December, 2020
December 31, 2020 – Hacker
Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code Full Text
Abstract
Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said. "We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the Windows maker disclosed in an update. "The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated." The development is the latest in the far-reaching espionage saga that came to light earlier in December following revelations by cybersecurity firm FireEye that attacThe Hacker News
December 31, 2020 – Hacker
Microsoft: SolarWinds hackers accessed our source code Full Text
Abstract
The threat actors behind the SolarWinds attack could breach internal Microsoft accounts to view the source code for Microsoft products.BleepingComputer
December 31, 2020 – Hacker
Microsoft says hackers viewed source code as part of SolarWinds attack Full Text
Abstract
Microsoft on Thursday reported that its source code had been viewed, but not altered, by hackers involved in the massive cyber espionage incident that affected thousands of companies and much of the federal government.The Hill
December 31, 2020 – Hacker
SolarWinds hackers gained access to Microsoft source code Full Text
Abstract
The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft products. The threat actors behind the SolarWinds attack could have compromised a small number of internal accounts and used...Security Affairs
December 31, 2020 – Breach
Non-profit founded by Gates Foundation suffers massive exposure of student records Full Text
Abstract
An exposed AWS bucket left hundreds of thousands of student-related records exposed to the internet, but officials from the non-profit say most of the data was old and obsolete.SCMagazine
December 31, 2020 – Ransomware
What’s Next for Ransomware in 2021? Full Text
Abstract
Ransomware response demands a whole-of-business plan before the next attack, according to our roundtable of experts.Threatpost
December 31, 2020 – Criminals
Threat actor is selling 368.8 million records from 26 data breaches Full Text
Abstract
A data breach broker is selling user records allegedly from twenty-six data breaches on a hacker forum. Security experts from Bleeping Computer reported that a threat actor is selling user records allegedly stolen from twenty-six companies on a hacker...Security Affairs
December 31, 2020 – General
Financial services industry hit with tens of millions of attacks per day Full Text
Abstract
The report found that the bad threat actors primarily used common attack paths, such as SQL injection, local file inclusion and cross-site scripting.SCMagazine
December 31, 2020 – General
The 2020 SolarWinds reality check: As cleanup continues, community considers implications Full Text
Abstract
What might go down as the most consequential story of the year for the cybersecurity community only surfaced in December. And yet, experts predict years of clean up, both physical and political, and potential shifts in how the nation secures the supply chain.SCMagazine
December 31, 2020 – Criminals
Data breach broker selling user records stolen from 26 companies Full Text
Abstract
A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned.BleepingComputer
December 31, 2020 – Breach
T-Mobile Data Breach – Phone numbers & Call Records Exposed Full Text
Abstract
United States telecommunications giant T-Mobile has unveiled that the personal data of its employees and customers have been hacked. This is the...Cyber Security News
December 31, 2020 – Ransomware
City of Cornelia hit by ransomware attack Full Text
Abstract
The City of Cornelia’s data system is offline following a ransomware attack the day after Christmas. City Manager Donald Anderson confirmed the attack in a press release to local media on Tuesday.Now Habersham
December 31, 2020 – Malware
New Golang-based Crypto worm infects Windows and Linux servers Full Text
Abstract
Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since...Security Affairs
December 31, 2020 – Policy and Law
Ticketmaster fined $10 million in corporate espionage scheme Full Text
Abstract
Ticketmaster tried to steal both a client and design ideas from a competitor by logging into the back-end system with a former employer’s login credentials.SCMagazine
December 31, 2020 – General
Adobe Flash Player is officially dead tomorrow Full Text
Abstract
Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years.BleepingComputer
December 31, 2020 – General
Russian businesses lose $49 billion to Cyber Attacks Full Text
Abstract
Sberbank, a major money lender in the Russian Federation, has released a report that claims that the loss incurred by Russian companies because of cyberattacks in 2020 was about $49 billion.Cybersecurity Insiders
December 31, 2020 – Malware
Emotet campaign hits Lithuania’s National Public Health Center and several state institutions Full Text
Abstract
An Emotet campaign hit Lithuania, the malware has infected systems at the National Center for Public Health (NVSC) and several municipalities. A large-scale Emotet campaign hit Lithuania, the malware has infected the networks of Lithuania's National...Security Affairs
December 31, 2020 – Policy and Law
Ticketmaster fined $10 million for breaking into rival’s systems Full Text
Abstract
Ticketmaster, a Live Nation subsidiary and a leading ticket distribution and sales company, was fined $10 million for illegally accessing the systems of competitor CrowdSurge using the credentials of one of its former employees.BleepingComputer
December 31, 2020 – Breach
Bill & Melinda Gates Foundation’s Charity GetSchooled Leaks Info of 930,000 Children, Teens, and Young Adults Full Text
Abstract
This breach occurred when GetSchooled, a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom, left a database open to anyone with a browser and internet connection.welpmagazine
December 31, 2020 – Criminals
Cybercriminals Claim to Leak Door Controls USA’s 140GB Database on Hacker Forum Full Text
Abstract
The archive was leaked on November 27-28. It appears to have been posted on the hacker forum after Door Controls USA seemingly refused to pay ransom to attackers who breached the company’s network.CyberNews
December 31, 2020 – General
SolarWinds Attribution: Are We Getting Ahead of Ourselves? Full Text
Abstract
FireEye has named the threat actor “UNC2452,” and Volexity dubbed the threat actor “Dark Halo,” stating that the actor is the same as UNC2452, though FireEye has not substantiated that claim.Recorded Future
December 31, 2020 – Government
Cyber attack on U.S. government may have started earlier than initially thought - U.S. senator Full Text
Abstract
The unprecedented cyber attack on U.S. government agencies reported this month may have started earlier than last spring as previously believed, a U.S. senator involved in cybersecurity said.Reuters
December 31, 2020 – Government
CISA updates SolarWinds guidance, tells US govt agencies to update right away Full Text
Abstract
In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year.ZDNet
December 31, 2020 – Education
What is OAuth 2.0 ? How it Works ? A Detailed Explanation of Authorization Framework Full Text
Abstract
OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 supersedes the work done on the original OAuth protocol created in 2006.Cyber Security News
December 30, 2020 – Breach
T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed Full Text
Abstract
T-Mobile has disclosed a data breach that exposed customers' network information (CPNI), including phone numbers and calls records. T-Mobile has disclosed a data breach exposing customers' account's information. The T-Mobile security staff discovered...Security Affairs
December 30, 2020 – General
Adobe now shows alerts in Windows 10 to uninstall Flash Player Full Text
Abstract
With the Flash Player officially reaching the end of life tomorrow, Adobe has started to display alerts on Windows computers recommending that users uninstall Flash Player.BleepingComputer
December 30, 2020 – Government
CISA demands US govt agencies to update SolarWinds Orion software Full Text
Abstract
US Cybersecurity and Infrastructure Security Agency (CISA) urges US federal agencies to update the SolarWinds Orion software by the end of the year. The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its official guidance to order...Security Affairs
December 30, 2020 – General
2021 strategy predictions: Shifts in business models, shifts in security priorities Full Text
Abstract
Enhanced email security? Growth of digital identities? Vulnerability management born from mergers and acquisitions? Here, cybersecurity experts offer their take on what strategic shifts we should expect within the enterprise.SCMagazine
December 30, 2020 – Hacker
FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’ Full Text
Abstract
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.Threatpost
December 30, 2020 – Malware
New Golang worm turns Windows and Linux servers into monero miners Full Text
Abstract
The potential number of systems is staggering: There are 5.5 million MySQL, Tomcat, Jenkins, and WebLogic devices connected to the internet that could be vulnerable.SCMagazine
December 30, 2020 – Business
Cerberus Cyber Sentinel buys Alpine Security Full Text
Abstract
The deal, and implication of more to come, hint at increased hunger for third-party security auditing services in the face of worsening cybercrime, and an increasingly complex regulatory compliance landscape.SCMagazine
December 30, 2020 – Government
DHS orders federal agencies to update SolarWinds Orion platform Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020.BleepingComputer
December 30, 2020 – Breach
T-Mobile data breach exposed phone numbers, call records Full Text
Abstract
T-Mobile has announced a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records.BleepingComputer
December 30, 2020 – Policy and Law
Israel, Cyberattacks and International Law Full Text
Abstract
In response to a series of cyberattacks, Israel seems to be increasingly turning toward international law to guide its approach to hostile activities in cyberspace.Lawfare
December 30, 2020 – Ransomware
GenRx Pharmacy ransomware attack leads to HIPAA data breach disclosure Full Text
Abstract
GenRx Pharmacy, a Scottsdale, Arizona-based healthcare organization, has warned hundreds of thousands of patients over a potential data breach following a ransomware attack earlier this year.The Daily Swig
December 30, 2020 – Malware
Emotet malware hits Lithuania’s National Public Health Center Full Text
Abstract
The internal networks of Lithuania's National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country's state institutions.BleepingComputer
December 30, 2020 – Vulnerabilities
Google Docs bug could have allowed hackers to hijack screenshots Full Text
Abstract
Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users' private docs. Google has addressed a flaw in its feedback tool that is part of multiple of its services that could be exploited...Security Affairs
December 30, 2020 – General
Taking a Neighborhood Watch Approach to Retail Cybersecurity Full Text
Abstract
Bugcrowd CTO Casey Ellis covers new cybersecurity challenges for online retailers.Threatpost
December 30, 2020 – Malware
New worm turns Windows, Linux servers into Monero miners Full Text
Abstract
A newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.BleepingComputer
December 30, 2020 – Breach
Treasure Valley Community College Notifies Consumers of Data Security Incident Full Text
Abstract
The college has become aware of a data security incident that may have involved the personal information of certain community members. It is offering complimentary credit monitoring services to them.PR Newswire
December 30, 2020 – Breach
Kawasaki Security Breach – Unauthorized Access to a Server from an Overseas Location Full Text
Abstract
Kawasaki Heavy Industries, Ltd. is a Japanese public multinational corporation primarily known as a manufacturer of motorcycles, engines, heavy equipment, aerospace and...Cyber Security News
December 30, 2020 – General
Enterprises Running Old Software Lose 47% More Money in Data Breach Full Text
Abstract
More than 4 in 10 firms in North America use out-of-date technology and lose nearly 50% more money in a data breach than companies running updated software and hardware, a new Kaspersky report said.MSSP Alert
December 30, 2020 – General
A new year, a new administration: Doors open in 2021 for public-private cooperation Full Text
Abstract
While much is speculative, a few aspects of how the government’s information security interactions with the private sector have begun to crystalize.SCMagazine
December 30, 2020 – Vulnerabilities
Experts have named the average time for fixing vulnerabilities in computer programs Full Text
Abstract
In almost 44% of cases, developers of computer programs fix discovered vulnerabilities in products from the point of view of information security only after three months due to slow software updates.Hackers Review
December 30, 2020 – Attack
Antwerp laboratory becomes latest victim of cyber-attack Full Text
Abstract
The attack took place on the General Medical Laboratory (AML) in the Antwerp district of Hoboken. Hackers installed ransomware on the lab’s website, bringing it to a standstill.Brussels Times
December 30, 2020 – Hacker
Hackers Target Usenet Indexing Service NZBGeek and Rob Users’ Personal Data Full Text
Abstract
Hackers installed keylogger and copied NZBGeek database exposing personal details of all users. While operating smoothly, as the site normally does, suddenly the site became unreachable.Hackread
December 30, 2020 – IOT
FBI: Pranksters are hijacking smart devices to live-stream swatting incidents Full Text
Abstract
"Recently, offenders have been using victims' smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks," the FBI said in a PSA published today.ZDNet
December 30, 2020 – Ransomware
Ransomware Is Headed Down a Dire Path Full Text
Abstract
Though some researchers say that the scale and severity of ransomware attacks crossed a bright line in 2020, others describe this year as simply the next step in a gradual and predictable devolution.Wired
December 30, 2020 – Vulnerabilities
Microsoft Issued a Fix for Zero-Day Six Months Ago but It Didn’t Work Full Text
Abstract
Microsoft fixed a zero-day vulnerability in June, but the company did a poor job. Security researchers from Google’s Project Zero showed that attackers could still use the zero-day, despite the patch.Bit Defender
December 30, 2020 – Covid-19
US Treasury warns of ransomware attacks on COVID-19 vaccine research Full Text
Abstract
The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) warns of ransomware attacks on COVID-19 vaccine research organizations. The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) issued a noticed to warn...Security Affairs
December 30, 2020 – General
GDPR & HIPAA Compliance – Key Similarities and Differences in the Compliance Requirements Full Text
Abstract
Introduction Privacy Regulations has for long been a major concern for most businesses processing or dealing with Personal Data....Cyber Security News
December 30, 2020 – Skimming
Multi-platform Credit Card SKimmer hits Shopify, Bigcommerce, and Others Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has created a free tool to identify unusual activity that could have potentially malicious repercussions...Cyber Security News
December 29, 2020 – Outage
Wasabi cloud storage service knocked offline for hosting malware Full Text
Abstract
Cloud storage provider Wasabi suffered an outage after a domain used for storage endpoints was suspended for hosting malware.BleepingComputer
December 29, 2020 – Breach
Kawasaki Heavy Industries, a partner of defense companies and agencies, reports breach Full Text
Abstract
Of particular concern among some cybersecurity experts is the fact that the company took several months to report to the incidents, which stemmed from unauthorized access to servers from overseas offices.SCMagazine
December 29, 2020 – Hacker
SolarWinds hackers aimed at access to victims’ cloud assets Full Text
Abstract
Microsoft says that SolarWinds hackers aimed at compromising the victims' cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The Microsoft 365 Defender Team revealed that the goal of the threat actors behind the SolarWinds...Security Affairs
December 29, 2020 – General
2021 threat predictions: Bad actors that honed their craft with COVID are ready to go big Full Text
Abstract
The last year provided threat actors the ability to hone their craft – targeting organizations and individuals left vulnerable from pandemic fallout. As a result of that, cyber experts expect more sophisticated attacks to come in 2021 – with ransomware and phishing continuing at a steady clip, and emerging threats tied to deepfakes and 5G…SCMagazine
December 29, 2020 – Policy and Law
Lawsuit Claims Flawed Facial Recognition Led to Man’s Wrongful Arrest Full Text
Abstract
Black man sues police, saying he was falsely ID’d by facial recognition, joining other Black Americans falling victim to the technology’s racial bias.Threatpost
December 29, 2020 – IOT
Swatters hijack smart home devices to watch emergency responders Full Text
Abstract
Weak credentials and login protections come with the risk of swatting for owners of connected devices with video and voice capabilities, warns the U.S. Federal Bureau of Investigation (FBI).BleepingComputer
December 29, 2020 – Hacker
Microsoft: SolarWinds hackers’ goal was the victims’ cloud data Full Text
Abstract
Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks.BleepingComputer
December 29, 2020 – Phishing
No Break in Phishing Scams Full Text
Abstract
An employee of Freedom Finance fell victim to a phishing email, resulting in the loss of data of 16,000 clients from 2018. The attack also disrupted the internal network of the company.Cyware Alerts - Hacker News
December 29, 2020 – General
Treasury asks financial sector to watch out for COVID vaccine scams, ransomware Full Text
Abstract
The Financial Crime Enforcement Network detailed for banks or other financial services organizations potential issues, asking the sector to be particularly attuned to ransomware attacks on distribution networks and the supply chains for the manufacture of vaccines.SCMagazine
December 29, 2020 – Breach
Voyager cryptocurrency broker halted trading due to cyberattack Full Text
Abstract
The Voyager cryptocurrency brokerage platform halted trading yesterday after suffering a cyberattack targeting their DNS configuration.BleepingComputer
December 29, 2020 – Malware
Eliciting Current Activities of Malicious Browser Extensions Full Text
Abstract
With a large user base, it makes it quite easy for cybercriminals to publish malicious browser extensions that perform illicit activities, including spying and data theft, among others.Cyware Alerts - Hacker News
December 29, 2020 – Malware
Pegasus Spyware: Now Targets New Zero-Day in iPhone Full Text
Abstract
Four nation-state-backed APTs abused Pegasus phone-surveillance solution to target 36 Al Jazeera members by exploiting a zero-day in iPhones, in an espionage attack.Cyware Alerts - Hacker News
December 29, 2020 – Breach
Japanese Kawasaki Heavy Industries discloses security breach Full Text
Abstract
Japanese giant Kawasaki Heavy Industries discovered unauthorized access to a Japanese company server from multiple overseas offices. Kawasaki Heavy Industries disclosed a security breach, the company discovered unauthorized access to a Japanese company...Security Affairs
December 29, 2020 – Hacker
6 Questions Attackers Ask Before Choosing an Asset to Exploit Full Text
Abstract
David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding “hacker logic” can help prioritize defenses.Threatpost
December 29, 2020 – Ransomware
2020 was the worst year ever for ransomware. 2021 will be more of the same Full Text
Abstract
Most of the incentives driving ransomware operations have only intensified over the past year, while law enforcement and defenders look for new angles to stem the tide.SCMagazine
December 29, 2020 – Criminals
Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile Full Text
Abstract
A threat intelligence analyst first spotted on a popular hacking forum a threat actor that is selling a database allegedly containing the database of the Italian mobile service provider Ho mobile.Security Affairs
December 29, 2020 – Malware
Mac Attackers Remain Focused Mainly on Adware, Fooling Users Full Text
Abstract
In February 2020, Malwarebytes reported that its Mac users encountered about twice as many "threats" as Windows users. However, it mainly included potentially unwanted programs (PUPs) and adware.Dark Reading
December 29, 2020 – Phishing
Indian e-commerce users target of new ‘year-end carnival’ scam Full Text
Abstract
The scam is designed to make e-commerce users believe that Flipkart is offering a year-end carnival, although there is no such information this year on the e-commerce player's official website.The Times Of India
December 29, 2020 – Government
US Treasury warns of ransomware targeting COVID-19 vaccine research Full Text
Abstract
The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) warned financial institutions of ransomware actively targeting vaccine research organizations.BleepingComputer
December 29, 2020 – Breach
Kawasaki discloses security breach, potential data leak Full Text
Abstract
Japan's Kawasaki Heavy Industries announced a security breach and potential data leak after unauthorized access to a Japanese company server from multiple overseas offices.BleepingComputer
December 29, 2020 – General
2020 Work-for-Home Shift: What We Learned Full Text
Abstract
Threatpost explores 5 big takeaways from 2020 — and what they mean for 2021.Threatpost
December 29, 2020 – Breach
Update: Kawasaki Heavy hack may have targeted defense-linked information Full Text
Abstract
Kawasaki Heavy said it found fraudulent server access via a company base in Thailand during a system audit on June 11 this year, and confirmed the possibility of a data breach.The Japan Times
December 29, 2020 – Business
Zix acquires CloudAlly backup for SaaS data protection Full Text
Abstract
When Zix acquired cloud backup and recovery provider CloudAlly for $30 million, it picked up backup for such popular SaaS apps as Microsoft 365, Google Workspace, Salesforce, Box, and Dropbox.Tech Target
December 29, 2020 – Attack
Finnish Parliament Says Intruders Gained Access to Some MPs’ Email Accounts Full Text
Abstract
In an official statement, KRP Commissioner Tero Muurman said the attack did not cause any damage to the Parliament's internal IT system but was not an accidental intrusion either.ZDNet
December 29, 2020 – Government
CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365 Full Text
Abstract
Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA)'s Cloud Forensics team has released...Security Affairs
December 29, 2020 – General
In a Zero Trust World, Compliance Doesn’t Equal Security Full Text
Abstract
Zero trust architecture is the opposite of the old “trust, but verify” methodology—instead, it’s a risk management approach that translates to: “trust nothing and record everything.”Nextgov
December 29, 2020 – Vulnerabilities
A Google Docs Bug Could Have Allowed Hackers See Your Private Documents Full Text
Abstract
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL , for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. Many of Google's products, including Google Docs, come with a " Send feedback " or "Help Docs improve" option that allows users to send feedback along with an option to include a screenshot — something that's automatically loaded to highlight specific issues. But instead of having to duplicate the same functionality across its services, the feedback feature is deployed in Google's main website ("www.google.com") and integrated to other domains via an iframe element that loads the pop-up's content from "feedback.googleusercontent.com." ThThe Hacker News
December 29, 2020 – Phishing
Hackers phish 615,000 login credentials by using Facebook ads Full Text
Abstract
The Facebook users targeted span from a number of countries including Egypt, the Philippines, Pakistan, and Nepal with more than 615,000 of them being affected in totality.Hackread
December 29, 2020 – Policy and Law
Brazilians mostly unaware of data protection regulations Full Text
Abstract
