Next week (In Sha Allah), we'll equal our record of 14 weeks of constant publishing of this series of articles
In addition, you'll find a Buy Me A Coffee link at the end of this article where you can support my work.
Introduction
Hello, I am Habdul Hazeez, and welcome to the 50th edition of Security news weekly round-up. We've come a long way!
This week's security review is mostly malware-related news, except, let me check, a single story about scammers.
Grab a cup of coffee because it's time to read some reviews đ.
Hospitals hamstrung by ransomware are turning away patients
This is not funny, the reality is, anything that has to do with malware should not be taken as a joke.
đ.
Ransomware ain't good at all, and its victims know no bounds.
Excerpt from the article:
The hospitals and clinics are the latest health facilities to be hamstrung by a ransomware epidemic that has worsened over the past 36 months as it shuts down critical fuel pipelines, industrial-scale meat-packing plants, and other infrastructure that is vital to everyday life and safety.
Adobe Plugs Critical Photoshop Security Flaws
Photoshop is immensely popular, so, update your software.
Excerpt from the article:
The flaws, rated critical, expose both Windows and macOS users to code execution attacks. Adobe described the vulnerabilities as memory corruption issues with 7.8 CVSS scores
Google Awards $42,000 for Two Serious Chrome Vulnerabilities
Currently, Chrome is the dominant desktop Web browser, therefore, I am not surprised at the amount paid out.
Excerpt from the article:
The most severe of these are CVE-2021-30598 and CVE-2021-30599, two type confusion issues in the V8 JavaScript engine that were identified and reported in July by Manfred Paul. Google paid the researcher $21,000 for each of these security flaws.
Health authorities in 40 countries targeted by COVIDâ19 vaccine scammers
Cybercrime knows no bounds.
Excerpt from the article:
To dupe their targets, the cybercriminals masqueraded as representatives of either vaccines manufacturers or governmental authorities directing the vaccine distribution efforts.
Hackers who breached T-Mobile stole personal data for ~49 million accounts
The title says it all.
Excerpt from the article:
The haul includes customersâ first and last names, date of birth, SSN, and driverâs license/ID information for 7.8 million current post-paid accounts, meaning accounts that are billed at the end of each billing cycle. The unknown hackers obtained the same data from more than 40 million records belonging to former or prospective customers who had previously applied for credit with T-Mobile.
BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices
QNX is a real-time operating system. When you read the phrase "Millions of Cars and Medical Devices", you should know, you'll need to take a few minutes from your busy schedule and read the article.
Excerpt from the article:
The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by Microsoft in April 2021, which could open a backdoor into many of these devices, allowing attackers to commandeer them or disrupt their operations.
CEO tried funding his startup by asking insiders to deploy ransomware
I am speechless.
Excerpt from the article:
What drove the threat actor into trying their luck with ransomware was the desire to fund their business, a social network startup called Sociogram where he acted as CEO. They disclosed more personal details by saying they owned the startup and that they were located in Nigeria and even shared their LinkedIn profile
Support me
Now, you can support what I do by buying me a coffee. It'll mean a lot to me.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, I'll see you next Friday.