for...
Read More...
  Cybercriminals threaten to hack EU hospitals in latest COVID-19 vaccine scam
Cybercriminals are demanding people's personal information and claiming to have the ability to falsify vaccination records at hospitals across the European Unio...
Read More...