Third French Hospital Hit by Cyberattack
The 320-bed facility in Oloron-Sainte-Marie near the Pyrenees mountains was hit by the attack on Monday, with screens displaying a demand in English for $50,000 in Bitcoin. Hospital workers have had to revert to working with pens and paper, since digital patient records are not available. The management system, used to monitor medicine stocks and…
Digital-first lifestyle opens consumers to potential risks during tax season
Consumers have faced a lot of change over the past year with the shift to a digital-first lifestyle, and tax season with increasing risks is no exception. McAfee’s 2021 Consumer Security Mindset study revealed that while roughly 2 out of 3 Americans (63%) plan to do their taxes online in 2021, 12% of Americans will…
Privilege Escalation Bugs Patched in Linux Kernel
Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel. Tracked as CVE-2021-26708 and featuring a CVSS score of 7.0, the security holes were introduced in Linux kernel version 5.5 in November 2019. The vulnerabilities are the result of race conditions that were…
Intel Paid Out $800,000 Per Year Through Bug Bounty Program
The chipmaker on Wednesday published its 2020 Product Security Report, which reveals that nearly half of the vulnerabilities patched last year were discovered by its own employees, and the company claims that a vast majority of the addressed issues are the direct result of its investment in product security assurance. According to Intel, 105 vulnerabilities…
New Jailbreak Tool Works on Most iPhones
Unc0ver, a team of hackers behind the jailbreak tool, released a new tool that works on nearly every iPhone model and exploits a flaw that Apple reported was under active attack last month. The group says its new tool works on iOS 11 to iOS 14.3, which was rolled out in December 2020. It reportedly…
Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack
A ransomware attack last fall cost Universal Health Services $67 million in pre-tax losses, the healthcare provider confirmed in an earnings report released today. Referring to it as an “information technology security incident,” UHS officials said the cyberattack forced the organization to suspend user access to several information technology applications in the US during the…
Google Discloses Details of Remote Code Execution Vulnerability in Windows
The flaw, tracked as CVE-2021-24093, was patched by Microsoft on February 9 with its Patch Tuesday updates. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft. A CVSS score of 8.8 has been assigned to the vulnerability, but Microsoft has rated it critical for…
Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability
The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server. While in most cases an attacker would need to have access to the targeted organization’s network in…
France to Boost Cyberdefense After Hospital Malware Attacks
The attacks at the hospitals in Dax and Villefranche-sur-Saone prompted the transfer of some patients to other facilities as the French health care system is under pressure from the coronavirus pandemic. Macron discussed the attacks with officials and workers from both hospitals, saying the incident “shows how the threat is very serious, sometimes vital.” “We…
Facebook Announces Payout Guidelines for Bug Bounty Program
The payout guidelines provide insight into the process used by the company to determine rewards for certain vulnerability categories. Specifically, it provides information on the maximum bounty for each category and describes the mitigating factors that can result in a lower reward. Payment guidelines are currently available for page admin vulnerabilities, for which the top…