The survey carried out by Brazilian credit intelligence company Boa Vista with over 500 consumers between August and September 2020 suggests that over 70% of those polled do not know what the GDPR is.ZDNet
December 29, 2020 – Malware
AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users Full Text
Abstract
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, Manulife, and EQ Bank. Also included in the list is an Indian banking firm ICICI Bank. AutoHotkey is an open-source custom scripting language for Microsoft Windows aimed at providing easy hotkeys for macro-creation and software automation that allows users to automate repetitive tasks in any Windows application. The multi-stage infection chain commences with a malware-laced Excel file that's embedded with a Visual Basic for Applications (VBA) AutoOpen macro, which is subsequently used to drop and execute the downloader client script ("adb.ahk") via a legitimate portable AHKThe Hacker News
December 28, 2020 – Privacy
12 new state privacy and security laws explained: Is your business ready? Full Text
Abstract
While at the federal level security and privacy legislation are lost in a morass of partisan politics and corporate lobbying delays, states have been moving ahead to push through an impressive number of important bills that help fill in the gaps. A search of the Legiscan database reveals that hundreds of bills that address privacy, cybersecurity and data breaches are pending across the 50 states, territories and the District of Columbia.Security Affairs
December 28, 2020 – Criminals
Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile Full Text
Abstract
Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Threat intelligence analyst @Bank_Security first spotted on a popular hacking forum a threat actor that is selling...Security Affairs
December 28, 2020 – Policy and Law
Data questions remain as UK exits EU Full Text
Abstract
For U.S. firms, whose home nation already has different privacy laws state by state, a new U.K. regime might be one more for the pile.SCMagazine
December 28, 2020 – Breach
In wake of SolarWinds and Vietnam, more supply chain attacks expected 2021 Full Text
Abstract
Research from ESET of a supply chain attack in Vietnam in which digital certificates were compromised set off continued discussions in the industry about the nature of recent supply chain attacks, and how security teams can most effectively prepare and respond.SCMagazine
December 28, 2020 – Breach
Finland confirms that hackers breached MPs’ emails accounts Full Text
Abstract
The Parliament of Finland confirmed that threat actors had access to email accounts of multiple members of parliament (MPs). "Parliament of Finland has been subjected to a cyberattack in the fall of 2020. The attack was discovered by parliament...Security Affairs
December 28, 2020 – Government
Biden calls for modernizing US defenses following massive hack Full Text
Abstract
President-elect Joe Biden on Monday stressed the need to modernize U.S. military forces to account for attacks in cyberspace following a massive hack of multiple government agencies that came to light earlier this month.The Hill
December 28, 2020 – General
2021 tech predictions: The conceptual gets real Full Text
Abstract
Community and market experts found some consensus: cloud security will dominate strategies and investments even more that it did during 2020, and technologies once deemed “on the horizon” – think automation, 5G and even the much hyped artificial intelligence – will officially arrive.SCMagazine
December 28, 2020 – Outage
Aida Cruises cancels trips due to mysterious “IT restrictions” Full Text
Abstract
German cruise line AIDA Cruises is dealing with mysterious "IT restrictions" that have led to the cancellation of New Year's Eve cruises embarking this past weekend.BleepingComputer
December 28, 2020 – Ransomware
Nefilim ransomware operators leak data stolen from Whirlpool Full Text
Abstract
The American multinational manufacturer and marketer of home appliances Whirlpool was hit by the Nefilim ransomware gang. The American multinational manufacturer and marketer of home appliances Whirlpool suffered a ransomware attack,...Security Affairs
December 28, 2020 – Hacker
Finnish Parliament attackers hack lawmakers’ email accounts Full Text
Abstract
The email accounts of multiple members of parliament (MPs) were compromised following a cyberattack as revealed today by the Parliament of Finland.BleepingComputer
December 28, 2020 – Ransomware
Ransomware Operators Take a Liking to SystemBC RAT Full Text
Abstract
Sophos published new research into the SystemBC malware that acts as a Tor proxy and is being used in ransomware-as-a-service attacks for communications and data exfiltration.Cyware Alerts - Hacker News
December 28, 2020 – General
Popular Messaging Apps and Security that Matters Full Text
Abstract
A group of researchers analyzed 13 messaging apps and revealed standard security features and practices embraced by each while they capture and store user data.Cyware Alerts - Hacker News
December 28, 2020 – Government
CISA releases Azure, Microsoft 365 malicious activity detection tool Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments.BleepingComputer
December 28, 2020 – Covid-19
Hackers Amp Up COVID-19 IP Theft Attacks Full Text
Abstract
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime.Threatpost
December 28, 2020 – Ransomware
Home appliance giant Whirlpool hit in Nefilim ransomware attack Full Text
Abstract
Home appliances giant Whirlpool suffered a ransomware attack by the Nefilim ransomware gang who stole data before encrypting devices.BleepingComputer
December 28, 2020 – Phishing
Multi-platform card skimmer targets Shopify, BigCommerce, Zencart, and Woocommerce stores Full Text
Abstract
Experts warn of a multi-platform credit card skimmer that can target online stores running on Shopify, BigCommerce, Zencart, and Woocommerce. Security experts have discovered a multi-platform credit card skimmer that can allow threat actors to harvest payment...Security Affairs
December 28, 2020 – Breach
Neopets Is Still A Thing And Its Exposing Sensitive Data Full Text
Abstract
Neopets, a website that allows children to care for “virtual pets,” exposed a wide range of sensitive data online including credentials for company databases, employee emails, and code repositories.The Security Ledger
December 28, 2020 – Criminals
UK NCA visits WeLeakInfo users to warn of using stolen data Full Text
Abstract
21 WeLeakInfo customers have been arrested across the UK for using stolen credentials downloaded from WeLeakInfo following an operation coordinated by the UK National Crime Agency (NCA).BleepingComputer
December 28, 2020 – Hacker
Hackers Claim to Sell 65,000 Records Stolen From Japanese Video Game and Anime Company Koei Tecmo Full Text
Abstract
Koei Tecmo is a Japanese video game and anime company. The hacker claimed to have hacked into the koeitecmoeurope.com website through a spear-phishing campaign on December 18th.Secure Reading
December 28, 2020 – Phishing
One in ten shopping ads promoted on Google potentially lead to phishing sites Full Text
Abstract
Ads created by cybercriminals can lead users to malicious phishing websites where they can be tricked into buying counterfeit or unsafe products, fall victim to financial scams, or worse.CyberNews
December 28, 2020 – Phishing
Multi-platform card skimmer found on Shopify, BigCommerce stores Full Text
Abstract
A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce.BleepingComputer
December 28, 2020 – Ransomware
REvil Ransomware Gang Targeted ‘The Hospital Group’ and Allegedly Stole 600GB of Documents Full Text
Abstract
The Hospital Group has confirmed the ransomware attack and notified the Information Commissioner about the security breach. The Hospital Group also notified via email all customers.Security Affairs
December 28, 2020 – Ransomware
Ransomware in 2020: A Banner Year for Extortion Full Text
Abstract
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.Threatpost
December 28, 2020 – Malware
GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic Full Text
Abstract
A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script.BleepingComputer
December 28, 2020 – IOT
Your new smart car is an IoT device that can be hacked Full Text
Abstract
Connected cars are complex systems composed of numerous units that exchange large amounts of data, and threat actors can manipulate those systems in order to gain control of smart vehicles.CyberNews
December 28, 2020 – Privacy
Privacy 2020: From prepared to alarmed, the year the rubber hit the road Full Text
Abstract
If 2019 was an opportunity for privacy advocates to push for preparation ahead of looming data protection deadlines, then 2020 was the year organizations were expected to prove themselves ready. In this second article in our Year in Review series, we consider how legal complications leave all businesses, big and small, with a heavier privacy burden than ever.SCMagazine
December 28, 2020 – General
‘Tis the Season for Nonprofit Cybersecurity Risks to Reach New Heights Full Text
Abstract
Nonprofit cybersecurity challenges are made worse by slender budgets and the fact that inadequate attention is paid to risk reduction which is not seen as critical by many boards and donors.Security Intelligence
December 28, 2020 – General
Working together to suppress complex and organized fraud Full Text
Abstract
Unfortunately, fraudsters have taken advantage of the pandemic to rob and steal. And just as beating the virus, beating COVID-19-related fraud will also require a multiparty approach.Help Net Security
December 28, 2020 – Attack
Scottish Environment Protection Agency targeted in cyberattack Full Text
Abstract
The Scottish Environment Protection Agency (Sepa) has been targeted in a significant cyberattack in the early hours of Christmas Eve, it's executive director, David Pirie, confirmed.STV
December 28, 2020 – General
SaaS security in 2021 Full Text
Abstract
Companies have to make sure SaaS vendors keep their company’s data secure, and that their employees' use of these SaaS solutions is secure also when end users are not connected to the office network.Help Net Security
December 28, 2020 – Attack
Microsoft Warned CrowdStrike of Possible Hacking Attempt Full Text
Abstract
Microsoft warned CrowdStrike earlier this month of a failed attempt by unidentified attackers to access and read the company's emails, according to a blog post published by the security firm.Info Risk Today
December 28, 2020 – Breach
E-commerce app 21 Buttons exposes millions of users’ data Full Text
Abstract
Researchers discovered that the popular e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. Researchers from cybersecurity firm vpnMentor discovered that the e-commerce app 21 Buttons was exposing private...Security Affairs
December 27, 2020 – Malware
Attackers Increasingly Adopting VBA-based Attack Techniques Full Text
Abstract
In this technique, malicious Office documents containing VBA code are saved within streams of CFBF files, with VBA macros saving data in a hierarchy including various types of streams.Cyware Alerts - Hacker News
December 27, 2020 – Ransomware
Vermont Hospital confirmed the ransomware attack Full Text
Abstract
The Burlington-based University of Vermont Health Network has finally admitted that ransomware was behind the October attack. In October, threat actors hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network....Security Affairs
December 27, 2020 – Denial Of Service
TeamTNT Group Now has its Own IRC Bot Full Text
Abstract
In a recent attack, the group has been observed actively using a newly developed Internet Relay Chat (IRC) bot dubbed TNTbotinger, which can be used to perform DDoS attacks.Cyware Alerts - Hacker News
December 27, 2020 – General
Security Affairs newsletter Round 294 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A massive fraud operation used mobile device emulators to steal millions from online bank accountsSolarWinds...Security Affairs
December 27, 2020 – Malware
Gitpaste-12 Adds New Features to its Arsenal Full Text
Abstract
The recent attacks use payloads hosted on a new GitHub repository, which includes a Linux-based cryptominer, a list of passwords for brute-force attacks, and a statically linked Python 3.9 interpreter.Cyware Alerts - Hacker News
December 27, 2020 – Malware
New SignSight Supply-Chain Attack Targeted Certification Authority in Southeast Asia Twice Full Text
Abstract
The attackers made changes to software installers available for download from a Vietnam government website. In addition, they added a backdoor to target users of a legitimate application.Cyware Alerts - Hacker News
December 27, 2020 – Malware
Understanding & Detecting the SUPERNOVA Webshell Trojan Full Text
Abstract
The recent supply chain attack has proven to be one of the most damaging attacks of 2020. Several distinct malware families have emerged in relation to the compromise. These include the SUNBURST backdoor, SUPERNOVA, COSMICGALE & TEARDROP.Sentinel One
December 27, 2020 – Hacker
HackerOne announces first bug hunter to earn more than $2M in bug bounties Full Text
Abstract
White hat hacker could be a profitable profession, Cosmin Iordache earned more than $2M reporting flaws through the bug bounty program HackerOne. Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability...Security Affairs
December 27, 2020 – Malware
What We Have Learned So Far about the “Sunburst”/SolarWinds Hack Full Text
Abstract
After a successful infiltration of the supply-chain, the SunBurst backdoor— a file named SolarWinds.Orion.Core.BusinessLayer.dll—was inserted into the software distribution system and installed as part of an update package from the vendor.Fortinet
December 27, 2020 – Malware
SolarWinds releases updated advisory for SUPERNOVA backdoor Full Text
Abstract
SolarWinds released an updated advisory for the SuperNova malware discovered while investigating the recent supply chain attack. SolarWinds has released an updated advisory for the SuperNova backdoor that was discovered while investigating the recent...Security Affairs
December 27, 2020 – Education
Leveraging SOC 2 compliance for Cloud (SAAS) services Full Text
Abstract
In a digital world where we often witness high-profile attacks, and incidents of a data breach, considering the implementation of effective security...Cyber Security News
December 27, 2020 – Education
Relentless Hacking Is Turning All of Us Into Data Nihilists Full Text
Abstract
The digital landscape is far too complex for those who rely on it—us—to monitor all the ways we’re exposed. Major factors determining whether our data will be used against us are completely out of our control.Bloomberg Quint
December 27, 2020 – Malware
Kaspersky Warns Against Dangerous Chrome extensions Full Text
Abstract
These extensions installed in more than 8 million users’ browsers accessed a remote server in the background, trying to download malicious code, a process that our security solutions detect as dangerous.Kaspersky Lab
December 26, 2020 – Phishing
GoDaddy apologized for insensitive phishing email sent to its employees offering a fake bonus Full Text
Abstract
GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its employees. GoDaddy sent an email to its employee that promised a Christmas bonus to help them to face economic...Security Affairs
December 26, 2020 – Breach
Koei Tecmo discloses data breach after hacker leaks stolen data Full Text
Abstract
Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum.BleepingComputer
December 26, 2020 – Malware
SolarWinds releases updated advisory for new SUPERNOVA malware Full Text
Abstract
SolarWinds has released an updated advisory for the additional SuperNova malware discovered to have been distributed through the company's network management platform.BleepingComputer
December 26, 2020 – Botnet
The Emotet botnet is back and hits 100K recipients per day Full Text
Abstract
Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver...Security Affairs
December 26, 2020 – Hacker
REvil gang threatens to release intimate pictures of celebs who are customers of The Hospital Group Full Text
Abstract
REvil ransomware gang, aka Sodinokibi, hacked The Hospital Group and threatens to release before-and-after pictures of celebrity clients. The Hospital Group has 11 clinics and has a celebrity clientele, but it made the headlines because the REvil...Security Affairs
December 26, 2020 – Malware
SUNBURST Performs Anti-Analysis Environment Checks Before Contacting C2 Server Full Text
Abstract
Before reaching out to its C2 server, SUNBURST performs numerous checks to ensure no analysis tools are present. It checks process names, file write timestamps, and Active Directory (AD) domains before proceeding.FireEye
December 26, 2020 – Malware
10 Different Types of Dangerous Malware Attack and How to Avoid them Full Text
Abstract
Today's topic is basically about types of malware, yes, it's a malicious software which is basically designated to damage, impair, or exploit...Cyber Security News
December 26, 2020 – Malware
How to Detect and Search for SolarWinds IOCs in LogRhythm Full Text
Abstract
LogRhythm Labs has gathered up the IOCs from CISA, Volexity, and FireEye associated with the recent SolarWinds supply chain attack and made them available in GitHub repository.LogRhythm
December 26, 2020 – Business
White Ops Announces Acquisition by Goldman Sachs Merchant Banking, ClearSky Security, and NightDragon Full Text
Abstract
The Sponsors are acquiring the business from previous investors Paladin Capital Group, Grotech Ventures, and other shareholders, and the acquisition follows Goldman Sachs’ and ClearSky’s initial investment in the Company earlier this year.White Ops
December 26, 2020 – General
2020 InfoSec Naughty List: Cyberattacks by Country Full Text
Abstract
The list, by Rapid7, is focused on the top offenders for the last half of the year and provides a smoothed trending view (vs. discrete daily counts) to help you make your Naughty/Nice inclusion decisions.Rapid7
December 26, 2020 – General
China Used Stolen Data to Expose CIA Operatives in Africa and Europe Full Text
Abstract
Around 2013, U.S. intelligence began noticing an alarming pattern: Undercover CIA personnel, flying into countries in Africa and Europe for sensitive work, were being rapidly and successfully identified by Chinese intelligence.Foreign Policy
December 26, 2020 – Breach
Russian crypto-exchange Livecoin hacked after it lost control of its servers Full Text
Abstract
Russian cryptocurrency exchange Livecoin posted on message on its official website on Christmas Eve claiming it was hacked and lost control of some of its servers, warning customers to stop using its services.ZDNet
December 26, 2020 – Phishing
Amazon Gift Card Scam Delivers Dridex This Holiday Season Full Text
Abstract
The operators behind Dridex have a nefarious trick up their sleeves this holiday season. A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines.Dark Reading
December 25, 2020 – Breach
CrowdStrike releases free Azure tool to review assigned privileges Full Text
Abstract
CrowdStrike released a free Azure security tool after it was notified by Microsoft of a failed attack leveraging compromised Azure credentials. While investigating the impact of the recent SolarWind hack, on December 15th Microsoft reported to CrowdStrike...Security Affairs
December 25, 2020 – Breach
CrowdStrike releases free Azure security tool after failed hack Full Text
Abstract
Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials.BleepingComputer
December 25, 2020 – Hacker
Cyberattacks on Media Agencies Increasing Full Text
Abstract
Researchers say attackers are using different attack vectors to target Media agencies in Western Europe, Southeast Asia, and North America. Recently, the Al-Jazeera group fell victim to a crime.Cyware Alerts - Hacker News
December 25, 2020 – APT
North Korea-linked Lazarus APT targets the COVID-19 research Full Text
Abstract
The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved...Security Affairs
December 25, 2020 – Botnet
Emotet Shows up to Wish Merry Christmas Full Text
Abstract
Emotet botnet has returned a fter a two-month hiatus with Christmas and COVID-19-themed campaigns that touch base with at least 100,000 targets per day.Cyware Alerts - Hacker News
December 25, 2020 – Government
Trust-Based Federated Login Abused for Local-to-Cloud Attacks Full Text
Abstract
The NSA has released a security advisory detailing to attack techniques allegedly used by the SolarWinds hackers to escalate access from local networks to cloud resources.Cyware Alerts - Hacker News
December 25, 2020 – Hacker
Magecart Mistakenly Spilled the Beans on its Recent Attack Full Text
Abstract
A web skimming group inadvertently leaked a list of dozens of online stores it hacked while attempting to deploy a stealthy RAT on compromised e-commerce sites.Cyware Alerts - Hacker News
December 25, 2020 – Malware
Fake Amazon gift card emails deliver the Dridex malware Full Text
Abstract
The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards.BleepingComputer
December 25, 2020 – Hacker
Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers Full Text
Abstract
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago. The undisclosed affected reseller's Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike. Although there was an attempt by unidentified threat actors to read email, it was ultimately foiled as the firm does not use Microsoft's Office 365 email service, CrowdStrike said . The incident comes in the wake of the supply chain attack of SolarWinds revealed earlier this month, resulting in the deployment of a covert backdoor (aka "Sunburst&qThe Hacker News
December 25, 2020 – Breach
The Russian cryptocurrency exchange Livecoin hacked on Christmas Eve Full Text
Abstract
Russian cryptocurrency exchange Livecoin was compromised on Christmas Eve, hackers breached its network and gained control of some of its servers. The Russian cryptocurrency exchange was hacked on Christmas Eve, it published a message on its website...Security Affairs
December 25, 2020 – Breach
Data breach discovered in Jerusalem Municipality website Full Text
Abstract
The discovery of the breach comes after a string of cyberattacks targeted companies in Israel. Earlier this month, sensitive data of Israeli citizens was leaked and sold after the Shirbit insurance company was targeted in a ransomware attack.The Jerusalem Post
December 25, 2020 – Breach
CrowdStrike Reveals That Suspected Russian Hackers Made Failed Attempt to Breach It Full Text
Abstract
Microsoft identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago.Crowdstrike
December 25, 2020 – General
PCI DSS and the Cloud: Top Risk and Mitigation Strategies To Tackle The Challenges Full Text
Abstract
In the digital world, cloud computing is essential for most businesses online. It is a significant technology for your organization, be it...Cyber Security News
December 25, 2020 – Denial Of Service
DDoS amplify attack targets Citrix Application Delivery Controllers (ADC) Full Text
Abstract
Citrix confirmed that a DDoS attack is targeting Citrix Application Delivery Controller (ADC) networking equipment. The threat actors are using the Datagram Transport Layer Security (DTLS) protocol as an amplification vector in attacks against Citrix...Security Affairs
December 24, 2020 – Ransomware
FreePBX developer Sangoma hit with Conti ransomware attack Full Text
Abstract
Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online.BleepingComputer
December 24, 2020 – Vulnerabilities
New cross-layer attack technique raises DNS cache poisoning, user tracking risk Full Text
Abstract
The vulnerability allows hackers to mount so-called “cross-layer” attacks against the Linux kernel and cause further damage by exploiting a weakness in its pseudo-random number generator (PRNG).The Daily Swig
December 24, 2020 – Hacker
Hacker Earns $2m in Bug Bounties Full Text
Abstract
Romanian man earns $2m through HackerOne and becomes richest bug bounty hunter in the worldInfosecurity Magazine
December 24, 2020 – Vulnerabilities
Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye Full Text
Abstract
Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye. Security experts from Qualys are warning that more than 7.5 million devices are potentially exposed to cyber...Security Affairs
