From Security Weekly Wiki
Jump to navigationJump to search


  1. Oregon Retailer Suffers Sustained Data Breach retailer Made in Oregon has disclosed it was hit by six-month-long data breach during which an unidentified hacker managed to gain access to its e-commerce site, exposing customers' personally identifiable information (PII) and financial information.
  2. NVIDIA patches high severity GeForce Experience vulnerabilities NVIDIA released a security update for the Windows NVIDIA GeForce Experience (GFE) app to address vulnerabilities.
  3. US sanctions Russian government institution tied to malware
  4. Dr. Reddy Labs discloses cyberattack soon after getting ok for final COVID vaccine trial Dr. Reddy shutdown services to stop spread and rebuild. Impacts to US may include delays on generic prescriptions.
  5. Harvest Finance Places Bounty on Hacker $100K reward for help in contacting cyber-attacker who stole some $24 million USD in value from one of its decentralized finance (DeFi) protocols in less than seven minutes.
  6. Sopra Steria Hit by New Ryuk Variant External security firm hired, new IOCs released for detection engine use. Sopra Steria stated that it had not identified any compromised data or damage caused to its customers’ information systems.
  7. KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others A highly sophisticated botnet is believed to have infected hundreds of thousands of websites by attacking their underlying content management system (CMS)
  8. Ransomware attack disabled Georgia County Election database Reportedly disabled a database used to verify voter signatures
  9. A Different Perspective: Cyber Security Through the Eyes of a Journalist Sean Lygaas ( @Snlyngaas ), Senior Reporter at CyberScoop provides his perspectives about writing it without introducing hype or hysteria.
  10. HPE fixes maximum severity remote auth bypass bug in SSMC console Complicated to exploit - no evidence of exploitation in the wild.
  11. Steelcase Office Furniture Giant Hit by Ryuk Ransomware Attack Steelcase stated in the 8-K form that it was not aware of any sensitive or customer data loss from its systems, or any other loss of assets as a result of this attack.
  12. New Windows RAT Can Be Controlled Via a Telegram Channel dubbed "T-RAT" that can control infected systems and purportedly provides buyers with easier and faster access to infected systems from any location. T-RAT, which is being sold for a mere $45 USD, also reportedly allows attackers to activate data-stealing functionality as soon as targeted systems are infected and before T-RAT's presence is discovered.