Cyber Bites

A non-standard and somewhat weird password reset operation is currently underway at a German university, where more than 38,000 students and staff were asked this week to stand in line with their ID card and a piece of paper to receive new passwords for their email accounts. All of this is going on at the Justus Liebig University (JLU) in Gießen, a town north of Hamburg, Germany. Source: ZD Net

A cyberattack against LifeLabs exposed personal information on patients in Ontario and British Columbia. A cyberattack against LifeLabs, Canada's largest medical testing provider, left personal information of more than 15 million individuals exposed before the company paid a ransom to retrieve the data. According to a letter sent to customers, the names, addresses, email addresses, customer logins and passwords, health card numbers, and lab test results for individuals in Ontario and British Columbia were breached in...

The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year ago, with amplification attacks using the domain name system (DNS) remaining the most popular technique for attacking targets.DNS amplification attacks accounted for 45% of the attacks, while HTTP floods and TCP SYN attacks accounted for 14% and 7.7%, respectively, according to new data published by network security firm Nexusguard. Source: Dark Reading

Only 6% of all breaches in 2019 were suffered by financial services firms, according to Bitglass. However, these breaches compromised significantly more records than those that occurred in other industries. In total, more than 60% of all leaked records in 2019 were exposed by financial services organizations. This is at least partially due to the Capital One mega breach, which compromised more than 100 million records. Source: Help Net Security

WordPress has pushed out version 5.3.1 patching four security issues. WordPress versions 5.3 and earlier are affected and the company is recommending users download the new version, which is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released. Source: SC Magazine

An unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year. In what the breach discovers VPNMentor described as a major lapse in LighInTheBox’s data security and potentially devastating to the victims exposing them to not only a cyberattack but potentially a physical confrontation as the data included enough clues to allow a malicious actor to discover their home address. Source:...

New Jersey’s largest hospital system said that it has paid hackers a ransom after a ransomware attack disrupted its services earlier this month. Hackensack Meridian Health, a $6 billion non-profit health provider system based in Edison, N.J., operates 17 hospitals, nursing homes, and outpatient centers, as well as psychiatric facility Carrier Clinic. The hospital system told media outlets on Friday that it was targeted by a cyberattack on Dec. 2, crippling its computer software systems...

Based on files uploaded to the VirusTotal scanning service, the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors.On December 14th, 2019, one day after the City of New Orleans ransomware attack, what appear to be memory dumps of suspicious executables were uploaded from an IP address from the USA to the VirusTotal scanning service. Source: Bleeping Computer

In Greek mythology, Sisyphus, the King of Corinth, was punished by Hades by being forced to roll a huge stone up a hill, only to have it roll down again as soon as he reached the summit, and then have the process repeat ad infinitum. The Paradox of Sisyphus exemplifies the modern state of cybersecurity. Source: Help Net Security

Privacy concerns will ratchet up further around IoT and 5G. Even if the industry manages to secure the billions of IoT devices already deployed, they permeate so many aspects of life that it will be nearly impossible to keep personal and private information out of the public domain. Source: Help Net Security