December 24, 2020 – Denial Of Service
DDoS attacks hit Citrix Application Delivery Controllers, hindering customer performance Full Text
Abstract
Citrix reported Thursday a DDoS attack that was hitting its Citrix Application Delivery Controllers (ADCs), the networking products that let security and network teams manage the delivery speed and quality of applications to end users. According to the Citrix threat advisory, the attacker or bots can overwhelm the Citrix ADC Datagram Transport Layer Security (DTLS)…SCMagazine
December 24, 2020 – Covid-19
North Korean state hackers breach COVID-19 research entities Full Text
Abstract
North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development.BleepingComputer
December 24, 2020 – Policy and Law
Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data Full Text
Abstract
Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated a breach of its hotel-booking technology.Cyberscoop
December 24, 2020 – Business
White Ops Acquired by Goldman Sachs Full Text
Abstract
Bot mitigation platform acquired by Goldman Sachs, ClearSky Security, and NightDragonInfosecurity Magazine
December 24, 2020 – Insider Threat
Account takeovers: Insiders need not be malicious to cause chaos Full Text
Abstract
With 2020 coming to a close, SC Media is delivering through a series of articles our picks of the most high impact events and trends of the last year, which we predict will factor into community strategies in 2021 and beyond. This is the first in that series.SCMagazine
December 24, 2020 – Breach
NetGalley discloses data breach after website was hacked Full Text
Abstract
The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information.BleepingComputer
December 24, 2020 – Business
HelpSystems Acquires Data Protection Firm Vera Full Text
Abstract
HelpSystems, a Minneapolis, Minnesota-based software company, announced on Wednesday that it has acquired cloud-based data protection solution provider Vera for an undisclosed amount.Security Week
December 24, 2020 – Government
SolarWinds Hackers “Impacting” State and Local Governments Full Text
Abstract
CISA issues warning over widespread impact of SolarWinds hacking campaignInfosecurity Magazine
December 24, 2020 – Phishing
Scammers Run COVID-19 Vaccine Fraud Schemes to Fool Users Full Text
Abstract
The schemes to defraud people have gone to such an extent that threat actors were found running scams by impersonating biotechnology companies involved in the development of COVID-19 vaccines.Cyware Alerts - Hacker News
December 24, 2020 – Ransomware
Pay2Key Ransomware’s Mayhem Continues Full Text
Abstract
The Pay2Key ransomware is only the latest wave in a series of Iranian based targeted ransomware attacks deployed against Israeli organizations and this appears to be a growing trend.Cyware Alerts - Hacker News
December 24, 2020 – Government
Preparing for the challenges of 2021 Full Text
Abstract
Organizations like the Cybersecurity and Infrastructure Security Agency, local and state governments, and private sector have all taken significant steps to mitigate and respond to cyber incidents.Help Net Security
December 24, 2020 – Business
White Ops Announces Its Acquisition Full Text
Abstract
White Ops Announces Its Acquisition A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.Dark Reading
December 24, 2020 – Government
Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are Full Text
Abstract
The North American electric grid regulator has asked utilities to report how exposed they are to SolarWinds software that is at the center of a suspected Russian hacking operation.Cyberscoop
December 24, 2020 – Vulnerabilities
Critical Flaws in Kepware Products Can Facilitate Attacks on Industrial Firms Full Text
Abstract
The security holes, two rated critical and one high severity, are described as a stack-based buffer overflow issue, a heap-based buffer overflow issue, and a use-after-free bug.Security Week
December 24, 2020 – Hacker
Hacker earns $2 million in bug bounties on HackerOne Full Text
Abstract
Cosmin Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne.BleepingComputer
December 24, 2020 – Hacker
Hackers also ‘impacting’ state, local governments. US cybersecurity agency says Full Text
Abstract
The top U.S. cybersecurity agency said that an extensive campaign that gave hackers access to networks at several federal agencies is also "impacting" state and local governments.The Hill
December 24, 2020 – Vulnerabilities
Google reported that Microsoft failed to fix a Windows zero-day flaw Full Text
Abstract
Google's Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google's Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability...Security Affairs
December 24, 2020 – Ransomware
Ransomware attack confirmed on Vermont Hospital Full Text
Abstract
The IT staff of the Vermont healthcare network said that the ransomware attack was launched through a server vulnerability and the hackers were demanding an enormous sum as ransom.Cybersecurity Insiders
December 24, 2020 – General
92% of all WordPress attacks are on Israeli sites: Report Full Text
Abstract
A whopping 92% of all brute-force hacking attacks on WordPress sites around the world in the last few months were targeted at Israeli sites, according to a report by Internet security company F5 Labs.The Jerusalem Post
December 24, 2020 – Business
HelpSystems Acquires Vera to Expand Data Security Offerings Full Text
Abstract
Deal comes amid increased demand for data security solutionsInfosecurity Magazine
December 24, 2020 – Criminals
‘UltraRank’ JavaScript-Sniffer Attack Campaign Hits Dozen E-Commerce Sites Full Text
Abstract
A cybercriminal gang known as "UltraRank" has launched a new campaign, targeting at least a dozen e-commerce sites to steal payment card data using a JavaScript sniffer, says security firm Group-IB.Info Risk Today
December 24, 2020 – Denial Of Service
Citrix confirms ongoing DDoS attack impacting NetScaler ADCs Full Text
Abstract
Citrix has confirmed today that an ongoing 'DDoS attack pattern' using DTLS as an amplification vector is affecting Citrix Application Delivery Controller (ADC) networking appliances with EDT enabled.BleepingComputer
December 24, 2020 – Breach
Fashion Marketplace 21 Buttons Exposes Millions of Users’ Data Full Text
Abstract
As discovered by vpnMentor on 2 November 2020 in a research report led by Noam Rotem, it was found that it exposed the data of hundreds of influencers due to an AWS bucket being misconfigured.Hackread
December 24, 2020 – Government
Government Security Experts Issue Farmers with New Advice Full Text
Abstract
NCSC guide intended to keep devices and software safe from attackInfosecurity Magazine
December 24, 2020 – Privacy
Coalition of human rights groups joins suit against Israeli firm NSO Full Text
Abstract
A coalition of human rights groups on Wednesday joined Facebook’s lawsuit against Israeli spyware vendor NSO, alleging that the company “prioritizes profit to the detriment of human rights.”Reuters
December 24, 2020 – Breach
Misconfigured AWS Bucket Exposes Hundreds of Social Influencers Full Text
Abstract
Victims could be targeted by stalkers and fraudstersInfosecurity Magazine
December 24, 2020 – Vulnerabilities
Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools Full Text
Abstract
Qualys said it identified more than 7.5 million instances related to vulnerabilities associated with the stolen FireEye tools and compromised versions of the SolarWinds Orion product.Security Week
December 24, 2020 – Government
The Hack Roundup: CISA Guidance Warns Affected Systems May Need to Be Rebuilt Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency released a guide for federal, state, and local government leaders on responding to the hack and an online hub for resources.Nextgov
December 24, 2020 – Malware
SolarStorm Timeline: Details of the Software Supply-Chain Attack Full Text
Abstract
While this is not the first software supply-chain compromise, it may be the most notable, as the attacker was trying to gain widespread, persistent access to a number of critical networks.Palo Alto Networks
December 24, 2020 – Policy and Law
New Lawsuit Takes Aim at Ring After Smart Doorbell Hijacking Full Text
Abstract
Incidents led to murder and sexual assault threats for usersInfosecurity Magazine
December 24, 2020 – Policy and Law
Lawmakers want more transparency on SolarWinds breach from State, VA Full Text
Abstract
Two Democratic senators are calling on the departments of State and Veterans Affairs to brief lawmakers on how their agencies have been impacted by the SolarWinds breach.Cyberscoop
December 24, 2020 – Vulnerabilities
Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug Full Text
Abstract
Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the flaw were revealed after Microsoft failed to patch it within 90 days of responsible disclosure on September 24. Originally tracked as CVE-2020-0986 , the flaw concerns an elevation of privilege exploits in the GDI Print / Print Spooler API ("splwow64.exe") that was reported to Microsoft by an anonymous user working with Trend Micro's Zero Day Initiative (ZDI) back in late December 2019. But with no patch in sight for about six months, ZDI ended up posting a public advisory as a zero-day on May 19 earlier this year, after which it was exploited in the wild in a campaign dubbed " Operation PowerFall " against an unnamed South Korean company. "splwow64.exe" is a Windows core system binary that allows 32-bit applications to cThe Hacker News
December 24, 2020 – Government
U.S. cyber agency says SolarWinds hackers are ‘impacting’ state, local governments Full Text
Abstract
The CISA said on Wednesday that a sprawling cyber espionage campaign made public earlier this month is affecting state and local governments, although it released few additional details.Reuters
December 24, 2020 – Ransomware
Indian pharma firms at high ransomware attack risk in 2021 Full Text
Abstract
Targeted ransomware attacks on the healthcare and pharma sector will surge in India in 2021 as companies finalize their vaccines to fight Covid-19, a new report said on Wednesday.The Times Of India
December 24, 2020 – Criminals
Bulletproof VPN Seized by Global Police Operation for Providing Services to CyberCriminals Full Text
Abstract
United States law enforcement joins international partners to disrupt a VPN service used to facilitate criminal activity. The Safe-Inet, a virtual private...Cyber Security News
December 24, 2020 Stealthy Magecart – Malware
Stealthy Magecart Accidentally Leaks the List of Infected Stores Full Text
Abstract
Recently, Sansec has found a clever remote access trojan (RAT), that has been sneaking in the lanes of hacked eCommerce servers. According...Cyber Security News
December 23, 2020 – General
FBI: Iran behind pro-Trump ‘enemies of the people’ doxing site Full Text
Abstract
Iranian cyber actors are likely behind a campaign that encouraged deadly violence against U.S. state officials certifying the 2020 election results.BleepingComputer
December 23, 2020 – Business
Can SolarWinds survive? For breached companies it’s a long, painful road to restoring trust Full Text
Abstract
Communicating with the public, working with stakeholders and convincing insurers that root security failures have been addressed are all part of how companies come back from a bad breaches. But it still may not be enough.SCMagazine
December 23, 2020 – Phishing
PSA: Active Chase phishing scam pretends to be fraud alerts Full Text
Abstract
A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked.BleepingComputer
December 23, 2020 – Education
SolarWinds: The Need for Persistent Engagement Full Text
Abstract
The SolarWinds campaign reveals important lessons for U.S. cyber strategy.Lawfare
December 23, 2020 – Phishing
Credential phishing attack impersonating USPS targets consumers over the holidays Full Text
Abstract
The credential phishing attack impersonated the U.S. Postal Service that sought to get victims to give up their credit card credentials and pay a special delivery fee within three days to ensure package delivered.SCMagazine
December 23, 2020 – Vulnerabilities
Windows zero-day with bad patch gets new public exploit code Full Text
Abstract
Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.BleepingComputer
December 23, 2020 – General
Microsoft 365 admins can now get security incident email alerts Full Text
Abstract
Microsoft has added support for security incident email notifications to the Microsoft 365 Defender enterprise threat protection solution.BleepingComputer
December 23, 2020 – Policy and Law
US Teen Accused of Deadly Cyber-stalking Campaign Full Text
Abstract
New Yorker accused of cyber-stalking a woman and soliciting others to rape, murder, and decapitate herInfosecurity Magazine
December 23, 2020 – Hacker
Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack Full Text
Abstract
The nation-state actor is looking to speed up vaccine development efforts in North Korea.Threatpost
December 23, 2020 – Hacker
Lazarus Attacks Vaccine Research Full Text
Abstract
APT group Lazarus attacks two targets related to COVID-19 vaccine researchInfosecurity Magazine
December 23, 2020 – Privacy
UK privacy watchdog warns SolarWinds victims to report data breaches Full Text
Abstract
United Kingdom's Information Commissioner's Office (ICO) has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery.BleepingComputer
December 23, 2020 – Breach
Cyber-Attack on European Court of Human Rights Full Text
Abstract
Europe’s human rights court hit by cyber-criminals after calling for release of Turkish political leaderInfosecurity Magazine
December 23, 2020 – General
Holiday deal exclusive: Get 20% off Emsisoft Anti-Malware Full Text
Abstract
Emsisoft has provided BleepingComputer visitors an exclusive holiday deal where you can get 20% off Emsisoft Anti-Malware until the end of the year.BleepingComputer
December 23, 2020 – APT
Now Fox Kitten APT Deploys Pay2Key Ransomware to Create Panic Full Text
Abstract
The Iranian-backed Fox Kitten hacking group is suspected to be behind the nefarious acts of Pay2Key ransomware that began a new wave of attacks in November-December 2020.Cyware Alerts - Hacker News
December 23, 2020 – Government
Top Democrat: ‘Critical’ that Pompeo brief senators on SolarWinds hack at State Dept. Full Text
Abstract
The top Democrat on the Senate Foreign Relations Committee is calling on Secretary of State Mike Pompeo to brief senators on the massive SolarWinds hack by suspected Russian hackers and its effect on the State Department.The Hill
December 23, 2020 – Education
Third-Party APIs: How to Prevent Enumeration Attacks Full Text
Abstract
Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it.Threatpost
December 23, 2020 – Government
DHS warns of data theft risk when using Chinese products Full Text
Abstract
The US Department of Homeland Security (DHS) warned American businesses of the data theft risks behind using equipment and data services provided by companies linked with the People's Republic of China (PRC).BleepingComputer
December 23, 2020 – Education
Ransomware attacks could be about to get even more dangerous and disruptive Full Text
Abstract
Cybercriminals lock down networks for one simple reason: it's the quickest and easiest way to make money from a compromised organization and they're unlikely to get caught.ZDNet
December 23, 2020 – Business
Semperis Appoints Igor Baikalov as Chief Scientist Full Text
Abstract
Baikalov is tasked with developing the company's identity analytics and machine learning capabilitiesInfosecurity Magazine
December 23, 2020 – Business
SolarWinds Claims Execs Unaware of Breach When They Sold Stock Full Text
Abstract
Texas-based SolarWinds told the U.S. Securities and Exchange Commission (SEC) that its executives were not aware that the company had been breached when they decided to sell stock.Security Week
December 23, 2020 – Government
Nuclear weapons agency updates Congress on hacking attempt Full Text
Abstract
Energy Secretary Dan Brouillette, DOE’s Chief Information Officer Rocky Campione, and NNSA CIO Wayne Jones all participated in the briefings to the relevant congressional oversight bodies.Politico
December 23, 2020 – Education
CISA Releases Draft Use Case For Securing Remote, Mobile and Teleworking Connections Full Text
Abstract
Federal officials dropped a holiday gift for cybersecurity managers across the government: the draft remote user use case for the latest iteration of the Trusted Internet Connection, or TIC, policy.Nextgov
December 23, 2020 – Botnet
Tool shows what bad bot traffic ‘sounds’ like. Is there a practical application? Full Text
Abstract
“Botronica” translates human bot traffic into sounds as a creative way to generate awareness of malicious bot activity.SCMagazine
December 23, 2020 – Phishing
Emotet Returns to Hit 100K Mailboxes Per Day Full Text
Abstract
Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.Threatpost
December 23, 2020 – Government
U.S. House intel chair wants briefing on recent hacking campaign Full Text
Abstract
U.S. House Intelligence Committee chairman Adam Schiff on Tuesday asked for a briefing from U.S. agencies about a widespread hack of U.S. government networks and potential vulnerabilities.Reuters
December 23, 2020 – Vulnerabilities
QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities Full Text
Abstract
QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage (NAS) devices running the QES, QTS, and QuTS hero operating systems.BleepingComputer
December 23, 2020 – Ransomware
Germany’s Funke Media Group Faces Publishing Delays Due to Potential Ransomware Attack Full Text
Abstract
The Funke media group said the attack affected numerous computer systems at editorial offices and printing plants across the country, and prevented the publishing of its Wednesday editions.Washington Post
December 23, 2020 – Government
Homeland Security: Chinese business dealings a ‘grave threat’ to data security Full Text
Abstract
The DHS advisory covers the various Chinese laws allowing Beijing to access data with employees, leadership, or ownership within its borders.SCMagazine
December 23, 2020 – Government
DHS warns against using Chinese hardware and digital services Full Text
Abstract
The US Department of Homeland Security has published a "business advisory" today warning US companies against using hardware equipment and digital services created or linked to Chinese companies.ZDNet
December 23, 2020 – Breach
European medicines regulator says cyberattack limited to one IT application Full Text
Abstract
Data related to COVID-19 medicines and vaccines was the target of a cyberattack earlier this month, and the hackers accessed documents belonging to third parties, the regulator said.Reuters
December 23, 2020 – Hacker
Cellebrite claims to be able to access Signal messages Full Text
Abstract
Israeli cyber security firm Cellebrite claims that it can decrypt messages from the popular Signal's messaging app. Israeli security firm Cellebrite has claimed that it can decrypt messages from the Signal highly secure messaging app. The BBC reported...Security Affairs
December 23, 2020 – Hacker
Lazarus covets COVID-19-related intelligence Full Text
Abstract
While tracking the Lazarus group’s campaigns targeting various industries, Kaspersky found that they recently went after COVID-19-related entities, including a pharma firm and a government ministry.Kaspersky Labs
December 23, 2020 – Policy and Law
Google Faces its 3rd Major Antitrust Lawsuit for Using Monopolistic Powers to Control Pricing Full Text
Abstract
Recently Google faced the 3rd antitrust lawsuit, and it's one of the major lawsuits for using Monopolistic powers to control different pricing....Cyber Security News
December 23, 2020 – Policy and Law
Google Faces its 3rd Major Antitrust Lawsuit for Using Monopolistic Powers to Control Pricing Full Text
Abstract
Recently Google faced the 3rd antitrust lawsuit, and it's one of the major lawsuits for using Monopolistic powers to control different pricing....Cyber Security News
December 23, 2020 – Government
US agencies conclude Iran is likely behind website aimed at stoking violence against election officials Full Text
Abstract
The FBI and the Department of Homeland Security have concluded that Iran is very likely behind a website apparently aimed at inciting violence against election officials as well as the FBI director.Cyberscoop
December 23, 2020 – Ransomware
Jefferson County PVA office hit by ransomware attack Full Text
Abstract
The Jefferson County Property Valuation Administrator's office has been hit by a ransomware attack, in which hackers are holding the agency's data hostage, PVA Colleen Younger said in an interview.WDRB
December 23, 2020 – Malware
SolarWinds Campaign Focuses Attention on ‘Golden SAML’ Attack Vector Full Text
Abstract
According to Sygnia, the Golden SAML technique involves attackers first gaining administrative access to an organization's ADFS server and stealing the necessary private key and signing certificate.Dark Reading
December 23, 2020 – Covid-19
How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis Full Text
Abstract
As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol's COVID-19 Cybercrime Analysis Report , based on the feedback of 194 countries, phishing/scam/fraud, malware/ransomware, malicious domains, and fake news have emerged as the biggest digital threats across the world in the wake of the pandemic. Image source: interpol.int There are primarily two reasons for emerging cyber threats in 2020: Most of the population is working, learning, shopping, or running their business from home, where they're using personal devices from the home/public internet connection, which are usually unsafe and hence highly vulnerable to cybercrimes. The cybercriminals are using the COVID-19 theme to exploit people andThe Hacker News
December 23, 2020 – Business
Cyber Insurance Market Expected to Surge in 2021 Full Text
Abstract
Orgs increasingly looking to protect themselves from the impact of cyber-attacksInfosecurity Magazine
December 23, 2020 – Phishing
Does a friend “need money urgently”? Check your facts before paying out Full Text
Abstract
In this scam, the cybercriminals were using stolen Messenger passwords to phish for yet more Messenger passwords by sending messages that genuinely seemed to come from friends and family.Sophos
December 23, 2020 – Breach
Leaky Server Exposes 12 Million Medical Records to Meow Attacker Full Text
Abstract
Extortion and fraud risks persist for tens of thousands of patientsInfosecurity Magazine
December 23, 2020 – Education
Three reasons why context is key to narrowing your attack surface Full Text
Abstract
Today’s typical six-layer enterprise technology stack consists of networking, storage, physical servers, as well as virtualization, management, and application layers, which increases security challenges.Help Net Security
December 23, 2020 – Vulnerabilities
Web Page Layout Can Trick Users into Divulging More Info Full Text
Abstract
Ben-Gurion University researchers reveal new tactics for marketers and cyber-criminalsInfosecurity Magazine
December 23, 2020 – Vulnerabilities
CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws.Security Week
December 23, 2020 – Government
US: Buying Chinese Tech is a “Grave Threat” to Your Data Security Full Text
Abstract
DHS advisory warns businesses of state-mandated IP theft risksInfosecurity Magazine
December 23, 2020 – Phishing
Emotet Campaign Restarts After Seven-Week Hiatus Full Text
Abstract
Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.Dark Reading
December 23, 2020 – Policy and Law
Law enforcement take down three bulletproof VPN providers Full Text
Abstract
The three services were active at insorg.org [2014 snapshot], safe-inet.com [2013 snapshot], and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday.ZDNet
December 23, 2020 – General
Research: nearly all of your messaging apps are secure Full Text
Abstract
CyberNews Investigation team analyzed the 13 most popular messaging apps to see if the apps are really safe. Source: https://cybernews.com/security/research-nearly-all-of-your-messaging-apps-are-secure/ In recent research, the CyberNews Investigation...Security Affairs
December 22, 2020 – Vulnerabilities
New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices Full Text
Abstract
