Security News > 2021 > September

Healthcare cybersecurity under attack: How the pandemic affected rural hospitalsIn this interview with Help Net Security, Baha Zeidan, CEO at Azalea Health, talks about how rural hospitals have been affected by the pandemic and what steps they should take to boost their cybersecurity posture. 3 ways to protect yourself from cyberattacks in the midst of an IT security skill shortageEnterprises face a catch-22 situation: Security is more vital than ever, but cybersecurity positions are nearly impossible to fill.

The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. Since 2019, the REvil ransomware operation, aka Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files.

Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service attack by a new botnet called M?ris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second, dwarfing a recent botnet-powered attack that came to light last month, bombarding an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called M?ris - meaning "Plague" in the Latvian language - a "Botnet of a new kind."

A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly. The cybersecurity firm attributed the intrusion to a group it tracks as SparklingGoblin, an adversary believed to be connected to the Winnti malware family.

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances services that could have been exploited by a malicious actor "To access other customers' information" in what the researcher described as the "First cross-account container takeover in the public cloud." Azure Container Instances is a managed service that allows users to run Docker containers directly in a serverless cloud environment, without requiring the use of virtual machines, clusters, or orchestrators.

Facebook's WhatsApp on Friday said users will soon be able to store end-to-end encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS, with an option to self-manage the encryption key. "We're adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud," said Facebook supremo Mark Zuckerberg in a missive on his platform.

Researchers have found possible evidence of paternal care among bigfin reef squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered....

This week marked the return of the notorious REvil ransomware group, who disappeared in July after conducting a massive attack using a Kaseya zero-day vulnerability. In other news, a report was released this week outlining what a ransomware gang's ideal target is for attacks, and the Ragnar Locker gang threatened to automatically release stolen data if victims contact negotiators or law enforcement.

Almost 79,400 MyRepublic mobile subscribers have been caught up in a data breach that exposed a range of personal information, the company has confirmed. The intrusion in question was aimed at a third-party data storage platform used to store the personal data of MyRepublic's mobile customers, the firm noted, in a Friday website notice.

A business falls victim to a ransomware attack every 11 seconds, making ransomware the fastest-growing type of cybercrime. The first thing to do when dealing with a ransomware attack is to assess your options for recovery.