Officials from Hawai’i Community College have recently revealed that the institution fell victim to a ransomware attack in June and had paid the attackers to not leak the stolen data. It is believed that the NoEscape ransomware group had initially infiltrated the college’s network on June 13th and published a 65GB data trove to their leak site the following week. Hawai’i Community College officials decided to pay the demanded ransom to protect their student and staff’s information, while simultaneously working to restore their systems to normal operation.
Call of Duty servers under attack
Shortly after the release of servers for several legacy Call of Duty games, players began reporting malicious activity in the form of a self-propagating virus that was affecting the PC versions of the game. Activision, the company behind the Call of Duty franchise, quickly took the impacted servers offline to avoid any additional players becoming infected from joining the hacked game lobbies. Upwards of 14,000 user accounts have since been banned from accessing Call of Duty servers due to cheating and use of game hacks.
Ninja Forms WordPress plugin suffers multiple vulnerabilities
One of the most popular form-building WordPress plugins, Ninja Forms, has recently been identified as having three critical vulnerabilities that could allow sensitive information to be compromised. The Ninja Forms plugin has been installed more than 900,000 times, and could be exploited to allow user privilege escalation, and exporting of data stored on authenticated sites. Fortunately, the creators of Ninja Forms have reacted quickly to these vulnerability reports and have successfully resolved all three exploits in their latest version.
US govt contractor Maximus exposes 8 million individuals
At least 8 million individuals have been compromised by a data breach at the government contractor, Maximus, who has also been caught up in the recent MOVEit attacks by the Clop ransomware group. Officials for Maximus have already begun contacting affected individuals and are maintaining the stance that none of their other systems were illicitly accessed during the data transfer attack. Unfortunately, a significant amount of personally identifiable information (PII) was stolen and could cause additional phishing and identity theft frauds.
Researchers find vulnerabilities in Peloton exercise equipment
Researchers have identified multiple vulnerabilities in Peloton’s Internet-connected exercise devices that could allow remote attackers to take control and extract sensitive information from the device itself. During their investigation, researchers were able to take control of the device’s webcam to take pictures and record audio by using a mobile remote access trojan (RAT). The company’s response to these claims has been that any attackers would need physical access to the device and thus, aren’t considered critical security issues.