The US Cybersecurity Infrastructure and Security Agency (CISA) has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks. The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two of these are rated critical in severity. Treck's embedded TCP/IP stack is deployed worldwide in manufacturing, information technology, healthcare, and transportation systems. The most severe of them is a heap-based buffer overflow vulnerability ( CVE-2020-25066 ) in the Treck HTTP Server component that could permit an adversary to crash or reset the target device and even execute remote code. It has a CVSS score of 9.8 out of a maximum of 10. The second flaw is an out-of-bounds write in the IPv6 component ( CVE-2020-27337 , CVSS score 9.1) that could be exploited by an unauthenticatedThe Hacker News
December 22, 2020 – Government
Biden blasts Trump administration over SolarWinds attack response Full Text
Abstract
U.S. President-Elect Joe Biden has criticized the Trump administration over the lack of response regarding the SolarWinds response and for failing to officially attribute the attacks.BleepingComputer
December 22, 2020 – General
Hillicon Valley: Google denies allegations in DOJ antitrust complaint | Biden faults Trump after hack | Biden campaign says Twitter will wipe POTUS account’s followers Full Text
Abstract
DENY, DENY, (PARTIALLY) DENY: Google formally responded to the Department of Justice’s antitrust complaint against it Monday night, denying or partially denying nearly all of the 200 allegations in the lawsuit.The Hill
December 22, 2020 – Breach
Researchers shared the lists of victims of SolarWinds hack Full Text
Abstract
Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control...Security Affairs
December 22, 2020 – Vulnerabilities
Vulnerabilities found in Dell Wyse thin clients could enable access to arbitrary files Full Text
Abstract
In the U.S. alone, some 6,000 companies and organizations run Dell Wyse thin clients inside their networks, many of which are health care providers.SCMagazine
December 22, 2020 – Phishing
Holiday Puppy Swindle Has Consumers Howling Full Text
Abstract
Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.Threatpost
December 22, 2020 – Breach
Roanoke College delays spring semester after cyberattack Full Text
Abstract
Roanoke College has delayed their spring semester by almost a month after a cyberattack has impacted files and data access.BleepingComputer
December 22, 2020 – Government
Biden faults Trump administration on cybersecurity following massive hack Full Text
Abstract
President-elect Joe Biden on Tuesday accused the Trump administration of failing to prioritize cybersecurity in the wake of a far-reaching breach of private and government systems and promised a serious response when he takes office.The Hill
December 22, 2020 – Education
The SolarWinds hack, and the danger of arrogance Full Text
Abstract
As a journalist I’ve spent years reporting about both our country’s strengths and weaknesses, mostly within the tech and government space. And yet, even in my own reporting and that of my peers, there is this precept that the U.S. is among the most advanced – superior even – in most every area of consequence.SCMagazine
December 22, 2020 – Ransomware
Backups are a tool – not a silver bullet – in the fight against ransomware Full Text
Abstract
How a company sets up their IT environment, where they place their backups in relation to the rest of their network and how they communicate with their cloud providers all make a difference in how effectively a business can insulate itself from ransomware.SCMagazine
December 22, 2020 – Policy and Law
Safe-Inet, Insorg VPN services shut down by law enforcement Full Text
Abstract
Law enforcement agencies around the world in a coordinated effort took down and seized the infrastructure supporting Safe-Inet and Insorg VPN and proxy services known for catering cybercriminal activity.BleepingComputer
December 22, 2020 – Malware
Hackers Hide Malware in RubyGems Packages Full Text
Abstract
Actors are using malicious RubyGems packages in a supply chain attack to steal cryptocurrency from potential victims. Such attempts by cyber adversaries signal growing threats from various software components.Cyware Alerts - Hacker News
December 22, 2020 – Phishing
Phishers Spoof New York Department of Labor Full Text
Abstract
Attacker impersonates New York State to steal sensitive data from seekers of COVID-19 financial reliefInfosecurity Magazine
December 22, 2020 – Criminals
Thousands of Emulated Mobile Devices Used to Steal Millions of Dollars Full Text
Abstract
IBM Trusteer researchers laid bare an automated mobile fraud operation that initiated illicit transactions and stole millions from the bank accounts of thousands of customers.Cyware Alerts - Hacker News
December 22, 2020 – Malware
Brand New Agent Tesla Now has Improved Data Exfiltration Features Full Text
Abstract
Less-popular web browsers and email clients are under attack by the infamous keylogger Agent Tesla, which is also expanding in its targets with improved data exfiltration features.Cyware Alerts - Hacker News
December 22, 2020 – Breach
SolarWinds hackers breached US Treasury officials’ email accounts Full Text
Abstract
US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack.BleepingComputer
December 22, 2020 – Policy and Law
Shabang Banged to Rights Full Text
Abstract
Silk Road lies send computer programmer “Shabang” to prisonInfosecurity Magazine
December 22, 2020 – Breach
Workplace Pension Provider ‘NOW: Pensions’ Informs 1.7 Million Customers of Data Leakage Incident Full Text
Abstract
Workplace pension provider NOW: Pensions has emailed 1.7 million UK customers to warn about a data leakage caused by contractor error involving the posting of user data to a "public software forum".The Register
December 22, 2020 – Policy and Law
The New IOT Security Act Shows the Limits of Congressional Policymaking for Cybersecurity Full Text
Abstract
The new legislation is largely a ratification of measures already underway or completed.Lawfare
December 22, 2020 – Education
Farmers get their own security advice as cyberattacks increase Full Text
Abstract
With an eye on the future of agriculture and tech, the UK's NCSC has published guidance to help the farming sector respond to the same threats many other organizations face.ZDNet
December 22, 2020 – General
The Need for Socialization of Machines in Cybersecurity Full Text
Abstract
New technologies such as cyber fusion are enhancing security automation further by supporting end-to-end orchestration between machines and humans within a single unified environment, with minimal manual intervention.December 22, 2020 – Outage
Google Explains YouTube, Gmail, Cloud Service Outage Full Text
Abstract
Google said one of its automated tools used to manage the quota of various resources allocated for services contained a bug that caused error in authentication results, leading to the service outage.Security Week
December 22, 2020 – Criminals
Police Seize VPN Service Beloved by Cyber-criminals Full Text
Abstract
German police lead operation to shut down Safe-Inet service and seize its infrastructureInfosecurity Magazine
December 22, 2020 – Privacy
Tech Giants Lend WhatsApp Support in Spyware Case Against NSO Group Full Text
Abstract
Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.Threatpost
December 22, 2020 – Criminals
Cybercriminals’ Favorite Bulletproof VPN Service Shuts Down In Global Action Full Text
Abstract
Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre (EC3), announced today the coordinated takedown of Safe-Inet, a popular virtual private network (VPN) service that was used to facilitate criminal activity. The three domains in question — insorg[.]org, safe-inet[.]com, and safe-inet[.]net — were shut down, and their infrastructure seized as part of a joint investigation called "Operation Nova." Europol called Safe-Inet a cybercriminals' " favorite ." A crucial reason for the domains' seizure has been their central role in facilitating ransomware, carrying out web-skimming, spear-phishing, and account takeover attacks. The service, which comes with support for Russian and English languages and has been active for over a decade, offered " bulletproof hosting services " to website visitors, often at a steep price at a high price to the criminal underworld. As ofThe Hacker News
December 22, 2020 – Covid-19
FBI warns of ongoing COVID-19 vaccine related fraud schemes Full Text
Abstract
US federal agencies have warned about scammers exploiting the public's interest in the COVID-19 vaccine to harvest personal information and steal money through multiple ongoing and emerging fraud schemes.BleepingComputer
December 22, 2020 – Criminals
Bulletproof VPN services took down in a global police operation Full Text
Abstract
A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. A joint operation conducted by law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands...Security Affairs
December 22, 2020 – Breach
TennCare announces privacy breach impacting 3,300 members Full Text
Abstract
TennCare, Gainwell Technologies LLC, and Axis Direct, Inc. announced a privacy breach impacting the health information of around 3,300 Tennessee Medicaid members in a joint statement on Monday.WKRN
December 22, 2020 – Breach
SolarWinds victims revealed after cracking the Sunburst malware DGA Full Text
Abstract
Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware, after ongoing investigations of the SolarWinds supply chain attack.BleepingComputer
December 22, 2020 – Ransomware
Microsoft and McAfee headline newly-formed ‘Ransomware Task Force’ Full Text
Abstract
A group made up of 19 security firms, tech companies, and non-profits, including Microsoft and McAfee, announced on Monday plans to form a new coalition to deal with the rising threat of ransomware.ZDNet
December 22, 2020 – Vulnerabilities
Dozens of US organizations also used software targeted by Russian hackers: analysis Full Text
Abstract
Several major technology and accounting firms are among 24 U.S. organizations that used software targeted by Russian hackers in a cyberattack that breached federal agencies, according to The Wall Street Journal.The Hill
December 22, 2020 – Breach
Ministry of Justice Suffers 17 Serious Data Breaches Last Year Full Text
Abstract
The breaches affected 121,355 peopleInfosecurity Magazine
December 22, 2020 – Ransomware
Ellensburg is the victim of a ransomware cyberattack Full Text
Abstract
Officials from the City of Ellensburg announced that it was the victim of a cyberattack. The city is now working with both local and federal law enforcement to better understand the issue.Yaktri News
December 22, 2020 – Breach
Huntsville City Schools warns about personal information possibly compromised in cyber attack Full Text
Abstract
The impacted information includes State Student Identification numbers and social security numbers of employees from 2013, 2016, and 2020, along with email addresses of parents this year.WAAY TV
December 22, 2020 – Hacker
Threat Actors Increasingly Using VBA Purging in Attacks Full Text
Abstract
Initially detailed in February 2020, VBA purging involves the use of VBA source code only within Office documents, instead of the typically compiled code, and ensures better detection evasion.Security Week
December 22, 2020 – Breach
Reflections on the SolarWinds Breach Full Text
Abstract
The timeline of the breach is still unfolding, but it is not too early to offer a number of high-level observations and predictions.Lawfare
December 22, 2020 – Hacker
Patrick Wardle on Hackers Leveraging ‘Powerful’ iOS Bugs in High-Level Attacks Full Text
Abstract
Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.Threatpost
December 22, 2020 – Breach
Stealthy Magecart Attack Accidentally Leaks the List of Infected Stores Full Text
Abstract
Recently, Sansec has found a clever remote access trojan (RAT), that has been sneaking in the lanes of hacked eCommerce servers. According...Cyber Security News
December 22, 2020 – Policy and Law
European Commission Proposes Bold Steps on Cybersecurity Full Text
Abstract
NIS 2 seeks to promote voluntary cyberthreat information sharing by directing Member States to ensure that covered entities can share cyberthreat information among themselves to improve cybersecurity.Palo Alto Networks
December 22, 2020 – Business
Cybereason Adopts Oracle Cloud Infrastructure to Enhance its Platform Security Full Text
Abstract
The two companies will also jointly market and sell solutionsInfosecurity Magazine
December 22, 2020 – General
Firefox to ship ‘network partitioning’ as a new anti-tracking defense Full Text
Abstract
The new Firefox feature is based on "Client-Side Storage Partitioning," a new standard currently being developed by the World Wide Web Consortium's Privacy Community Group.ZDNet
December 22, 2020 – Policy and Law
Tech Giants Support Facebook in Case Against Spyware Maker Full Text
Abstract
Israeli firm NSO Group is claiming sovereign immunityInfosecurity Magazine
December 22, 2020 – General
Russia Officially Denies Large-scale US Hack Full Text
Abstract
While the US has not publicly identified the attackers, Reuters reported that "three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack."Infosecurity Magazine
December 22, 2020 – Education
Just 8% of Firms Offer Regular Security Training Full Text
Abstract
Remote workers exposed as businesses ignore cyber riskInfosecurity Magazine
December 22, 2020 – Breach
Cisco, SAP, Intel, Nvidia, and Many Others Named in List of Organizations Infected by Sunburst Malware Full Text
Abstract
The biggest names on this list include Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.ZDNet
December 22, 2020 – Ransomware
Big Tech Joins Up to Ransomware Task Force Full Text
Abstract
Institute for Security and Technology hoping to make a big impactInfosecurity Magazine
December 22, 2020 – Education
Here is what we know — and don’t know — about the suspected Russian hack Full Text
Abstract
U.S. officials are deeply concerned about a massive and ongoing cyberattack targeting large companies and U.S. agencies, including the U.S. Treasury and Commerce Department.CBS News
December 22, 2020 – Phishing
Researchers Warn Consumers to Not Use Bitcoin to Buy “Hatched” German Shepherds This Holiday Season Full Text
Abstract
Anomali found 17 websites engaging in pet fraud activities for birds and cats, as well as one phone number match for a Facebook page car fraud scheme, and one number for an essential oils scam.Anomali
December 22, 2020 – Vulnerabilities
An Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554) Full Text
Abstract
On December 4, 2020, the Kubernetes Product Security Committee disclosed a new medium-severity vulnerability (CVE-2020-8554) affecting all Kubernetes versions and is currently unpatched.Palo Alto Networks
December 22, 2020 – Hacker
A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says Full Text
Abstract
As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor," Microsoft 365 research team said on Friday in a post detailing the Sunburst malware. What makes the newly revealed malware, dubbed "Supernova," different is that unlike the Sunburst DLL, Supernova ("app_web_logoimagehandler.ashx.b6031896.dll") is not signed with a legitimate SolarWinds digital certificate, signaling that the compromise may be unrelated to the previously disclosed supply chain attack. In a standalone write-up ,The Hacker News
December 22, 2020 – Phishing
Phishing Campaign Uses New York Department of Labor Logo and Pandemic Aid Info to Steal Private Information Full Text
Abstract
Security researchers have identified a new phishing campaign using a message purportedly from the New York Department of Labor to trick people into giving the attackers personal data.Bit Defender
December 22, 2020 – Privacy
IMF could track your browsing history to determine credit score Full Text
Abstract
IMF researchers hinted at the possibility of using a user’s browsing history, including search and purchasing data, for more accurately determining the person or business’ credit rating.Hackread
December 22, 2020 – Policy and Law
Microsoft, Google, Cisco, Dell join legal battle against hacking company NSO Full Text
Abstract
The tech giants on Monday joined Facebook’s legal battle against hacking company NSO, filing an amicus brief in federal court that warned that the Israeli firm’s tools were “powerful, and dangerous.”Reuters
December 22, 2020 – Government
‘Dozens of email accounts’ were hacked at U.S. Treasury -Senator Wyden Full Text
Abstract
Dozens of email accounts at the U.S. Treasury Department were compromised by hackers in the recent cyber-espionage campaign, the office of U.S. Senator Ron Wyden said on Monday.Reuters
December 22, 2020 – Breach
VMware and Cisco also impacted by the SolarWinds hack Full Text
Abstract
The IT giants VMware and Cisco revealed they were impacted by the recently disclosed SolarWinds supply chain attack. VMware and Cisco confirmed to have been both impacted by the recent SolarWinds hack. A recent advisory published by the NSA is warning...Security Affairs
December 21, 2020 – Government
Senate Democrat says cyberattack on Treasury ‘appears to be significant’ Full Text
Abstract
Sen. Ron Wyden (D-Ore.) said on Monday that a cyberattack at the Department of Treasury reported by media outlets last week “appears to be significant.”The Hill
December 21, 2020 – Ransomware
Trucking giant Forward Air hit by new Hades ransomware gang Full Text
Abstract
Trucking and freight logistics company Forward Air has suffered a ransomware attack by a new ransomware gang that has impacted the company's business operations.BleepingComputer
December 21, 2020 – Vulnerabilities
Millions of Unpatched IoT and OT Devices at Risk Full Text
Abstract
According to researchers at Armis, around 97 percent of the OT devices affected by URGENT/11 (a group of vulnerabilities) are not patched, even though fixes are being delivered.Cyware Alerts - Hacker News
December 21, 2020 – Vulnerabilities
Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices Full Text
Abstract
A team of researchers today unveils two critical security vulnerabilities it discovered in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below. Dell has addressed both the vulnerabilities in an update released today. The flaws also have a CVSS score of 10 out of 10, making them critical in severity. Thin clients are typically computers that run from resources stored on a central server instead of a localized hard drive. They work by establishing a remote connection to the server, which takes care of launching and running applications and storing relevant data. Tracked as CVE-2020-29491 and CVE-2020-29492 , the security shortcomings in Wyse's thin clients stem from the fact that the FTP sessions used to pullThe Hacker News
December 21, 2020 – General
Russia Officially Denies Large-scale US Hack Full Text
Abstract
Kremlin spokesperson states that Russia was not behind hack of SolarWinds’ Orion softwareInfosecurity Magazine
December 21, 2020 – Vulnerabilities
Dell Wyse ThinOS flaws allow hacking think clients Full Text
Abstract
Multiple Dell Wyse thin client models are affected by critical vulnerabilities that could be exploited by a remote attacker to take over the devices. Critical vulnerabilities tracked as CVE-2020-29492 and CVE-2020-29491 affect several...Security Affairs
December 21, 2020 – Education
Breach alerts dismissed as junk? New guide for sending vital emails may help Full Text
Abstract
The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But steps may be required to ensure these and other critical messages don’t get ignored, bounced or quarantined.SCMagazine
December 21, 2020 – Education
Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat Full Text
Abstract
A survey of single people found almost a third are still logging into their ex’s social-media accounts, some for revenge.Threatpost
December 21, 2020 – Breach
EXMO cryptocurrency exchange hacked, loses 5% of total assets Full Text
Abstract
British cryptocurrency exchange EXMO has disclosed that unknown attackers withdrew almost 5% of its total assets after compromising its hot wallets.BleepingComputer
December 21, 2020 – Malware
New AridViper Malware Targets Outlook Users Full Text
Abstract
Palo Alto’s Unit42 research team has recently found hacking group AridViper (aka APT-C-23) dropping a new malware called PyMicropsia to target victims in the Middle Eastern region.Cyware Alerts - Hacker News
December 21, 2020 – Government
Barr says Russia appears to be behind massive hack Full Text
Abstract
Attorney General William Barr on Monday said that Russia is likely behind the unprecedented hack into multiple federal agencies and thousands of private entities, becoming the second senior administration official to place the blame on Moscow in contradiction to statements by President TrumpDonald TrumpTrump signs bill extending government funding for 24 hours Congress passes one-day stopgap bill ahead of shutdown deadline What is in the 0 billion coronavirus relief bill MORE.The Hill
December 21, 2020 – Business
BlueHalo Acquires Base2 and Fortego Full Text
Abstract
BlueHalo announces acquisition of Maryland companies Base2 and FortegoInfosecurity Magazine
December 21, 2020 – Vulnerabilities
SUPERNOVA, a backdoor found while investigating SolarWinds hack Full Text
Abstract
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that...Security Affairs
December 21, 2020 – 5G
Migrating to standalone networks won’t secure 5G Full Text
Abstract
The stack of technologies that 5G uses could allow attacks aimed at operator networks as well as subscribers, launched from international roaming networks, operator networks or even partner networks providing access to services.SCMagazine
December 21, 2020 – Education
Defending Against State and State-Sponsored Threat Actors Full Text
Abstract
Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world.Threatpost
December 21, 2020 – Vulnerabilities
Critical bugs in Dell Wyse ThinOS allow thin client take over Full Text
Abstract
Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files.BleepingComputer
December 21, 2020 – Phishing
Subway UK Marketing System Hacked to Send TrickBot-Laden Phishing Emails Full Text
Abstract
The threat actors were successful in gaining access to Subway UK customers' names and email addresses by hacking a Subcard server responsible for its email campaigns.Cyware Alerts - Hacker News
December 21, 2020 – Government
Breakup Plan for Cyber Command and NSA Full Text
Abstract
Trump administration reveals plan to split up leadership of US Cyber Command and the National Security AgencyInfosecurity Magazine
December 21, 2020 – Education
Simplifying Proactive Defense With Threat Playbooks Full Text
Abstract
FortiGuard Labs’ Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs.Threatpost
December 21, 2020 – Phishing
US seizes domains used for COVID-19 vaccine phishing attacks Full Text
Abstract
The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines.BleepingComputer
December 21, 2020 – General
Another Avalanche of Zero-day Threats has Arrived Full Text
Abstract
In recent months, there has been a barrage of zero-day vulnerabilities affecting popular software and devices, including several WordPress plugins, VMware products, Google Chrome, and others.Cyware Alerts - Hacker News
December 21, 2020 – Breach
Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow Full Text
Abstract
Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks.Threatpost
December 21, 2020 – Hacker
A second hacking group has targeted SolarWinds systems Full Text
Abstract
Security researchers have discovered a second threat actor that has exploited the SolarWinds software to plant Supernova and CosmicGale malware on corporate and government networks.ZDNet
December 21, 2020 – Ransomware
Institute for Security and Technology launches multisector ransomware task force Full Text
Abstract
The goal is not to reinvent the wheel, but to synthesize the work that has already been done into coherent solutions.SCMagazine
December 21, 2020 – Breach
VMware latest to confirm breach in SolarWinds hacking campaign Full Text
Abstract
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks and said that the hackers did not make any attempts of further exploitation after gaining access through the deployed backdoor.BleepingComputer
December 21, 2020 – Ransomware
Ransomware Attacks Surge in Q3 as Cyber-Criminals Shift Tactics Full Text
Abstract
