Cyber Threat Report: Cyber Security News for 04/29/22

Log4j Flaw: Thousands of Applications Are Still Vulnerable, Warn Security Researchers
Cybersecurity researchers warn that insecure instances of Lo4j are still out there to be exploited - and are easy for attackers to discover. Read More

Facebook Doesn't Really Know Where All Your Data Goes, Leak Suggests
"We’ve built systems with open borders," the document states. "We do not have an adequate level of control and explainability over how our systems use data…” Read More

This Spiteful New Ransomware Strain is Even More Dangerous Than Usual
Onyx was discovered overwriting files larger than 200MB with gibberish. Files that are smaller in size get encrypted and theoretically could be salvaged with the decryption key. Read More 

Wawa Wants $10.7M From Mastercard for “Unjust” Data Breach Penalty
The credit card company unjustly enriched itself, the complaint states, “through fraud, duress, and the taking of undue advantage by leveraging its position to unilaterally withhold funds that it knew or should have known it had no right to withhold.” Read More

Google Search Removal Requests Expanded to Include Personal Contact Information
People may now submit requests to have their phone number, email address, or physical address removed from Google search results. Read More

Security Alert as Researchers Discover 400,000 Exposed Databases
Most of those discovered in 2021 used the Redis database management system, followed by MongoDB, Elastic, and MySQL. Read More

Ransomware Demands Are Growing, But Life is Getting Tougher for Malware Gangs
Ransom payments are going up, but there are signs that the tide may be turning against the gangs. Read More

Cisco Patches 11 High-Severity Vulnerabilities in Security Products
Cisco this week announced the release of its April 2022 bundle of security advisories for Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC). Read More

Google's New Safety Section Shows What Data Android Apps Collect About Users
The Data safety section, which will show up against every app listing on the digital storefront, presents a unified view of what data is being collected, for what purpose it's being used, and how it's handled, while also highlighting what data is being shared with third-parties. Read More

Chrome 101 Patches 30 Vulnerabilities
Google this week announced that Chrome 101 was released to the stable channel with 30 security fixes inside, including 25 for vulnerabilities identified by external security researchers. Read More

QNAP Advises to Mitigate Remote Hacking Flaws Until Patches are Available
It's working on updating its QTS and QuTS operating systems after Netatalk last month released patches to contain seven security flaws in its software. Read More

Headline Privacy & IT Security Compliance News

A new and extremely vicious Ransomware strain named Onyx will overwrite any file over 200MB that it infects. At the risk of sounding like a broken record, check your backups and make sure they restore properly. Don’t just assume they will, test them now. Even if you pay the ransom, those large files will not be recoverable as the decryptor will only recover the smaller encrypted files.

Since the destructive nature of the encryption routine is intentional rather than a bug, it is strongly advised that victims do not pay the ransom. This is why you need to confirm that your backups are properly configured and will restore correctly if needed.

Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.