Cyber Hacks and Vulnerabilities of the month (September 2020)
In this month’s hacks and vulnerabilities of the month, features data hacks from cyberattackers and security vulnerabilities discovered by security researchers or IT teams. September is filled with hacks and vulnerabilities for the month, where we publish the highlights of what you might have missed.
The online grocery shopping and the delivery service has disclosed a security vulnerability leaked by a third party vendor. The third-party resulted from a technology vendor Instacart uses for technology support. Leading a few employees from the technology support company to possibly had access to view Instacart user’s data. The company alerted its users via email about the security hack and vulnerability. Furthermore, addressing new security measures and procedures of this recent incident.
Microsoft Defender (windows antivirus) can be used to download malware. An attacker on a local network cloud uses the Microsoft antimalware service command-line tool to download a file from the internet. This is where small business owners need to be vigilant and proactive when updating windows 10 (win10) systems or who already have antivirus software installed. Microsoft Defender command-line tool now supports a “DownloadFile” function, which allows an attacker to use Microsoft Antimalware Service Command Line Utility to download a file from the internet with a code prompt/script. By using this technique cyber attackers can install malware and files with embedded malware to a windows computer. What to do? Your IT system administrators should be aware and be advised to update their watchlist to include this win10 antivirus vulnerability.
Staples has informed some of its customers via email that their data linked to their orders have been accessed without authorization. The company’s email includes a “learn more data breach notification” by contacting Staples directly. The exposed data was caused by a security flaw on purchasing orders allowing hackers to gain access on the zip codes for delivery and order number. Additionally, the information exposed includes:
- Full name
- Last 4 digits of CC
- Phone number
- Full Zip Codes
- Email address
- History of ordered items
The consumer electronics company, Razer exposes its 100,000 game users information due to a server misconfiguration. Discovered by a security researcher, he sent the company the security vulnerability but took 30 days for Razer to respond. The information exposed on its gamer users is full names, phone numbers, and shipping addresses. No payment methods were exposed according to the company. However, if users have additional questions on the security incident they can email DPO@razer.com.
US Veterans Affairs (VA) payment billing/account system was breached exposed over 460,000 veterans’ personal information. The breach was accomplished by cyber hackers gaining unauthorized access to the payment system modifying financial information and divert payments from VA. The information that is suspected to be exposed is social security numbers and financial records. For more information read VA’s press release here, Veterans compromised personal information.
The hospital and healthcare services IT systems of United Health Services (UHS) rendered offline due to a cyberattack on their network. The company released a news release on the hack and security vulnerability addressing “no patient or employee data appears to have been accessed, copied or otherwise compromise.” UHS operates in facilities in the US and UK serving over 3.5 million patients each year. Most recently, employees across a few states have reported they are left without access to computer and phone systems. The UHS hacks and vulnerabilities is yet to be named a ransomware attack. The company is proactively restoring all systems to be online on a “rolling basis” and back-ups of data from the past week.
Cyberattacks, hacks, and vulnerabilities just don’t happen to “larger” IT systems and network environments. They can also happen to small-medium sized businesses. When these types of cyberattacks hit companies like the ones highlighted today, its important to practice and maintain back-ups, security, and offline documentation methods. If ever your IT network shuts down. Do you have a back-up plan or alternative if it happens to you? Think about it.
For more security tips for working remotely read our 5 best security practices Help individuals and teams combat cyber threats and attacks at home. Need IT consulting during this time? Contact Green Shield Technology to get a free first-time consultation on your IT network & systems. SMBs across various industries are our specialty and we break it down to you to protect your business continuity.