Ransomware accounts for over half of all malware attacks in Q3Infosecurity Magazine
December 21, 2020 – Privacy
Open source privacy project TinyCheck turns your Raspberry Pi into a stalkerware detection unit Full Text
Abstract
TinyCheck is open source software designed to be used on a Raspberry Pi with WiFi dongle and touchscreen. It was developed by Félix Aimé, a senior security researcher at Kaspersky Lab.The Daily Swig
December 21, 2020 – Vulnerabilities
Script for detecting vulnerable TCP/IP stacks released Full Text
Abstract
Forescout released an open-source tool for detecting whether a network device runs one of the four open-source TCP/IP stacks (and their variations) affected by the Amnesia:33 vulnerabilities.Help Net Security
December 21, 2020 – Business
Gallagher Appoints Three New Cybersecurity Specialists Full Text
Abstract
The move is designed to help clients protect themselves against attacksInfosecurity Magazine
December 21, 2020 – Vulnerabilities
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis Full Text
Abstract
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.BleepingComputer
December 21, 2020 – Business
OneTrust raises $300 million to automate data governance and compliance Full Text
Abstract
This latest cash infusion comes after roughly a year, during which time OneTrust grew its customer base to more than 7,000 organizations across 100 countries, up from 3,000 as of July 2019.Venture Beat
December 21, 2020 – Government
Security experts warn of long-term risk tied to Energy Department breach Full Text
Abstract
The department formally confirmed the hackers’ tentacles had reached into the agency, but that the malware injected had been isolated to its business networks. Some security experts argue, however, that visibility into the IT network may give hackers a path to the OT network.SCMagazine
December 21, 2020 – General
Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again Full Text
Abstract
We still don't know the full harm done by Sunburst, the splendidly evil hack of its Orion network monitoring platform, but it was global in scope, deep in reach, and hit only the highest-value assets.The Register
December 21, 2020 – Education
How do we stop cyber weapons from getting out of control? Full Text
Abstract
It's vital that all countries follow international rules and norms if deploying cyber weapons, but some nations aren't being responsible when it comes to how they use cyber powers, officials said.ZDNet
December 21, 2020 – General
Disruption in 2020 paves the way for threat actors in 2021 and beyond Full Text
Abstract
As the global pandemic in the year 2020 accelerated trends like remote working and digital transformation, it has also created new cybersecurity challenges for organizations.Help Net Security
December 21, 2020 – Breach
Unsecured Cloud Storage Server Exposed 587,000 Confidential Files From Probase’s CRM Customers Full Text
Abstract
The blob containing 587,000 customer files was operated by Surrey-based app developer Probase, and appeared to be in the public cloud underpinning one of its CRM products.The Register
December 21, 2020 – Vulnerabilities
Common Security Misconfigurations and Their Consequences Full Text
Abstract
Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first one is development permissions that don't get changed when something goes live. For example, AWS S3 buckets are often assigned permissive access while development is going on. The issues arise when security reviews aren't carefully performed prior to pushing the code live, no matter if that push is for the initial launch of a platform or for updates. The result is straight-forward; a bucket goes live with the ability for anyone to read and write to and from it. This particular misconfiguration is dangerous; since the application is working and the site is loading for users, there's no visible indication that something is wrong until a threat actor hunting for open buckets stumThe Hacker News
December 21, 2020 – General
Stolen Card Prices Soar 225% in Two Years Full Text
Abstract
Flashpoint claims pandemic has had big impact on dark web pricingInfosecurity Magazine
December 21, 2020 – Policy and Law
Why Schrems II Might Not Be a Problem for EU-U.S. Data Transfers Full Text
Abstract
Nearly all U.S. companies should have no difficulty showing that U.S. surveillance authorities at issue will not interfere with their ability to comply with standard contractual clauses.Lawfare
December 21, 2020 – Vulnerabilities
Zero-day exploit used to hack iPhones of Al Jazeera employees Full Text
Abstract
Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber...Security Affairs
December 21, 2020 – Education
Telemed Poll Uncovers Biggest Risks and Best Practices Full Text
Abstract
What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll.Threatpost
December 21, 2020 – Breach
India: Telangana Government Exposed Sensitive Data of Its Employees, Pensioners Full Text
Abstract
The CERT-In confirmed the vulnerability and replied on email in September to say that the authorities had been intimated about the issue, and Telangana IT Secretary Jayesh Ranjan assured a fix.NDTV
December 21, 2020 – Policy and Law
New US Bill Will Punish Foreign Firms’ IP Theft Full Text
Abstract
Chinese companies should be prepared for more sanctionsInfosecurity Magazine
December 21, 2020 – Hacker
Threat Actors Overcome Fingerprint Scanning Technologies For Malicious Intent Full Text
Abstract
Researchers have discovered five new attack techniques, all of which can be launched from zero-permission malicious Android apps, and one can even work against all apps that integrate fingerprint API.Cyware Alerts - Hacker News
December 21, 2020 – Breach
Ledger data breach: Hacker leaks stolen database on hacker forum Full Text
Abstract
Ledger was quick to acknowledge the breach revealing that the stolen data contained email addresses full names, postal addresses, phone numbers, and details related to products ordered by customers.Hackread
December 21, 2020 – Government
Finnish government tables laws to protect data from cyber criminals Full Text
Abstract
At present, individuals are only permitted to change their personal ID numbers in exceptional cases, and the new law will tighten regulations and controls around secure handling of personal ID codes.Computer Weekly
December 21, 2020 – Encryption
Europol and European Commission Launch New Decryption Platform to Combat Encryption Misuse Full Text
Abstract
The new platform launched by Europol and the European Commission includes both software and hardware tools to provide help in accessing the encrypted material for law enforcement investigations.CISO MAG
December 21, 2020 – Policy and Law
US Indicts Former Zoom China Liaison for Doing PRC’s Bidding Full Text
Abstract
Employee accused of disrupting meetings to commemorate Tiananmen Square massacreInfosecurity Magazine
December 21, 2020 – Vulnerabilities
Facebook bug exposed email addresses of Instagram users Full Text
Abstract
A Nepal-based IT security researcher Saugat Pokharel identified a Facebook bug that exposed the private data of Instagram users, including their email addresses and birthdays.Hackread
December 21, 2020 – Government
NATO is checking its systems to determine the impact of SolarWinds hack Full Text
Abstract
“NATO also has cyber rapid reaction teams on standby to assist Allies 24 hours a day, and our Cyberspace Operations Centre is operational,” an unnamed NATO official told AFP.Security Affairs
December 21, 2020 – Malware
Malicious Chrome & Edge Extensions Installs Over 3 Million Store Full Text
Abstract
Czech Internet security giant Avast found out on December 16th that around 3 million people all over the world have been infected...Cyber Security News
December 21, 2020 – Ransomware
Clop ransomware gang paralyzed flavor and fragrance producer Symrise Full Text
Abstract
Flavor and fragrance producer Symrise is the last victim of the Clop ransomware gang that claims to have stolen 500 GB of unencrypted files. Symrise AG, a major producer of flavours and fragrances, was hit by Clop ransomware operators. The threat...Security Affairs
December 21, 2020 – Privacy
Some UK Stores Are Using Facial Recognition to Track Shoppers Full Text
Abstract
Branches of Co-op in the south of England have been using real-time facial recognition cameras to scan shoppers entering stores. It was quietly introduced for limited trials during the last 18 months.Wired
December 21, 2020 – Breach
Physical addresses of 270K Ledger owners leaked on hacker forum Full Text
Abstract
A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.BleepingComputer
December 21, 2020 – Ransomware
Ransomware Operators Using SystemBC Backdoor with Tor proxy & RAT Futures to Attack New Targets Full Text
Abstract
SystemBC is a commodity malware sold on undercover marketplaces; ransomware-as-a-service (RaaS) operations are practicing this malware to disguise all kind of malicious...Cyber Security News
December 21, 2020 – Malware
Dozens of Journalists’ iPhones Hacked with NSO ‘Zero-Click’ Spyware Full Text
Abstract
Citizen Lab researchers say they have found evidence that dozens of journalists had their iPhones silently compromised with spyware known to be used by nation-states. The spyware was silently delivered, likely over iMessage.TechCrunch
December 20, 2020 – Government
Romney calls for response ‘of like magnitude or greater’ to Russia hack Full Text
Abstract
Sen. Mitt Romney (R-Utah) called for a response to a cyberattack on U.S. government systems on Sunday, and said that Russia should face consequences for its alleged involvement.The Hill
December 20, 2020 – General
Security Affairs newsletter Round 293 Full Text
Abstract
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Hacked Subway UK marketing system used in TrickBot phishing campaignPay2Key hackers stole data...Security Affairs
December 20, 2020 – Ransomware
Flavors designer Symrise halts production after Clop ransomware attack Full Text
Abstract
Flavor and fragrance developer Symrise has suffered a Clop ransomware attack where the attackers allegedly stole 500 GB of unencrypted files and encrypted close to 1,000 devices.BleepingComputer
December 20, 2020 – Policy and Law
Krebs: US should be ‘cautious’ about escalating cyber war with Russia Full Text
Abstract
Former Cybersecurity and Infrastructure Security Agency (CISA) chief Christopher Krebs in an interview on Sunday poured cold water on lawmakers' calls for retaliation in response to a cyber intrusion at numerous government agencies believed to be carried out by Russia.The Hill
December 20, 2020 – Policy and Law
Lawfare Live: U.S. Cyber Strategy and the SolarWinds Breach Full Text
Abstract
This Tuesday, Dec. 22, at 12pm EST, Robert Chesney, Lawfare founding editor and Charles I. Francis Professor in Law at the University of Texas School of Law, and Lawfare executive editor Susan Hennessey will join Lawfare chief operating officer David Priess to answer questions about the cyber breach of SolarWinds, its effects on several government agencies and the infiltration’s domestic and international ramifications.Lawfare
December 20, 2020 – Criminals
A massive fraud operation used mobile device emulators to steal millions from online bank accounts Full Text
Abstract
Experts uncovered a massive fraud operation that used a network of mobile device emulators to steal millions of dollars from online bank accounts. Researchers from IBM Trusteer have uncovered a massive fraud operation that leveraged a network of mobile...Security Affairs
December 20, 2020 – Government
SolarWinds hackers also breached the US NNSA nuclear agency Full Text
Abstract
US DOE confirmed that threat actors behind the recent SolarWinds supply chain attack also hacked the networks of the US NNSA nuclear agency. US DOE confirmed this week that threat actors behind the recent SolarWinds supply chain attack also compromised...Security Affairs
December 20, 2020 – Government
Ending the “Dual-Hat” Arrangement for NSA and Cyber Command? Full Text
Abstract
Are big changes afoot at Cyber Command? What are the relevant legal constraints?Lawfare
December 20, 2020 – Breach
SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show Full Text
Abstract
Suspected Russian hackers accessed the systems of a U.S. internet provider and a county government in Arizona as part of a sprawling cyber-espionage campaign disclosed this week, according to an analysis of publicly-available web records.Reuters
December 20, 2020 – Covid-19
COVID-19 themed attacks December 6 – December 19, 2020 Full Text
Abstract
This post includes the details of the COVID-19 themed attacks launched from December 6 – December 19, 2020. December 6 - Drug dealers are selling Pfizer COVID-19 vaccines on the darkweb While the United Kingdom announced the distribution of the COVID19...Security Affairs
December 19, 2020 – Breach
NATO is checking its systems to determine the impact of SolarWinds hack Full Text
Abstract
NATO announced it is assessing its systems after the SolarWinds supply chain attack that impacted multiple US government agencies. NATO announced it is checking its systems after the SolarWinds supply chain attack to determine if they were infected...Security Affairs
December 19, 2020 – Botnet
Gitpaste-12 worm botnet returns with 30+ vulnerability exploits Full Text
Abstract
Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs.BleepingComputer
December 19, 2020 – Government
Trump downplays impact of hack, questions whether Russia involved Full Text
Abstract
President TrumpDonald TrumpTrump signs bill to keep government open amid relief talks US to close two Russia consulates 'Guardians of the Galaxy' trends on social media following new Space Force name MORE on Saturday downplayed the impact of a sprawling hack on a litany of government agencies, defying officials’ assessments of its extent and indicating he disagreed with their conclusion that Russia was behind the attack.The Hill
December 19, 2020 – Malware
The SolarWinds cyberattack: The hack, the victims, and what we know Full Text
Abstract
Since the SolarWinds supply chain attack was disclosed last Sunday, there has been a whirlwind of news, technical details, and analysis released about the hack. Because the amount of information that was released in such a short time is definitely overwhelming, we have published this as a roundup of this week's SolarWinds news.BleepingComputer
December 19, 2020 – Education
NSA warns of cloud attacks on authentication mechanisms Full Text
Abstract
The US National Security Agency (NSA) warns of two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The US National Security Agency has published a security advisory that describes two techniques...Security Affairs
December 19, 2020 – Government
Pompeo: Russia ‘pretty clearly’ behind massive cyberattack Full Text
Abstract
Secretary of State Mike PompeoMike PompeoChampioning Democracy: How America can blunt the rise of authoritarian powers Azar tells Health Department staff his wife has COVID-19: 'Mild symptoms but otherwise doing well' Pompeo speaks with Turkish counterpart following US sanctions MORE on Friday blamed Russia for the massive cyberattack affecting multiple federal agencies and thousands of individual federal and private entities, saying it was "pretty clearly" behind the attack.The Hill
December 19, 2020 – Business
VMware Falls on Report Its Software Led to SolarWinds Breach Full Text
Abstract
VMware Inc. fell 5.4% after a cybersecurity expert said a flaw in the company’s products was partly responsible for the SolarWinds breach that is roiling U.S. companies and government agencies.Yahoo! Finance
December 19, 2020 – Hacker
Hackers last year conducted a ‘dry run’ of SolarWinds breach Full Text
Abstract
Hackers who breached federal agency networks through software made by a company called SolarWinds appear to have conducted a test run of their broad espionage campaign last year, according to sources with knowledge of the operation.Yahoo! Finance
December 19, 2020 – Government
US government caught blindsided over sophisticated cyber hack, experts say Full Text
Abstract
Russia has long been viewed as a threat in cyberspace. But after one of the most successful cyber intrusion campaigns in U.S. history, questions are being raised over how the federal government was so completely blindsided by an attack many experts have seen coming.The Hill
December 19, 2020 – Criminals
FBI and Interpol shut down some servers of Joker’s Stash carding marketplace Full Text
Abstract
Joker's Stash, the largest carding marketplace online, was shut down by a coordinated operation conducted by the FBI and the Interpol. Joker's Stash, the largest carding marketplace online, was shut down as a result of a coordinated operation conducted...Security Affairs
December 19, 2020 – Covid-19
Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb Full Text
Abstract
Cybersecurity experts from Cyble discovered in several forums on the dark web, the offer for enormous repositories of critical medical that wee stolen from multiple organizations.Security Affairs
December 19, 2020 – Government
Apple, Google, Microsoft, and Mozilla ban Kazakhstan’s MitM HTTPS certificate Full Text
Abstract
Browser makers Apple, Google, Microsoft, and Mozilla, have banned today a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan.ZDNet
December 19, 2020 – Breach
Cyber Thieves Attack Renewable Energy Supplier to Steal Personal Info of 250,000 Customers Full Text
Abstract
UK-based renewable energy supplier People’s Energy has disclosed that cybercriminals accessed the personal details of its entire 250,000 customer database in a data breach.Bit Defender
December 19, 2020 – Policy and Law
U.S. banking regulators propose requiring banks to immediately flag computer breaches Full Text
Abstract
The new proposal from U.S. banking regulators would direct banks to notify their primary regulator as soon as possible after a breach is discovered that could impair services or the organization itself.Reuters
December 19, 2020 – APT
How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game Full Text
Abstract
As U.S. government agencies and thousands of companies around the world assess whether they’ve been compromised in the SolarWinds breach, security experts are concerned that the full reach of the suspected hackers may only be just coming to light.Cyberscoop
December 19, 2020 – Vulnerabilities
VMware Flaw a Vector in SolarWinds Breach? — Krebs on Security Full Text
Abstract
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree used weaknesses in other, non-SolarWinds products to attack high-value targets.Krebs on Security
December 19, 2020 – Phishing
US officials shut down scam websites impersonating Moderna, Regeneron Full Text
Abstract
U.S. Justice Department officials said they had seized two internet domains purporting to belong to biotechnology firms developing treatments for the coronavirus, but which really were used to collect visitors’ personal data as part of a scam.Cyberscoop
December 18, 2020 – Breach
‘Very, very large’ telecom organization and Fortune 500 company breached in SolarWinds hack Full Text
Abstract
Noteworthy is the combination of the targets, which adds up to what one researcher described as attacks against the backbone of the nation’s critical infrastructure.SCMagazine
December 18, 2020 – Government
Lawmakers call for Trump to take action on massive government hack Full Text
Abstract
Lawmakers on both sides of the aisle criticized President Trump. Congress passes bill to avert shutdown as coronavirus talks drag into weekend Lawmakers call for Trump to take action on massive government hack Overnight Health Care: CVS, Walgreens to begin nursing home vaccinations | Pence receives coronavirus vaccine on camera | 8.2M people sign up for ObamaCare MORE for his ongoing silence on the massive suspected Russian hack of federal agencies this week, and urged him to sign the annual defense funding bill into law to take action immediately.The Hill
December 18, 2020 – General
Cloud is King: 9 Software Security Trends to Watch in 2021 Full Text
Abstract
Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year.Threatpost
December 18, 2020 – Breach
Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims Full Text
Abstract
Examining the backdoor’s DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign.Threatpost
December 18, 2020 – Insider Threat
Insider Threats: What Are They, Really? Full Text
Abstract
“Insider threat” or “human error” shows up a lot as the major cause of data breaches across all types of reports out there. But often it’s not defined, or it’s not clearly defined, so people conjure up their own definition.Threatpost
December 18, 2020 – Government
Lawmakers ask IRS if its systems were compromised in SolarWinds hack Full Text
Abstract
Two key House lawmakers are seeking answers from the Internal Revenue Service (IRS) about whether any of the agency's systems were compromised as part of a massive cyberattack.The Hill
December 18, 2020 – Ransomware
The Week in Ransomware - December 18th 2020 - Targeting Israel Full Text
Abstract
The SolarWinds supply chain attack has dominated this week's cybersecurity news, but there was still plenty of ransomware news this week.BleepingComputer
December 18, 2020 – Vulnerabilities
HPE Patched Critical zero-day in server Management Software Full Text
Abstract
HPE (Hewlett Packard Enterprise) has recently published a critical zero-day bug in one of the latest versions of its exclusive HPE Systems...Cyber Security News
December 18, 2020 – General
Ukraine says faces almost daily hacker attacks Full Text
Abstract
Ukraine is facing almost daily hacker attacks on its government resources and intends to sharply strengthen its cybersecurity, Ukrainian state security service SBU said on Friday.Reuters
December 18, 2020 – Education
New ISAC for K–12 Schools Names National Director Full Text
Abstract
Douglas Levin named national director of new information sharing & analysis center for US school districtsInfosecurity Magazine
December 18, 2020 – Covid-19
Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb Full Text
Abstract
Threat actors continue to trade critical medical data in the Dark Web while organizations are involved in the response to the COVID-19 pandemic. Cybercrime organizations continue to be very active while pharmaceutical organizations are involved...Security Affairs
December 18, 2020 – Ransomware
Senators push for an investigation into education ransomware conundrum Full Text
Abstract
Three Democratic senators requested a federal auditing group look into how the national government assists local school districts in fighting the scourge of ransomware. In a letter dated December 16, Sens. Maggie Hassan, D-N.H., Kyrsten Sinema, D-Ariz, and Jackie Rosen, D-Nev., requested the Government Accountability Office look into “efforts by Education, DHS, and other relevant…SCMagazine
December 18, 2020 – Malware
Stealthy Magecart malware mistakenly leaks list of hacked stores Full Text
Abstract
A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan (RAT) on compromised e-commerce sites.BleepingComputer
December 18, 2020 – Business
Cloudhouse Technologies Acquires UpGuard Core Full Text
Abstract
Cloudhouse Technologies, a London, UK-based provider of application compatibility packaging solutions, acquired UpGuard Core, from third-party risk and attack surface management platform UpGuard Inc.FinSMEs
December 18, 2020 – Education
JIBC Launches Cybercrime Analysis Certification Full Text
Abstract
Justice Institute of British Columbia launches new online Graduate Certificate in Cybercrime AnalysisInfosecurity Magazine
December 18, 2020 – Government
Former NSA security chief details what’s happening inside DoD to respond to SolarWinds hack Full Text
Abstract
Former NSA Chief Security Officer Chris Kubic, now CSO at Fidelis, spoke with SC Media about the current focus in the Pentagon, much like the private sector, to track down any impacted systems, while scrambling to get updated detection signatures.SCMagazine
December 18, 2020 – Encryption
Europol launches new decryption platform for law enforcement Full Text
Abstract
Europol and the European Commission have launched a new decryption platform that will help boost Europol's ability to gain access to information stored in encrypted media collected during criminal investigations.BleepingComputer
December 18, 2020 – Breach
