AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/7/2024

London hospitals declare emergency following ransomware attack

A ransomware attack that crippled a London-based medical testing and diagnostics provider has led several major hospitals in the city to declare a critical incident emergency and cancel non-emergency surgeries and pathology appointments, it was widely reported Tuesday. The attack was detected Monday against Synnovis, a supplier of blood tests, swabs, bowel tests, and other hospital services in six London boroughs. The company said it has “affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.” The company gave no estimate of when its systems would be restored and provided no details about the attack or who was behind it.

 

The AT&T and Verizon outage that cut off phone calls is over

AT&T and Verizon have resolved an outage causing dropped phone calls across the US. The issue seemingly affected calls between customers of the two services. In the midst of the outage, AT&T spokesperson Jim Kimberly told The Verge, “Our network is not experiencing a nationwide outage. There is a nationwide issue that is affecting the ability of some customers to complete calls between carriers. We are working closely with Verizon to determine the nature of the issue and what actions need to be taken.”

 

Club Penguin fans breached Disney Confluence server, stole 2.5GB of data

Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. Club Penguin was a multiplayer online game (MMO) from 2005 to 2018, featuring a virtual world where players could engage in games, activities, and chat with other players. The game was originally created by New Horizon Interactive, which Disney later purchased.

 

Apple is fixing a years-old parental control bug that lets kids avoid web filters

For parents, it can feel like a no-brainer to let their kids have an iPad thanks to its built-in parental control feature, Screen Time. But the system is also undeniably buggy, as most parents will attest. Now, Apple is fixing one of the software’s worst bugs — an apparently obscure one that would let kids see the worst parts of the internet despite settings to stop that, reports Joanna Stern for The Wall Street Journal. The bug goes like this: kids can circumvent content restrictions by entering a specific string of characters into Safari’s browser bar. Security researchers Andreas Jägersberger and Ro Achterberg reported this bug twice in 2021 and, both times, were told that it wasn’t a security flaw, Stern writes. She also notes that it doesn’t appear as though this particular bug has seen widespread use.

 

Advance Auto Parts customer data posted for sale

A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. Advance Auto Parts has not disclosed any information about a possible data breach and has not responded to inquiries. But BleepingComputer confirms that a large number of the Advance Auto Parts sample customer records are legitimate. Interestingly enough, the seller claims in their post that the data comes from Snowflake, a cloud company used by thousands of companies to manage their data. On May 31st, Snowflake said it had recently observed and was investigating an increase in cyber threat activity targeting some of its customers’ accounts. It didn’t mention which customers.

Related Posts