CyberSec Roundup
A synopsis of the Latest Cybersecurity News
Carnival Data Breach
Last week Carnival Corporation disclosed that the company suffered a serious cyber event, where there was a breach of their I.T. infrastructure. The company contracted a cybersecurity firm to investigate the incident, and they discovered that the hackers gained access to personal information related to guests, crew, and employees. Although they believe there is a low likelihood that the stolen information will be misused, they are offering free credit and identity theft monitoring services to the affected parties.
North Korea hacks KAERI
South Korea’s Atomic Energy Research Institute (KAERI) disclosed that their internal network was compromised via a VPN vulnerability. Investigations of the incident indicate that the attack was executed by a North Korean APT group called Kimsuky. They did not reveal which VPN product they were using, however, there have been vulnerabilities recently reported from many vendors, such as Fortinet, Pulse Secure, and SonicWall.
Chrome Zero-Day Exploit
Google Chrome users are advised to confirm their browser is at version 91.0.4472.114. This is to ensure they are patched from four security vulnerabilities, one of which is a zero-day flaw. Tracked as CVE-2021-30554, this vulnerability could cause corruption of data, leading to a crash, and even execution of unauthorized code or commands. You can confirm your browser is up to date by clicking the ellipsis symbol, then going to “Settings” > “Help” > “About Google Chrome”.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)