People’s Energy data breach affects all 270,000 customers Full Text
Abstract
Data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs, she said. Additionally, the financial data of 15 small-business customers was also accessed.BBC
December 18, 2020 – Business
As Microsoft confirms breach from SolarWinds hack, President Brad Smith argues for federal policy changes Full Text
Abstract
Smith suggested a three-point plan he believed would prevent further supply chain attacks: Increasing intelligence sharing between government and the private sector, developing stronger international norms for acceptable behavior in cyberespionage, and finding harsher ways to hold governments accountable.SCMagazine
December 18, 2020 – Education
NSA warns of hackers forging cloud authentication information Full Text
Abstract
An advisory from the U.S. National Security Agency is providing Microsoft Azure administrators guidance to detect and protect against threat actors looking to access resources in the cloud by forging authentication information.BleepingComputer
December 18, 2020 – Phishing
Feeling Lucky This Holiday Season? COVID-19, Google and Microsoft ‘Lotteries’ are Out for Your Info and Money Full Text
Abstract
Fraudsters are using popular brand names, existing lottery names and the coronavirus to mislead recipients into believing that they have won millions of dollars in various online lotteries.Bit Defender
December 18, 2020 – Business
Corsair Capital Acquires Majority Stake in IDIQ Full Text
Abstract
IDIQ provides identity theft and dark web monitoring, identity restoration, and related family protection services in the rapidly evolving $20 billion consumer identity monitoring market.Yahoo! Finance
December 18, 2020 – Business
Cybersecurity startup PlainID secures $11 million in capital Full Text
Abstract
PlainID raised $11 Million in a Series A financing. Israeli venture capital firm Viola Ventures led the effort, with participation from Capri Ventures, Springtide Ventures and iAngels.New York Business Journal
December 18, 2020 – Government
DIU, CISA Team Up to Coordinate Cybersecurity Tech Investments Full Text
Abstract
The Defense Innovation Unit and the Cybersecurity and Infrastructure Security Agency are teaming up to share information and coordinate cybersecurity technology investments, DOD announced Thursday.Nextgov
December 18, 2020 – Education
NSA warns of federated login abuse for local-to-cloud attacks Full Text
Abstract
The NSA has published a security advisory on Thursday warning about two techniques hackers are using to escalate access from compromised local networks into cloud-based infrastructure.ZDNet
December 18, 2020 – Privacy
Alibaba Facial Recognition Tech Picks Out Uyghur Minorities Full Text
Abstract
Chinese tech company offers facial recognition of minorities as a cloud serviceInfosecurity Magazine
December 18, 2020 – Malware
The Strategic Implications of SolarWinds Full Text
Abstract
The infiltration by Russia emphasizes the importance of implementing the layered deterrence strategy recommended by the U.S. Cyber Solarium Commission.Lawfare
December 18, 2020 – Vulnerabilities
5 Million Sites Running ‘Contact Form 7’ WordPress Plugin Vulnerable to Takeover Attacks Full Text
Abstract
A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. A patch for the vulnerability was released Thursday.Threat Post
December 18, 2020 – Business
As Microsoft confirms breach, President Brad Smith argues for federal policy changes Full Text
Abstract
Smith suggested a three-point plan he believed would prevent further supply chain attacks: Increasing intelligence sharing between government and the private sector, developing stronger international norms for acceptable behavior in cyberespionage, and finding harsher ways to hold governments accountable.SCMagazine
December 18, 2020 – Policy and Law
Russia’s Hack Wasn’t Cyberwar. That Complicates US Strategy Full Text
Abstract
Because states routinely spy on one another—friends and foes alike—there are a very limited number of credible punishments states can use to threaten others into not spying.Wired
December 18, 2020 – Breach
Microsoft identifies 40+ victims of SolarWinds hack, 80% from US Full Text
Abstract
Microsoft said that over 40 of its customers had their networks infiltrated by hackers following the SolarWinds supply chain attack after they installed backdoored versions of the Orion IT monitoring platform.BleepingComputer
December 18, 2020 – General
EU Unveils Revamp of Cybersecurity Rules Days After Hack Full Text
Abstract
The EU unveiled Wednesday plans to revamp the 27-nation bloc’s dated cybersecurity rules, just days after data on a new coronavirus vaccine was unlawfully accessed in a hack attack on the EMA.Security Week
December 18, 2020 – Hacker
Chinese hackers targeted shoppers during Flipkart festive sales Full Text
Abstract
Internet users in India were sent spurious links to click on and participate in a contest where individuals could win an OPPO F17 Pro (Matte Black, 8 GB RAM, 128 GB Storage) smartphone.The Times Of India
December 18, 2020 – Covid-19
Fishy French COVID contact tracing app is a data thief pest Full Text
Abstract
Earlier this month, an unknown adversary sent SMS messages to users in France urging the recipients to download what it claimed was the official French COVID-19 contact tracing app, TousAntiCovid.Sophos
December 18, 2020 – Breach
Microsoft says systems were exposed in massive SolarWinds hack Full Text
Abstract
Microsoft’s systems were exposed as part of the suspected Russian cybersecurity hack that targeted SolarWinds and hit multiple government agencies, people familiar with the matter told Reuters.The Hill
December 18, 2020 – Policy and Law
Will the US Move to a Federal Privacy Law in 2021? Full Text
Abstract
Experts discuss impact of CPRA and other recent events on privacy rules in the USInfosecurity Magazine
December 18, 2020 – Policy and Law
The SolarWinds Breach Is a Failure of U.S. Cyber Strategy Full Text
Abstract
The breach underscores the importance of integrating defend forward into a broader national cybersecurity strategy.Lawfare
December 18, 2020 – Education
All-source intelligence: reshaping an old tool for future challenges Full Text
Abstract
An enhanced version of the old all-source intelligence discipline could serve the purpose. By Boris Giannetto Hybrid, interconnected and complex threats require hybrid, interconnected and complex tools. An enhanced version of the old all-source...Security Affairs
December 18, 2020 – Government
Lawmakers ask whether massive hack amounted to act of war Full Text
Abstract
Lawmakers are raising questions about whether the attack on the federal government widely attributed to Russia constitutes an act of war.The Hill
December 18, 2020 – Privacy
Decade-Long Data Silo to Address Google-Fitbit Privacy Concerns Full Text
Abstract
Rights groups concerned over European Commission’s green lightInfosecurity Magazine
December 18, 2020 – Malware
‘SocGholish’ Attack Framework Powers Surge in Drive-By Attacks Full Text
Abstract
SocGholish impersonates legitimate browser, Flash, and Microsoft Teams updates to trick users into executing malicious ZIP files that are automatically downloaded on visiting an infected webpage.Dark Reading
December 18, 2020 – Breach
UK Energy Firm Suffers Data Breach Impacting Entire Customer Database Full Text
Abstract
Customers have been contacted following the incidentInfosecurity Magazine
December 18, 2020 – Breach
Microsoft confirms breach in SolarWinds hack, but denies its clients were affected Full Text
Abstract
Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. Microsoft has confirmed that it was one of the companies breached in the recent SolarWinds supply chain attack,...Security Affairs
December 18, 2020 – Vulnerabilities
Bouncy Castle Bug Puts Bcrypt Passwords at Risk Full Text
Abstract
Authentication bypass flaw found in popular Java crypto libraryInfosecurity Magazine
December 18, 2020 – Breach
Microsoft says it identified 40+ victims of the SolarWinds hack Full Text
Abstract
It is now in the process of notifying all the impacted organizations, 80% of which are located in the US, with the rest spread across Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE.ZDNet
December 18, 2020 – Government
Federal investigators find evidence of previously unknown tactics used to penetrate government networks Full Text
Abstract
While many details remained unclear, revelation about new modes of attack raises fresh questions about the access that Russian hackers were able to gain in government and corporate systems globally.Washington Post
December 18, 2020 – Government
More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government Full Text
Abstract
The discovery suggests that the scope of the attack, which appears to extend beyond nuclear laboratories and Pentagon, Treasury and Commerce Departments, complicates the challenge for investigators.New York Times
December 18, 2020 – Breach
Microsoft and 40+ Customers Hit in Russian Espionage Attack Full Text
Abstract
Tech firms, not governments, form the largest group of victimsInfosecurity Magazine
December 18, 2020 – Ransomware
Fake mobile version of Cyberpunk 2077 spreads ransomware Full Text
Abstract
A threat actor is spreading ransomware dubbed CoderWare that masquerades as Windows and Android versions of the recent Cyberpunk 2077. Crooks are spreading fake Windows and Android versions of installers for the new Cyberpunk 2077 video game that...Security Affairs
December 18, 2020 – Government
Nuclear weapons agency breached amid massive cyber onslaught Full Text
Abstract
The hackers have been able to do more damage at FERC than the other agencies, and officials there have evidence of highly malicious activity, the officials said, but did not elaborate.Politico
December 18, 2020 – Criminals
A ‘coordinated police’ action against the Joker’s Stash took a small domain offline Full Text
Abstract
An ongoing law enforcement operation has disrupted aspects of a leading website where internet scammers frequently buy and sell stolen data, according to the site’s administrators.Cyberscoop
December 18, 2020 – Hacker
Hack Suggests New Scope, Sophistication for Cyberattacks Full Text
Abstract
Suspected Russian hack involving SolarWinds software that compromised parts of the U.S. government was executed on a scale that has surprised even veteran security experts.The Wall Street Journal
December 17, 2020 – Breach
Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack Full Text
Abstract
The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of Microsoft's compromise was first reported by Reuters , which also said the company's own products were then used to strike other victims by leveraging its cloud offerings, citing people familiar with the matter. The Windows maker, however, denied the threat actor had infiltrated its production systems to stage further attacks against its customers. In a statement to The Hacker News via email, the company said — "Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customThe Hacker News
December 17, 2020 – Government
Romney: ‘Stunning’ for White House not to respond on Russian cyberattack Full Text
Abstract
Sen. Mitt RomneyWillard (Mitt) Mitt RomneyEx-teachers union leader seen as leading candidate for Biden's Education secretary No, Biden hasn't won yet — one more nightmare scenario The Hill's Morning Report - Presented by Mastercard - Moderna vaccine nears US approval; Congress cites 'progress' toward relief bill MORE (R-Utah) on Thursday said it was "stunning" for the White House to not issue a response regarding multiple alleged U.S. government cyber attacks stemming from Russia.The Hill
December 17, 2020 – Government
Energy Dept., nuclear agency breached as part of massive cyberattack Full Text
Abstract
Agencies within the Department of Energy (DOE), including portions of the agency charged with maintaining the nation’s nuclear weapons stockpile, were breached as part of a massive hack on an IT group that has hit almost a dozen federal agencies, officials said Thursday.The Hill
December 17, 2020 – Government
Federal government finds evidence hackers used multiple methods to access agency networks Full Text
Abstract
The Department of Homeland Security’s (DHS) cybersecurity agency on Thursday warned of the “grave” threat posed to federal systems by a recent massive espionage attack by a nation state, warning that the hackers used multiple methods to access the systems for months.The Hill
December 17, 2020 – Government
Biden vows to make cybersecurity ‘imperative’ following massive hack Full Text
Abstract
President-elect Joe BidenJoe BidenBooker: Proposed COVID-19 relief bill is 'far short' of desired pandemic aid for states and communities Trump to name Giuliani's son to role on Holocaust Memorial Council Biden would save US .6 billion by halting border wall construction: report MORE on Thursday vowed to elevate cybersecurity as an “imperative” when he takes office and said he would not “stand idly by” in the face of cyberattacks following a massive breach that impacted the U.S. government.The Hill
December 17, 2020 – Government
Senators request IRS briefing on SolarWinds hack Full Text
Abstract
The leaders of the Senate Finance Committee on Thursday asked the IRS for a briefing about whether sensitive taxpayer information was stolen as part of the SolarWinds hack.The Hill
December 17, 2020 – Vulnerabilities
Bouncy Castle crypto authentication bypass vulnerability revealed Full Text
Abstract
A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked.BleepingComputer
December 17, 2020 – Government
SolarWinds hackers breach US nuclear weapons agency Full Text
Abstract
Nation-state hackers have breached the networks of the National Nuclear Security Administration (NNSA) and the US Department of Energy (DOE).BleepingComputer
December 17, 2020 – General
How to Increase Your Security Posture with Fewer Resources Full Text
Abstract
Plixer’s Justin Jett, Compliance & Audit director, discusses how to do more with less when your security resources are thin.Threatpost
December 17, 2020 – Vulnerabilities
5M WordPress Sites Running the Contact Form 7 Plugin are Open to Attack Full Text
Abstract
A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.Threatpost
December 17, 2020 – Education
New ISAC for K-12 school districts fills a key cyber intelligence gap Full Text
Abstract
Clobbered by cybercriminals, local school districts have lacked an outlet for sharing cyber threat info that’s relevant only to them.SCMagazine
December 17, 2020 – Vulnerabilities
Bouncy Castle fixes crypto API authentication bypass flaw Full Text
Abstract
A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked.BleepingComputer
December 17, 2020 – Government
SolarWinds hackers breach agency in charge of US nuclear weapons Full Text
Abstract
Nation-state hackers have breached the networks of the National Nuclear Security Administration (NNSA) and the US Department of Energy (DOE).BleepingComputer
December 17, 2020 – Malware
3 million users hit with infected Google Chrome and Microsoft Edge extensions Full Text
Abstract
Google Chrome, specifically, accounts for about 70 percent of the browser market share, making its extensions an efficient mechanism for targeting users with malware.SCMagazine
December 17, 2020 – Malware
5 million WordPress sites potentially impacted by a Contact Form 7 flaw Full Text
Abstract
The development team behind the Contact Form 7 WordPress plugin discloses an unrestricted file upload vulnerability. Jinson Varghese Behanan from Astra Security discovered an unrestricted file upload vulnerability in the popular Contact Form 7 WordPress...Security Affairs
December 17, 2020 – Vulnerabilities
Bouncy Castle fixes cryptography API authentication bypass flaw Full Text
Abstract
A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked.BleepingComputer
December 17, 2020 – Breach
Nation-state hackers breached US think tank thrice in a row Full Text
Abstract
An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times.BleepingComputer
December 17, 2020 – Encryption
It’s time to prepare for fully homomorphic encryption, says IBM Full Text
Abstract
In a nutshell, the capability allows computers to perform operations on encrypted information without decrypting it first – meaning data science and machine learning are possible without actually seeing the data.SCMagazine
December 17, 2020 – Disinformation
Disinformation Spreaders Predicted by AI Full Text
Abstract
New AI algorithm predicts which Twitter users will share unreliably sourced newsInfosecurity Magazine
December 17, 2020 – Policy and Law
Police Vouch for Hacker Who Guessed Trump’s Twitter Password Full Text
Abstract
No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump’s Twitter account by guessing his password, “MAGA2020!” last October.Threatpost
December 17, 2020 – Criminals
Healthcare.gov Data Thief Jailed Full Text
Abstract
Prison for tech company employee who stole PII and used it for financial gainInfosecurity Magazine
December 17, 2020 – Government
CISA: Hackers breached US govt using more than SolarWinds backdoor Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector.BleepingComputer
December 17, 2020 – Vulnerabilities
Air-Gap Attack Turns Memory Modules into Wi-Fi Radios Full Text
Abstract
Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers.Threatpost
December 17, 2020 – Malware
RubyGems Packages Laced with Bitcoin-Stealing Malware Full Text
Abstract
Two malicious software building blocks that could be baked into web applications prey on unsuspecting users.Threatpost
December 17, 2020 – Ransomware
Ransomware masquerades as mobile version of Cyberpunk 2077 Full Text
Abstract
A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare.BleepingComputer
December 17, 2020 – Policy and Law
Indian Police Bust Illegal Call Center Full Text
Abstract
Delhi police cybercrime unit arrests 54 over illegal call center targeting foreign nationalsInfosecurity Magazine
December 17, 2020 – Botnet
Gitpaste-12 Botnet Evolves to Take More Devices in its Trap Full Text
Abstract
The malware derives its name from GitHub, and Pastebin - which are used for propagation - and 12 different exploits for previously-known vulnerabilities.Cyware Alerts - Hacker News
December 17, 2020 – Business
Enterprises Face the Onslaught of Brute-Force Attacks Full Text
Abstract
Brute-force attacks typically are aimed at computers and devices on organizational networks to capture email addresses, passwords, passphrases, usernames, and PINs.Cyware Alerts - Hacker News
December 17, 2020 – APT
CISA: APT group behind US govt hacks used multiple access vectors Full Text
Abstract
The US Cybersecurity and Infrastructure Security Agency (CISA) said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector.BleepingComputer
December 17, 2020 – Encryption
Cryptologists Crack Zodiac Killer’s 340 Cipher Full Text
Abstract
The Zodiac’s serial killer’s 340 cipher, which couldn’t be solved for 50 years, has been cracked by a remote team of mathematicians.Threatpost
December 17, 2020 – General
Passwords begone: GitHub will ban them next year for authenticating Git operations Full Text
Abstract
Microsoft's GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier.The Register
December 17, 2020 – Ransomware
DoppelPaymer ransomware gang now cold-calling victims, FBI warns Full Text
Abstract
FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay, threatening to send individuals to their homes. FBI is warning of a new escalation in the extortion activities of the DoppelPaymer ransomware gang, the operators have been...Security Affairs
December 17, 2020 – Ransomware
Iranian nation-state hackers linked to Pay2Key ransomware Full Text
Abstract
Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil.BleepingComputer
December 17, 2020 – Malware
3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons Full Text
Abstract
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.Threatpost
December 17, 2020 – Business
Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr Full Text
Abstract
The massive shift to remote work has turbocharged the shadow IT problem.Threatpost
December 17, 2020 – Business
Data Protection Firm BigID Raises $70 Million at $1 Billion Valuation Full Text
Abstract
Data protection firm BigID announced on Wednesday that it has raised $70 million in a Series D funding round, bringing the valuation of the company to more than $1 billion.Security Week
December 17, 2020 – Breach
Digging the recently leaked Chinese Communist Party database Full Text
Abstract
Experts determined that the database also includes information of CCP members who worked at foreign consulates in Shanghai, as well as at the Chinese branches of different international firms.Security Affairs
December 17, 2020 – Vulnerabilities
WordPress plugin with 5 million installs has a critical vulnerability Full Text
Abstract
The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there.BleepingComputer
December 17, 2020 – Ransomware
Phobos Ransomware: Everything You Need to Know and More Full Text
Abstract
As far as its genetic makeup goes, so to speak, Phobos ransomware is a heavily similar strain to the infamous Dharma variant. Experts regard the former as a highly similar version of the latter.Heimdal Security
December 17, 2020 – Ransomware
When zombie malware leads to big-money ransomware attacks Full Text
Abstract
In one recent and confronting story, an educational establishment in Scotland was confronted with an extortion demand for a surprisingly specific sum of money matching their bank balance.Sophos
December 17, 2020 – Malware
Skimming a Little Off the Top: ‘Meyhod’ Skimmer Hits Hair Loss Specialists Full Text
Abstract
Meyhod itself is simple compared to the Magecart web payment skimmers we've recently analyzed, such as the new variant of the Grelos skimmer and the Ant and Cockroach skimmer.Risk IQ
December 17, 2020 – Vulnerabilities
Trend Micro Patches Serious Flaws in Product Used by Companies, Governments Full Text
Abstract
The vulnerabilities were discovered by Wolfgang Ettlinger, a researcher at Austria-based cybersecurity consultancy SEC Consult, and they were reported to Trend Micro in the summer of 2019.Security Week
December 17, 2020 – Government
FBI, CISA officially confirm US govt hacks after SolarWinds breach Full Text
Abstract
The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI).BleepingComputer
December 17, 2020 – Business
LogicGate secures $8.75M in growth capital to fuel international expansion and new product offerings Full Text
Abstract
LogicGate announced that it secured $8.75 million in growth capital from Greenspring Associates and Silicon Valley Bank to fuel international expansion and new product offerings.Help Net Security
December 17, 2020 – Phishing
Two-Thirds of Orgs Expect Increase in #COVID19 Phishing Attacks Next Year Full Text
Abstract
64% of business leaders are anticipating a rise in phishing attacks in 2021Infosecurity Magazine
December 17, 2020 – Vulnerabilities
P2P mobile file transfer apps open to attacks, researchers find Full Text
Abstract
Security vulnerabilities in the direct file transfer applications of popular smartphone makers allow attackers to send malicious files to mobile devices, a security researcher has found.The Daily Swig
December 17, 2020 – Malware
Experts spotted browser malicious extensions for Instagram, Facebook and others Full Text
Abstract
Avast researchers reported that three million users installed 28 malicious Chrome or Edge extensions that could perform several malicious operations. Avast Threat Intelligence researchers spotted malicious Chrome and Edge browser extensions that...Security Affairs
December 17, 2020 – Ransomware
Ransomware and Cyber-Extortion Payments Double in 2020 Full Text
Abstract
The payment of ransoms and extortions doubled between 2019 and 2020Infosecurity Magazine
December 17, 2020 – Ransomware
FBI Warns DoppelPaymer Ransomware Gang is Harassing Victims Who Refuse to Pay Full Text
Abstract
The US FBI says it is aware of incidents where the DoppelPaymer ransomware gang has resorted to cold-calling companies in order to intimidate and coerce victims into paying ransom demands.ZDNet
December 17, 2020 – Phishing
Experts Urge Users to Ignore Facebook Christmas Bonus Scam Full Text
Abstract
Messages from ‘friends’ are fake, says Identity Theft Resource CenterInfosecurity Magazine
December 17, 2020 – Government
