Update of August 10: Following publication of our article with a statement from Greenway Health that the attack appeared to be on a former client and not them (but it was under investigation), DataBreaches.net checked the threat actor’s leak site today and found the entire listing is gone. This could mean a number of things,…
Category: Commentaries and Analyses
Actively exploited bug bypasses authentication on millions of routers
Sergiu Gatlan reports: Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication….
Israeli cyber company detects severe Amazon security breach
The Jersualem Post reports: A severe security breach was detected in Amazon’s e-book tablet Kindle by Israeli cybersecurity provider Check Point, the company revealed on Friday. According to the company’s Israeli cyber investigators, the security breach found allowed them to hack the tablets, gain full control and steal the e-reader users’ Amazon accounts. Read more on The…
PwnedPiper
By Ben Seri and Barak Hadad Nine vulnerabilities in critical infrastructure used by 80% of major hospitals in North America. Swisslog’s Translogic Pneumatic Tube System (PTS), a solution that plays a crucial role in patient care, found vulnerable to devastating attack. Read more on ARMIS.
Secrets and Lies: The Games Ransomware Attackers Play
Mathew J. Schwartz reports: If you’re a criminal, practicing good operational security would seem to preclude granting tell-all news media interviews. And yet we’ve seen a spate of attackers who wield ransomware – including MountLocker, LockBit, REvil and DarkMatter – sharing insights into their inclinations, motivations and tactics. One perhaps inadvertent takeaway from their interviews…
SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break
Gareth Corfield reports: SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business. Insisting that it was “the victim of the most sophisticated cyberattack in history” in a…