New year starts with new ransomware attacks and many more. Read the top cyber news of 2022 January week 1.
Newly Discovered Lapsus$ Ransomware Targets Several Organizations in a Month
During the New Year’s holiday, Impresa, Portugal’s largest media conglomerate, was infected with the new Lapsus$ ransomware.
The gang claimed responsibility for the attack by defacing all Impresa websites with a ransom note. Aside from a ransom demand, the message claimed that the group had gained access to the company’s online IT server infrastructure, including all SIC and Expresso websites and channels.
The attack, however, had no effect on radio or cable television broadcasts.
While the company has reclaimed control of many of its impacted sites, the gang claims to still have access to company resources.
Saltzer Health Informs Patients of Personal Information Exposure
Saltzer Health, which is owned by Intermountain Healthcare, is informing patients that their personal information may have been compromised after an unauthorised party gained access to an employee email account.
The attackers had access to the employee email account between May 25 and June 1, 2021, according to the organisation.
According to the company, an investigation into the incident revealed that the email account did contain personal information that was potentially compromised during the period of unauthorised access.
Names and contact information, driver’s licence numbers and state identification numbers, and, in some cases, Social Security numbers and financial account details are all potentially affected information.
Unauthorised access to medical information includes diagnosis, medical history, treatment details, prescription medication information, and physician information, as well as health insurance information.
Log4j flaw attack levels remain high, Microsoft warns
After observing state-sponsored and cyber-criminal attackers probing systems for the Log4j ‘Log4Shell’ flaw in December, Microsoft has warned Windows and Azure customers to remain vigilant.
Because of the widespread use of the error-logging software component in applications and services, the Apache Software Foundation announced on December 9 that it will take years to remediate Log4Shell.
Microsoft warns customers that they may be unaware of the extent of the Log4j problem in their environment.
Read the latest cybersecurity trends