Schiff calls for ‘urgent’ work to defend nation in the wake of massive cyberattack Full Text
Abstract
House Intelligence Committee Chairman Adam Schiff called on Congress to undertake “urgent work” to defend critical networks in the wake of a massive cyber-espionage attack on the U.S. government.The Hill
December 17, 2020 – Vulnerabilities
Top 10 Dangerous DNS Attacks Types and The Prevention Measures Full Text
Abstract
From the above topic, we can guess that today, we are going to discuss the top 10 DNS attacks and how to...Cyber Security News
December 17, 2020 – Business
Holiday deal: 40% off Malwarebytes Premium and Teams Full Text
Abstract
Malwarebytes is running a holiday deal where you can get 40% off Malwarebytes Premium and the Malwarebytes for Teams business product for a limited time.BleepingComputer
December 17, 2020 – Government
White House activates cyber emergency response under Obama-era directive Full Text
Abstract
In the wake of the SolarWinds breach, the National Security Council has activated an emergency cybersecurity process that is intended to help the government plan its response and recovery efforts.Cyberscoop
December 17, 2020 – Malware
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ Full Text
Abstract
A malicious domain used to control potentially thousands of compromised computer systems was commandeered by security experts and used as 'killswitch' to turn the cybercrime operation against itself.Krebs on Security
December 17, 2020 – Government
India approves game-changing framework against cyber threats Full Text
Abstract
In a significant decision, India on Wednesday introduced its first and biggest framework to protect itself from cyber attacks, data theft, and other vulnerabilities threatening its national security.The Times Of India
December 17, 2020 – General
How to Use Password Length to Set Best Password Expiration Policy Full Text
Abstract
One of the many features of an Active Directory Password Policy is the maximum password age . Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limited in configuration settings. Let's take a look at a few best practices that have changed in regards to password aging. What controls can you enforce in regards to password aging using the default Active Directory Password Policy? Are there better tools that organizations can use regarding controlling the maximum password age for Active Directory user accounts? What password aging best practices have changed? Password aging for Active Directory user accounts has long been a controversial topic in security best practices. While many organizations still apply more traditional password aging rules, noted security organizations have provided updated password aging guidance. Microsoft hasThe Hacker News
December 17, 2020 – Malware
Malicious Chrome and Edge Extensions Affect Millions of Users Full Text
Abstract
Avast urges users to uninstall now or risk phishing and data theftInfosecurity Magazine
December 17, 2020 – General
Launched OSSISNa, the Observatory for the Protection of the National Strategic Industrial System Full Text
Abstract
On 11th December 2020, the Observatory for the Protection of the National Strategic Industrial System (OSSISNa) was officially announced. On 11th December 2020, during the international scientific conference on CBRNe events "SICC 2020", the Observatory...Security Affairs
December 17, 2020 – Malware
New IRS Form Fraud Campaign Targets G Suite Users Full Text
Abstract
A new scam using an IRS form as its mechanism has been found targeting users of Google's G Suite, with as many as 50,000 executives and "important" employees affected so far.Dark Reading
December 17, 2020 – Breach
Software Supply-Chain Attack Hits Vietnam Government Certification Authority Full Text
Abstract
Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's website ("ca.gov.vn") to insert a spyware tool called PhantomNet or Smanager. According to ESET's telemetry, the breach happened from at least July 23 to August 16, 2020, with the two installers in question — "gca01-client-v2-x32-8.3.msi" and "gca01-client-v2-x64-8.3.msi" for 32-bit and 64-bit Windows systems — tampered to include the backdoor. After the attack was reported to VGCA, the certificate authority confirmed that "they were aware of the attack before our notification and that they notified the users who downloaded the trojanized softwarThe Hacker News
December 17, 2020 – Phishing
BEC Hits Double Digits as COVID-19 Scams Abound Full Text
Abstract
Barracuda Networks reveals latest spear-phishing trendsInfosecurity Magazine
December 17, 2020 – Breach
Digging the recently leaked Chinese Communist Party database Full Text
Abstract
KELA researchers analyzed a database recently leaked online that contains data for 1.9 million Chinese Communist Party members in Shanghai. After the announcement of the leak of the database which contains the personal information of 1.9 million Chinese...Security Affairs
December 17, 2020 – Malware
E-Commerce Skimming is the New POS Malware Full Text
Abstract
POS malware planted on payment processing devices has enabled threat actors to steal payment card data from terminals at retail stores, hotels, restaurants and other establishments since at least 2008Security Intelligence
December 17, 2020 – 5G
Analysis of 5G Network Security Reveals Attack Possibilities Full Text
Abstract
5G security research discloses exploit opportunitiesInfosecurity Magazine
December 17, 2020 – Government
Adversary Playbook: JavaScript RAT Looking for that Government Cheese Full Text
Abstract
The tactics, techniques, and procedures (TTPS) of the attackers behind the JsOutprox remote access trojan (RAT) indicate that these are experienced and sophisticated threat actors.Fortinet
December 17, 2020 – Vulnerabilities
Multiple vulnerabilities discovered in NZXT CAM computer monitoring software Full Text
Abstract
NZXT CAM contains several vulnerabilities that, If exploited, could allow a malicious user to elevate their privileges and disclose sensitive information on the victim machine.Talos
December 17, 2020 – Vulnerabilities
US-CERT Reports 17,447 Vulnerabilities Recorded in 2020 Full Text
Abstract
The US-CERT Vulnerability Database has confirmed 17,447 vulnerabilities were recorded in 2020, marking the fourth consecutive year with a record number of security flaws published.Dark Reading
December 17, 2020 – Ransomware
Ransomware attacks on the rise even as cyber insurers scale back Full Text
Abstract
Ransomware attacks increased in terms of both severity and costs in 2020, forcing insurers to become more selective and even scale back on the cover they offer, a report from a leading insurer showed.Reuters
December 17, 2020 – Vulnerabilities
Two vulnerabilities spotted in Lantronix XPort EDGE Full Text
Abstract
An adversary could send the victim various requests to trigger two vulnerabilities that could later allow them to shut down access to the device and disclose sensitive information.Talos
December 17, 2020 – Malware
New Information Stealer Torjan that Steals Browser Credentials, Outlook Files Full Text
Abstract
A new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities–...Cyber Security News
December 17, 2020 – Malware
FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor Full Text
Abstract
Microsoft, FireEye, and GoDaddy have partnered to create a kill switch for the Sunburst backdoor that was employed in the recent SolarWinds hack. Microsoft, FireEye, and GoDaddy have created a kill switch for the Sunburst backdoor that was used in SolarWinds...Security Affairs
December 16, 2020 – Malware
Malicious Chrome, Edge extensions with 3M installs still in stores Full Text
Abstract
Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users' info and redirecting them to phishing sites.BleepingComputer
December 16, 2020 – Breach
45 million medical imaging files exposed online Full Text
Abstract
The researchers found that openly available medical images – including up to 200 lines of metadata per record – could be accessed without the need for a user name or password.SCMagazine
December 16, 2020 – Vulnerabilities
HPE discloses critical zero-day in Systems Insight Manager Full Text
Abstract
HPE has disclosed a zero-day vulnerability in the latest versions of its HPE Systems Insight Manager (SIM) software for both Windows and Linux. Hewlett Packard Enterprise (HPE) has disclosed a zero-day remote code execution flaw that affects the latest...Security Affairs
December 16, 2020 – Malware
FireEye, Microsoft create kill switch for SolarWinds backdoor Full Text
Abstract
Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.BleepingComputer
December 16, 2020 – Malware
Sextortionists Deploy New Spyware Full Text
Abstract
Goontact targets iOS and Android users in Asia who visit sites selling escort servicesInfosecurity Magazine
December 16, 2020 – Ransomware
Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor Full Text
Abstract
In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.Threatpost
December 16, 2020 – Vulnerabilities
The Bronze Bit Attack can Bypass Kerberos Protocol Full Text
Abstract
Using this attack technique, after compromising a network, an attacker can extract password hashes to bypass and forge credentials for other systems on the same network.Cyware Alerts - Hacker News
December 16, 2020 – General
Life-Threatening Consequences of Digital Assaults Against Healthcare and Research Institutions Full Text
Abstract
Insertion of an obfuscated DNA could create dangerous substances, including synthetic viruses or toxic material, that the software designed to implement the screening guidelines would not be able to detect.Cyware Alerts - Hacker News
December 16, 2020 – Malware
Zebrocy’s Evolution with Golang-Based Version Enjoys Low Detection Full Text
Abstract
Researchers observed a VHD file containing a PDF document and an executable file masquerading as a Microsoft Word document, which actually contained the Zebrocy malware.Cyware Alerts - Hacker News
December 16, 2020 – APT
SideWinder APT: Active and Targeting South-Asian Countries Full Text
Abstract
SideWinder was observed using credential phishing pages copied from their victims’ webmail login pages and modified for phishing targets based in South Asian countries.Cyware Alerts - Hacker News
December 16, 2020 – Criminals
Emulated mobile devices used to steal millions from US, EU banks Full Text
Abstract
Threat actors behind an ongoing worldwide mobile banking fraud campaign were able to steal millions from multiple US and EU banks, needing just a few days for each attack.BleepingComputer
December 16, 2020 – Vulnerabilities
Israeli spy tech firm says can hack Signal app previously considered safe Full Text
Abstract
Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted messaging app considered safe from external snooping, it claimed in a blog post on Thursday.Haaretz
December 16, 2020 – Breach
New Evidence Suggests SolarWinds’ Codebase Was Hacked to Inject Backdoor Full Text
Abstract
The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates are still underway, but we may one step close to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the espionage campaign likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process. "The source code of the affected library was directly modified to include malicious backdoor code, which was compiled, signed, and delivered through the existing software patch release management system," ReversingLabs' Tomislav Pericin said. Cybersecurity firm FireEye earlier this week detailed how multiple SolarWindsThe Hacker News
December 16, 2020 – Breach
The SolarWinds Perfect Storm: Default Password, Access Sales and More Full Text
Abstract
Meanwhile, Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack.Threatpost
December 16, 2020 – APT
Revisiting APT1 IoCs with DNS and Subdomain Intelligence Full Text
Abstract
Of the 88 domain names publicly attributed to APT1, 28 remain active in the Domain Name System as of 4 December 2020. Of the remaining 23 APT1 domain IoCs, 19 were cited as "malicious" by VirusTotal.CircleID
December 16, 2020 – Business
Refinitiv Acquires GIACT Full Text
Abstract
Refinitiv boosts cybercrime-fighting abilities with acquisition of Giact SystemsInfosecurity Magazine
December 16, 2020 – Vulnerabilities
Researchers find multiple security flaws in Dualog Connection Suite used in ships Full Text
Abstract
Infosec consultancy Pen Test Partners said it took all of 90 minutes to discover enough problems with Dualog Connection Suite to submit six CVE number requests for the discovered flaws.The Register
December 16, 2020 – Breach
Lithuania Suffers “Most Complex” Cyber-attack in Years Full Text
Abstract
Cyber-attack during government’s transition is the most complex to hit Lithuania in yearsInfosecurity Magazine
December 16, 2020 – Policy and Law
Additional CCPA Regulations Proposed by California AG Full Text
Abstract
The recommended changes build off of updates proposed back in October regarding consumer opt-out requests. Those interested in submitting a comment for the proposed regulations have until December 28.Digital Guardian
December 16, 2020 – Malware
Sextortionist Campaign Targets iOS, Android Users with New Spyware Full Text
Abstract
Goontact lures users of illicit sites through Telegram and other secure messaging apps and steals their information for future fraudulent use.Threatpost
December 16, 2020 – Malware
Malicious RubyGems packages used in cryptocurrency supply chain attack Full Text
Abstract
New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.BleepingComputer
December 16, 2020 – APT
APT Group Targeting Governmental Agencies in East Asia - Avast Threat Labs Full Text
Abstract
The LuckyMouse APT group planted backdoors and keyloggers to gain long-term access to government networks and then uploaded a variety of tools that they used to perform additional activities.Avast
December 16, 2020 – Business
Cloudhouse Acquires UpGuard Core to Help Customers Resolve Compliance Issues Full Text
Abstract
Cloudhouse acquires UpGuard Core as it looks to expand its offerings and reachInfosecurity Magazine
December 16, 2020 – Disinformation
Facebook Closes Disinformation Accounts Linked to French Military Full Text
Abstract
Facebook said Tuesday that it had removed two networks based in Russia and one linked to the French military, accusing them of carrying out interference campaigns in Africa.Security Week
December 16, 2020 – Malware
New Goontact spyware discovered targeting Android and iOS users Full Text
Abstract
Named Goontact, this mobile malware has the ability to collect from infected victims data such as phone identifiers, contacts, SMS messages, photos, and location information.ZDNet
December 16, 2020 – Policy and Law
EU Digital Services and Digital Markets Acts aim at setting new rules for tech giants Full Text
Abstract
The European Union is going to unveil two laws, the Digital Services and Digital Markets Acts, that will impose new rules for tech giants. The European Union is set to unveil two laws, the Digital Services and Digital Markets Acts, that aim at defining...Security Affairs
December 16, 2020 – Vulnerabilities
HPE discloses critical zero-day in server management software Full Text
Abstract
Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux.BleepingComputer
December 16, 2020 – Criminals
Massive Fraud Operation Used Mobile Emulator Farms to Steal Millions of Dollars Full Text
Abstract
The scale of this fraud operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices.Security Intelligence
December 16, 2020 – General
Society at Increasingly High Risk of Cyber-Attacks Full Text
Abstract
Kevin Curran outlines the ease in which cyber-attacks can be conductedInfosecurity Magazine
December 16, 2020 – Ransomware
Ransomware gangs automate payload delivery with SystemBC malware Full Text
Abstract
SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service (RaaS) operations to hide malicious traffic and automate ransomware payload delivery on the networks of compromised victims.BleepingComputer
December 16, 2020 – General
The Private Sector Needs a Cybersecurity Transformation Full Text
Abstract
Cybersecurity capabilities must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.Dark Reading
December 16, 2020 – Ransomware
Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy Full Text
Abstract
Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads for further exploitation. Affiliates are typically threat actors responsible for gaining an initial foothold in a target network. "SystemBC is a regular part of recent ransomware attackers' toolkits," said Sophos senior threat researcher and former Ars Technica national security editor Sean Gallagher. "The backdoor can be used in combination with other scripts and malware to perform discovery, exfiltration and lateral movement in an automated way across multiple targets. These SystemBC capabilities were originally intended for mass exploitation, but they have now beThe Hacker News
December 16, 2020 – Vulnerabilities
Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices Full Text
Abstract
Experts from IoT security firm Sternum discovered flaws discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device.Security Affairs
December 16, 2020 – 5G
New 5G Network Flaws Let Attackers Track Users’ Locations and Steal Data Full Text
Abstract
As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic. The findings form the basis of a new " 5G Standalone core security research " published by London-based cybersecurity firm Positive Technologies today, exactly six months after the firm released its " Vulnerabilities in LTE and 5G Networks 2020 " report in June detailing high impact flaws in LTE and 5G protocols. "Key elements of network security include proper configuration of equipment, as well as authentication and authorization of network elements," Positive Technologies said. "In the absence of these elements, the network becomes vulnerable [to] subscriber denial of service due to exploitation of vulnerabilThe Hacker News
December 16, 2020 – Vulnerabilities
POS Device Makers Push Patches for Vulnerabilities Full Text
Abstract
The vulnerabilities in the default password settings as well as arbitrary code execution affect the Verifone VX520 and Verifone MX series and the Ingenico Telium 2 series.Info Risk Today
December 16, 2020 – Malware
Sextortion campaign uses Goontact spyware to target Android and iOS users Full Text
Abstract
Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. Goontact...Security Affairs
December 16, 2020 – Business
Russian hacks weigh on private equity’s software investments Full Text
Abstract
Some of the world’s biggest private equity firms, including Blackstone Group, Silver Lake Partners, and Thoma Bravo, own major stakes in software firms that were breached by suspected Russian hackers.Reuters
December 16, 2020 – Breach
SolarWinds’ FTP password was apparently ‘leaked on GitHub in plaintext’ Full Text
Abstract
Vinoth Kumar, a security researcher, claimed on Tuesday he had made such a report to SolarWinds last November, warning that it could be used to upload files to the server.The Register
December 16, 2020 – Malware
Microsoft Set to Block SolarWinds Orion Binaries Full Text
Abstract
Malicious updates were responsible for recent Russian attacksInfosecurity Magazine
December 16, 2020 – Business
Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack Full Text
Abstract
Microsoft and its partners have seized the primary domain used in the SolarWinds attack to identify the victims through sinkholing. Microsoft partnered with other cybersecurity firms to seize the primary domain used in the SolarWinds attack (avsvmcloud[.]com)...Security Affairs
December 16, 2020 – Vulnerabilities
Vast Majority of OT Devices Affected by Urgent/11 Vulnerabilities Still Unpatched Full Text
Abstract
A vast majority of operational technology (OT) devices affected by the Urgent/11 vulnerabilities and many devices impacted by the CDPwn flaws remain unpatched, IoT security firm Armis reported.Security Week
December 16, 2020 – General
NCSC Names Academic Centers of Excellence in Cybersecurity Education Full Text
Abstract
Eight universities named by NCSC as Dundee sees major investment in local cyber-infrastructureInfosecurity Magazine
December 16, 2020 – Malware
Microsoft to quarantine SolarWinds apps linked to recent hack starting tomorrow Full Text
Abstract
Microsoft announced today plans to start forcibly blocking and isolating versions of the SolarWinds Orion app that are known to have contained the Solorigate (SUNBURST) malware.ZDNet
December 16, 2020 - General
New Account Fraud Surges 28% in the UK as Global Rates Drop Full Text
Abstract
No sharp increase worldwide despite COVID-19 effectInfosecurity Magazine
December 16, 2020 - General
Countries that retaliate too much against cyberattacks make things worse for themselves Full Text
Abstract
In contrast to conventional national security thinking, such skirmishes in the cyber world call for a new strategic outlook, according to a new paper co-authored by an MIT professor.Help Net Security
December 16, 2020 – Vulnerabilities
Total Published CVEs Hits Record High for Fourth Year Full Text
Abstract
Number of vulnerabilities in US NVD is now 17,447Infosecurity Magazine
December 16, 2020 – General
Your Digital Persona at Risk: Around 26 Unique Data Items from… Full Text
Abstract
An in-depth analysis of Bitdefender’s Digital Identity Protection community has uncovered an alarming rate of exposure of users' personal data over the past eight months.Bit Defender
December 16, 2020 – Malware
PyMICROPSIA Windows malware includes checks for Linux and macOS Full Text
Abstract
Experts discovered a new Windows info-stealer, named PyMICROPSIA, linked to AridViper group that is rapidly evolving to target other platforms. Experts from Palo Alto Networks's Unit 42 discovered a new Windows info-stealing malware, named PyMICROPSIA,...Security Affairs
December 15, 2020 – Malware
Microsoft to quarantine compromised SolarWinds binaries tomorrow Full Text
Abstract
Microsoft has announced today that Microsoft Defender will begin quarantining compromised SolarWind Orion binaries starting tomorrow morning.BleepingComputer
December 15, 2020 – Malware
Adrozek Malware Silently Hijacks Microsoft Edge, Google Chrome, Yandex & Firefox Browsers Full Text
Abstract
Recently, Microsoft 365 Defender Research affirmed that they had recorded a new malware that has been continuously attacking popular browsers like Google...Cyber Security News
December 15, 2020 – Ransomware
MountLocker Ransomware Gets Trimmed, Joins Hands with Affiliates Full Text
Abstract
The Ransomware-as-a-Service (RaaS) and affiliate program deploy MountLocker widely across corporate networks, seeking multimillion-dollar payments for decryption services.Cyware Alerts - Hacker News
December 15, 2020 – Criminals
Ohio Couple Sold Secrets to China Full Text
Abstract
Husband of researcher who sold hospital’s secrets to China admits his part in conspiracyInfosecurity Magazine
December 15, 2020 – Business
Here are the critical responses required of all businesses after SolarWinds supply-chain hack Full Text
Abstract
SolarWinds customers – over 300,000 of them, including most of the Fortune 500 – must determine what was breached, mitigate the damage before using the software again, and explore new supply chain safeguards.SCMagazine
December 15, 2020 – Phishing
Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam Full Text
Abstract
Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware.Threatpost
December 15, 2020 – Malware
New Windows malware may soon target Linux, macOS devices Full Text
Abstract
Newly discovered Windows info-stealing malware linked to an active threat group tracked as AridViper shows signs that it might be used to infect computers running Linux and macOS.BleepingComputer
December 15, 2020 – APT
Chinese APT Groups Exploiting Corporate Software to Target Mongolian Organizations Full Text
Abstract
The operators behind Operation StealthyTrident have launched supply-chain attacks against hundreds of Mongolian government agencies by exploiting a legitimate software called Able Desktop.Cyware Alerts - Hacker News
December 15, 2020 – Breach
California Hospital Notifies 67k Patients of Data Breach Full Text
Abstract
October cyber-attack may have exposed data belonging to 67k patients of Sonoma Valley HospitalInfosecurity Magazine
