Cyber Threat Report: Cyber Security News for 12/28/21

Terrifying Cyber Weapon ‘Against Which There’s No Defense’
The Israeli company’s flagship spyware, Pegasus, is considered one of the most powerful cyber-surveillance tools available on the market. It’s continuing to make headlines as revelations on the tech’s reach, and its consequences, keep piling up. Read More

Former Uber CSO Faces New Charge for Alleged Breach Cover-Up
Feds Allege 'Hush Money'; Paid to Hackers. Sullivan had been charged with obstruction of justice and deliberately concealing a felony. If convicted of those charges, Sullivan faces up to eight years in prison and a $500,000 fine. Read More
 
Flaws in WordPress Plug-In Put 3 Million Websites at Risk
The two vulnerabilities were found in All in One SEO, a plugin used by some WordPress website owners to ensure higher rankings in search engines. This can become an exploit chain that could allow an attacker to take over the websites. Read More
 
Bugs Found in Microsoft Teams' Link Preview Feature
The link preview feature contains four vulnerabilities that allow attackers to access internal Microsoft services, spoof the link preview and leak their IP address. Three of the four flaws remain unpatched so be sure to triple check any URL from a Teams link. Read More
 
Multiple Log4j Scanners Released by CISA and CrowdStrike
Alongside a host of other scanners published by cybersecurity companies and researches, while many Log4J scanners are available, researchers say a number of them have blind spots. Read More
 
Bansley & Kiener CPA Firm Sued Over Delayed Breach Notification
B&K first discovered client-related health information was exfiltrated on May 24. They didn’t send the Health Insurance Portability and Accountability Act notices until December 20, exceeding the 60-day timeframe required by HIPAA. Read More
 
Shutterfly Services Disrupted by Conti Ransomware Attack
A ransomware attack approximately two weeks ago by the Conti gang claims to have encrypted over 4,000 devices and 120 VMware ESXi servers. Read More
 
AvosLocker Ransomware Reboots in Safe Mode to Bypass Security Tools
This tactic makes it easier to encrypt victims' files since most security solutions will be automatically disabled after Windows devices boot in Safe Mode. Read More
 
Hackers Approach Staff to Assist in Ransomware Attacks
Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID. Read More
 
Beware of Cryptominers When Torrenting 'Spider-Man: No Way Home'
A cybersecurity company found a Monero miner attached to a torrent of the popular Marvel film, which brought in more than $750 million worldwide since it debuted last week. Read More

Headline Privacy & IT Security Compliance News

In our reoccurring Cyber Threat Report, we share the latest and most critical industry headline news. Your company may be taking time off, but cybercriminals and data breaches are making even more headlines this week. With more companies facing the repercussions of leaking data and personal health information (PHI), large scale ransomware attacks, threats of data leakage, and breaches caused by cybercriminals, nation states, or unknowingly by employees; 2022 is bound to present even greater challenges for preventing cybersecurity incidents.

Protecting your assets, operations, clients, and employees has never been more critical. You may have a thorough understanding of your requirements, or you may not, and the cyber security specialists you choose may be the key to the success or failure of your business’s cybersecurity initiatives in 2022.

Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Subscribe to the JANUS Associates Cyber Threat Report through the opt-in form in the footer below to stay updated and follow us on Twitter and LinkedIn.