Cyber Bites

Broward Health, a Florida-based healthcare system with over thirty locations, has suffered a significant data breach impacting over a million individuals. The incident took place last October, and Broward Health was able to identify the intrusion four days after the compromise. Authorities were informed immediately, and employees were invited to reset their credentials. It now appears threat actors have been able to get their hands on patients' personal medical information, including sensitive data such as...

A new denial of service (DoS) vulnerability dubbed "doorLock" was recently revealed in Apple HomeKit, impacting iOS 14.7 through 15.2. Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices. According to the researcher who disclosed the details, Apple has been aware of the vulnerability since August 2021, but has not addressed the issue. To trigger 'doorLock,' an attacker would change the name of a HomeKit...

Apple has fixed the macOS vulnerability that could be exploited by unsigned and unauthorized script-based apps to bypass macOS security protocols on fully patched systems. The flaw was identified as CVE-2021-30853, and the vulnerability has been addressed on macOS 11.6.

New data has found that unique cyber-attacks have declined for the first time since 2018. The research has shown that in Q3 2021 there has been a 4.8% decline in unique attacks, which is the first decline recorded since 2018. The researchers have said that this reduction was mainly due to a decline in ransomware attacks, as well as the fact that some of the largest cybercrime gang's activities have been curtailed by law enforcement....

A new phishing campaign is targeting CoinSpot cryptocurrency exchange users in order to steal two-factor authentication (2FA) codes. The threat actors are sending emails from a Yahoo email address, which replicates CoinSpot emails, asking recipients to cancel or confirm a withdrawal transaction. The researchers who discovered the campaign said "the threat actor observed here been meticulous in obtaining access to lucrative crypto accounts. By playing on the recipient’s fears with carefully crafted steps, it could...

Monongalia Health System, Inc., a health system for three hospitals based in West Virginia, USA, has been hit by a business email compromise (BEC) scam. The health system provider was unaware that their cybersecurity defences had been infiltrated. They were alerted by a vendor who had reported not receiving payment in July 2021. Since alerted Monongalia Health System has launched an investigation into the incident which discovered that several of the organisation's employees' email accounts...

The Fives Eyes intelligence alliance have warned that threat actors are actively exploiting an Apache vulnerability in the Log4j logging library. The Five Eyes alliance, consisting of cybersecurity agencies in US, UK, Australia, Canada and New Zealand, announced in a joint statement on Wednesday that, "sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021- 45105 in vulnerable systems." Previously the CISA published guidance on Log4Shell. This joint statement from...

The Belgium Defense Ministry has announced that it has experienced a cyberattack after threat actors exploited a Log4j vulnerability. The attack took place on December 16 and was confirmed this week. According to a Belgium military spokesman, Commander Olivier Séverin, the incident caused damage to internet-connected services, which in turn halted part of the ministry's activities. Since the attack, an investigation has been carried out and the ministry is currently restoring all disrupted services. Belgium's...

Popular gaming platform Ubisoft has this week confirmed a cyber attack, which affected the IT infrastructure of Just Dance. The gaming giant explained in a statement, that the attack was brought on by a misconfiguration, which was quickly fixed upon identification. However, before the remediation was issued, unauthorised individuals were able to access and potentially copy some personal player data. It is still unknown how many users were affected.  Among the data affected were 'technical...

A new phishing campaign has been discovered by researchers which is estimated to have cost victims approximately $80 million per month globally. Researchers have reported that the campaign offers fake giveaways and surveys from popular brands in order to steal data from victims in over 90 countries worldwide, including US, Canada and Italy. The researchers have said that a single network has been found to target almost 10 million victims and 120 brands. Around 60...