December 15, 2020 – Vulnerabilities
Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices Full Text
Abstract
Experts reported flaws in Medtronic ’s MyCareLink Smart 25000 Patient Reader product that could be exploited to take control of a paired cardiac device. Experts from IoT security firm Sternum discovered vulnerabilities discovered in Medtronic’s...Security Affairs
December 15, 2020 – Business
A safe return to office may mean higher burden for companies to collect, protect medical data Full Text
Abstract
For many businesses, recovery from the pandemic fallout hinges in part on employees working safely and virus-free outside their homes. That leaves organizations facing the very real possibility that they will serve as both trackers and guardians of health data to ensure the safety of employees.SCMagazine
December 15, 2020 – Vulnerabilities
Easy WP SMTP Security Bug Can Reveal Admin Credentials Full Text
Abstract
A poorly configured file opens users up to site takeover.Threatpost
December 15, 2020 – Vulnerabilities
Pandemic year increases bug bounties and report submissions Full Text
Abstract
Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, with critical issue reports recording a 65% jump.BleepingComputer
December 15, 2020 – Malware
Global Campaign Uses Sunburst Malware to Target Government Agencies Worldwide Full Text
Abstract
The campaign has targeted consulting, technology, telecom, and other entities such as multiple federal government agencies, including the US Treasury and Commerce departments.Cyware Alerts - Hacker News
December 15, 2020 – Policy and Law
Twitter Fined Half a Million Dollars for Privacy Violation Full Text
Abstract
Violating EU data protection rules has costly repercussions for social media giantInfosecurity Magazine
December 15, 2020 – Ransomware
Norwegian cruise company Hurtigruten was hit by a ransomware Full Text
Abstract
Norwegian cruise company Hurtigruten disclosed a cyber attack that impacted its entire worldwide digital infrastructure. The Norwegian cruise company Hurtigruten announced its entire worldwide digital infrastructure was the victim of a cyber attack. "It's...Security Affairs
December 15, 2020 – Malware
Kaspersky researchers found 360,000 malicious files per day in 2020 Full Text
Abstract
The vast majority of the malicious files detected – 89.8 percent – occurred via Windows PE files, a file format specific to Windows operating systems.SCMagazine
December 15, 2020 – Malware
Gitpaste-12 Worm Widens Set of Exploits in New Attacks Full Text
Abstract
The worm returned in recent attacks against web applications, IP cameras and routers.Threatpost
December 15, 2020 – Ransomware
Ransomware attack causing billing delays for Missouri city Full Text
Abstract
The City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services.BleepingComputer
December 15, 2020 – Government
How bad is the hack that targeted US agencies? Full Text
Abstract
The hack began as early as March when malicious code was snuck into updates to the popular SolarWinds Orion software that monitors computer networks of businesses and governments.The Times Of India
December 15, 2020 – Business
Businesses Often Do Not Inform Customers of Tracking Full Text
Abstract
72% of businesses admit tracking of customer data happensInfosecurity Magazine
December 15, 2020 – Vulnerabilities
Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome Full Text
Abstract
Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support.Threatpost
December 15, 2020 – Business
HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual Full Text
Abstract
Among all the ways COVID-19 has affected the cybersecurity world, perhaps nothing is more impossible than live hacking events, which were once a staple of the security industry.Cyberscoop
December 15, 2020 – Criminals
#BSEC: Staying Alert to the Growing Dangers of Cybercrime Full Text
Abstract
Cybercrime is becoming easier to conduct and successful attacks more consequentialInfosecurity Magazine
December 15, 2020 – Breach
Indian defense tech service provider gets hacked, the company claims major loss Full Text
Abstract
Critical and classified data of a Noida-based private company, providing technology solutions to Indian defense forces, has been allegedly hacked, leading to the theft of confidential information.The Times Of India
December 15, 2020 – Breach
Millions of Medical Imaging Files Freely Accessible on Unprotected Servers Full Text
Abstract
Sensitive medical images including X-rays and CT scans are readily availableInfosecurity Magazine
December 15, 2020 – Malware
SolarWinds Orion and UNC2452 – Summary and Recommendations Full Text
Abstract
The Russia-linked UNC2452 threat actor group has been observed leveraging a supply chain compromise to serve backdoored updates for the SolarWinds Orion Platform software.TrustedSec
December 15, 2020 – Breach
Over 2,000 Unsecured Servers Containing Millions of Medical Records Found Online Full Text
Abstract
Two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone.The Register
December 15, 2020 – Government
DHS, CISA and NCSC Issue Warnings After SolarWinds Attack Full Text
Abstract
Government agencies issue advice after apparent nation state attacksInfosecurity Magazine
December 15, 2020 – Malware
SoReL-20M Sophos & ReversingLabs release 10 million disarmed samples for malware study Full Text
Abstract
Sophos and ReversingLabs released SoReL-20M, a database containing 20 million Windows Portable Executable files, including 10M malware samples. Sophos and ReversingLabs announced the release of SoReL-20M, a database containing 20 million Windows Portable...Security Affairs
December 15, 2020 – Covid-19
Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares Full Text
Abstract
From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.Threatpost
December 15, 2020 – Vulnerabilities
Apple addressed multiple code execution flaws in iOS and iPadOS Full Text
Abstract
Apple addressed this week serious code execution vulnerabilities that affect its iOS and iPadOS mobile operating systems. Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating...Security Affairs
December 15, 2020 – Business
Bank regulators mull stricter rules for reporting of data breaches Full Text
Abstract
The FDIC is poised to take the first public action on the issue with the agency’s board scheduled to vote Tuesday on a proposed rulemaking dealing with “computer-security incident notification.”American Banker
December 15, 2020 – Business
#BSEC: The Continuous Evolution of Cyber-Attacks Full Text
Abstract
Microsoft outlines the changing tactics being employedInfosecurity Magazine
December 15, 2020 – Breach
Global security teams assess impact of suspected Russian cyber attack Full Text
Abstract
Global security teams moved on Monday to contain fallout of a widespread cyberattack by suspected Russian hackers, who have been able to spy on the customers of SolarWinds for more than eight months.Reuters
December 15, 2020 – Breach
Spotify Resets Passwords After Leaking User Data to Partners Full Text
Abstract
Breach went undetected for seven monthsInfosecurity Magazine
December 15, 2020 – Malware
SoReL-20M: Sophos & ReversingLabs release 10 million disarmed samples for malware study Full Text
Abstract
Sophos and ReversingLabs announced the release of SoReL-20M, a database containing 20 million Windows Portable Executable (PE) files, including 10 million malware samples.Security Affairs
December 15, 2020 – Government
Government Threatens Tech Firms with Fines of 10% of Turnover Full Text
Abstract
UK’s Online Safety Bill set to cause controversyInfosecurity Magazine
December 15, 2020 – Breach
SolarWinds: Our Office 365 Emails Were Compromised Full Text
Abstract
Company also reveals fewer than 18,000 customers affected by nation state attackInfosecurity Magazine
December 15, 2020 – Criminals
Former Cisco Engineer Gets Two Years for $2.4M Insider Attack Full Text
Abstract
Sudhish Kasaba Ramesh, 31, of San Jose, pleaded guilty back in August to one count of intentionally accessing a protected computer without authorization and recklessly causing damage to Cisco.Infosecurity Magazine
December 15, 2020 – Botnet
Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices Full Text
Abstract
A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called " Gitpaste-12 ," which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL. The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020. Now according to Juniper, the second wave of attacks began on November 10 using payloads from a different GitHub repository, which, among others, contains a Linux crypto-miner ("ls"), a file with a list of passwords for brute-force attempts ("pass"), and a local privilege escalation exploit for x86_64 Linux systems. ThThe Hacker News
December 15, 2020 – Breach
Data Trove Containing Details of 1.9 Million Members of Chinese Communist Party Leaked on Hacking Forum Full Text
Abstract
During routine Dark web monitoring, the experts from Cyble found a post on a Russian-speaking forum offering the details of 1.9 million members of the Chinese Communist Party.Security Affairs
December 15, 2020 – Business
Download the Essential Guide to Response Automation Full Text
Abstract
In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, " You keep using that word. I do not think it means what you think it means ." It's freely used as a response to someone's misuse or misunderstanding of a word or phrase. "Response Automation" is another one of those phrases that have different meanings to different people. It's bantered around by the security vendor community so much that its precise meaning, when used, is unclear. Many vendors throw the term out without explaining exactly what they mean by the phrase. One vendor's response automation might, and often do, perform very differently from another vendor's response automation capabilities. But, hey, they have "response automation!" A recently published guide is meant to make sense of Response Automation ( Download here ). It discusses the evolution of response automation and distinguishes five increasingly capablThe Hacker News
December 15, 2020 – Breach
SolarWinds, in SEC Filings, Says 18,000 Customers Were Impacted by Recent Hack Full Text
Abstract
SolarWinds disclosed on Sunday that a nation-state hacker group breached its network and inserted malware in updates for Orion, a software application for IT inventory management and monitoring.ZDNet
December 15, 2020 – Covid-19
How COVID-19 has impacted the security threat landscape Full Text
Abstract
“As the impact of COVID-19 continues to unfold, our threat intelligence provides key insight into how attackers are adjusting their tactics,” said Corey Nachreiner, CTO at WatchGuard.Help Net Security
December 15, 2020 – Vulnerabilities
Proportion of Exploited Vulnerabilities Continues to Drop Full Text
Abstract
While number of identified vulnerabilities has increased significantly in recent years, the percentage of flaws that are exploitable or been exploited has been dropping, according to Kenna Security.Security Week
December 15, 2020 – Covid-19
Update: Moderna COVID-19 vaccine documents accessed in EMA cyberattack Full Text
Abstract
Moderna said it was informed by the EMA certain documents related to pre-submission talks of its COVID-19 vaccine candidate were unlawfully accessed in a cyberattack on the medicines regulator.Reuters
December 15, 2020 – Breach
Nearly 18,000 SolarWinds Customers Installed Backdoored Software Full Text
Abstract
SolarWinds, the enterprise monitoring software provider who found itself at the epicenter of the most consequential supply chain attacks , said as many as 18,000 of its high-profile customers might have installed a tainted version of its Orion products. The acknowledgment comes as part of a new filing made by the company to the US Securities and Exchange Commission on Monday. The Texas-based company serves more than 300,000 customers worldwide, including every branch of the US military and four-fifths of the Fortune 500 companies. The "incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state," SolarWinds said in the regulatory disclosure , adding it "currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000." The company also reiterated in its security advisory that besides 2019.4 HF 5The Hacker News
December 15, 2020 – Breach
Threat Advisory: SolarWinds supply chain attack Full Text
Abstract
The adversaries leverage administrative privileges obtained during the on-premise compromise to access the victim's global administrator account and/or trusted SAML token-signing certificate.Talos
December 15, 2020 – Breach
PgMiner Botnet Attacks PostgreSQL Databases to Install a Cryptocurrency Miner Full Text
Abstract
The security researchers of Palo Alto Networks have detected a unique Linux-based cryptocurrency mining botnet. This botnet exploits a disputed PostgreSQL remote...Cyber Security News
December 15, 2020 – Government
DHS, State, and NIH join list of 5 (and counting) federal agencies confirmed hacked in massive Russian cyberespionage campaign Full Text
Abstract
The DHS, the State Department, and the NIH joined the list of known victims of a months-long, highly sophisticated digital spying operation by Russia whose damage remains uncertain but is presumed to be extensive, experts say.Boing Boing
December 14, 2020 – Malware
The SolarWinds Breach: Why Your Work Computers Are Down Today Full Text
Abstract
The information security news cycle went into overdrive yesterday afternoon. First, Reuters revealed that the Commerce and Treasury departments suffered significant intrusions. The Washington Post soon followed up with multiple sources attributing the attack to the Russian foreign intelligence service, the SVR—in particular, a portion of the SVR known as Cozy Bear—although there is no official attribution yet. Within a few hours, FireEye and Microsoft announced that this was a “supply chain attack” involving SolarWinds Orion software, and the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive. Today, it turns out that the attackers also compromised the Department of Homeland Security. SolarWinds revealed to the Securities and Exchange Commission that the breach may affect 18,000 customers.Lawfare
December 14, 2020 – Vulnerabilities
Critical Golang XML parser bugs can cause SAML authentication bypass Full Text
Abstract
This week, Mattermost, in coordination with Golang has disclosed 3 critical vulnerabilities within Go language's XML parser. If exploited, these vulnerabilities, also impacting multiple Go-based SAML implementations, can lead to a complete bypass of SAML authentication which powers prominent web applications today.BleepingComputer
December 14, 2020 – Government
CISA Published Emergency Directive on SolarWinds Orion Code Compromise Full Text
Abstract
SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems.DHS
December 14, 2020 – Breach
SolarWinds Supply Chain Attack Compromised Multiple Global Victims With SUNBURST Backdoor Full Text
Abstract
The attacker’s post-compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection.FireEye
December 14, 2020 – Malware
PyMICROPSIA: New Information-Stealing Trojan from AridViper Full Text
Abstract
Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region, and identified a new information stealer with relations to the MICROPSIA malware.Palo Alto Networks
December 14, 2020 – Vulnerabilities
Googles Gives a New Perspective to Web Security Threats via XS-Leaks Full Text
Abstract
Google has announced the launch of a knowledge base called XS-Leaks to help web browser developers and security engineers prepare defense mechanisms against rising side-channel threats.Cyware Alerts - Hacker News
December 14, 2020 – Business
Cyber Threats Crawling Across Manufacturing Organizations Full Text
Abstract
Manufacturers are increasingly being targeted not just by traditional malicious actors such as unorganized cybercriminals, but by competing companies and nations engaged in corporate espionage.Cyware Alerts - Hacker News
December 14, 2020 – Vulnerabilities
This New Zero-Click Cross-platform Flaw in Microsoft Teams Could Spread Like a Worm Full Text
Abstract
Security researchers have uncovered a critical flaw in Microsoft Teams that could allow an attacker to access confidential conversations and files from the communications service.Cyware Alerts - Hacker News
December 14, 2020 – Business
Cyberattacks on the Rise for Digital Media and Entertainment Organizations Full Text
Abstract
Cybercrime against digital media and entertainment organizations is on the rise. Hackers formulate new and innovative ways to defeat security measures and controls to pilfer sensitive data.Cyware Alerts - Hacker News
December 14, 2020 – Ransomware
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers Full Text
Abstract
Guardicore first spotted the attack back in January 2020. After that, it witnessed a total of 92 attacks emanate from 11 IP addresses, with most based in Ireland and the UK at the time of analysis.Tripwire
December 14, 2020 – Vulnerabilities
Office 365 users put on alert about critical bugs with SharePoint, here’s how to fix it Full Text
Abstract
The two critical remote code execution flaws in SharePoint are classified as CVE-2020-17121 and CVE-2020-17118, with the latter can be exploited remotely without any authentication.Express
December 14, 2020 – Phishing
Text messages promising $1,200 stimulus checks are actually scams, IRS warns Full Text
Abstract
Scammers are sending texts promising a $1,200 stimulus check. The IRS and a coalition of state tax agencies and tax industry officials are warning individuals who receive such messages not to respond.CNBC
December 14, 2020 – Breach
US govt, FireEye breached after SolarWinds supply-chain attack Full Text
Abstract
Trojanized versions of SolarWinds' Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate.BleepingComputer
December 14, 2020 – Breach
Spotify notifies customers of breach, files under CCPA Full Text
Abstract
Streaming service Spotify has notified an unspecified number of its customers of a data breach, responding by resetting passwords on the accounts that were attacked. The company filed the breach under California’s new privacy law, the California Consumer Privacy Act, which went into effect on Jan. 1. While the notice did not specify the precise…SCMagazine
December 14, 2020 – Breach
Spotify Changes Passwords After Another Data Breach Full Text
Abstract
This is the third breach in the past few weeks for the world’s most popular streaming service.Threatpost
December 14, 2020 – Government
Cybersecurity in a fishbowl: How North Carolina’s Board of Elections handled it Full Text
Abstract
Election security has never been more scrutinized than the 2020 presidential elections. It left election boards fighting not only to protect the election from outside influences, but also to justify the legitimacy of their own work.SCMagazine
December 14, 2020 – Outage
Google outage tied to authentication system outage, not supply chain attacks Full Text
Abstract
A number of Google applications were offline Monday morning due to an authentication system outage, the technology giant confirmed. The outage Monday morning caused a stir among security experts, wondering whether the incident might have ties to a major hacking event over the weekend that resulted in breaches at both the Treasury and Commerce departments.…SCMagazine
December 14, 2020 – Government
After high profile hacks hit federal agencies, CISA demands drastic SolarWinds mitigation Full Text
Abstract
Impact of the supply chain attacks are not limited to government, with consulting, technology, and telecom sectors all caught in the crosshairs.SCMagazine
December 14, 2020 – Malware
SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online Full Text
Abstract
Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. " SoReL-20M " (short for So phos- Re versing L abs – 20 M illion), as it's called, is a dataset containing metadata, labels, and features for 20 million Windows Portable Executable (.PE) files, including 10 million disarmed malware samples, with the goal of devising machine-learning approaches for better malware detection capabilities. "Open knowledge and understanding about cyber threats also leads to more predictive cybersecurity," Sophos AI group said. "Defenders will be able to anticipate what attackers are doing and be better prepared for their next move." Accompanying the release are a set of PyTorch and LightGBM -based machine learning models pre-trainedThe Hacker News
December 14, 2020 – Business
Four ways CISOs should talk to the board Full Text
Abstract
When thinking about the modern security operations center (SOC), it’s clear that security touches every part of the business in today’s enterprises. This means the SOC analyst team—which many perceive as a dark war room separated from everyone else—must become more integrated with teams from across the company, from product development to sales to the…SCMagazine
December 14, 2020 – Malware
Hacking group’s new malware abuses Google and Facebook services Full Text
Abstract
Molerats cyberespionage group has been using in recent spear-phishing campaigns fresh malware that relies on Dropbox, Google Drive, and Facebook for command and control communication and to store stolen data.BleepingComputer
December 14, 2020 – Criminals
Sipulimarket Dark Web Marketplace Seized by Finnish Customs Full Text
Abstract
Finnish Customs (Tulli) closed the Sipulimarket dark web marketplace on Friday and seized all its content. This recent hit...Cyber Security News
December 13, 2020 – Policy and Law
FTC Filed a Lawsuit Against Facebook for Illegal Monopolization Full Text
Abstract
The Attorney General Letitia James of the Federal Trade Commission recently declared a new antitrust lawsuit upon Facebook. This lawsuit clearly justifies...Cyber Security News
December 13, 2020 – Vulnerabilities
Amnesia:33 – 33 Vulnerabilities That Impact Four Open-source TCP/IP Stacks Affects Millions of IoT Devices Full Text
Abstract
The cybersecurity researchers have been warning regarding a set of very severe vulnerabilities that are continuously affecting TCP/IP stacks let hackers attack...Cyber Security News
December 13, 2020 – Ransomware
Intel’s Habana Labs hacked by Pay2Key ransomware, data stolen Full Text
Abstract
Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors.BleepingComputer
December 13, 2020 – Business
From the startup to the enterprise: where cyber fits in a business’s growth trajectory Full Text
Abstract
As one expert told me, enterprise security is built for stability, while startup security is built for speed. And in all cases, investment in vulnerability can make or break a business.SCMagazine
December 12, 2020 – Phishing
Subway marketing system hacked to send TrickBot malware emails Full Text
Abstract
Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday.BleepingComputer
December 12, 2020 – Business
Adobe releases final Flash Player update, warns of 2021 kill switch Full Text
Abstract
After 24 years of fun games and abuse by threat actors, Adobe has released their final Flash Player update and thanked everyone for the fantastic content that they have released over the years.BleepingComputer
December 11, 2020 – Ransomware
The Week in Ransomware - December 11th 2020 - Targeting K-12 Full Text
Abstract
This week we continued to see ransomware target businesses, education, and healthcare with cyberattacks that disrupt operations and lead to school closings.BleepingComputer
December 11, 2020 – Covid-19
Employees 85% more likely to leak files today vs pre-COVID Full Text
Abstract
The vast majority of that 85 percent are malicious insiders and the rest are caused by employee carelessness.SCMagazine
December 11, 2020 – Vulnerabilities
Security Issues in PoS Terminals Open Consumers to Fraud Full Text
Abstract
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.Threatpost
December 11, 2020 – Ransomware
MountLocker ransomware gets slimmer, now encrypts fewer files Full Text
Abstract
MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files.BleepingComputer
December 11, 2020 – Ransomware
New ransomware campaign exploits weak MySQL credentials to lock thousands of databases Full Text
Abstract
Researchers have tracked 92 separate attacks since January, but the group’s website indicates it has compromised tens of thousands of internet-exposed databases.SCMagazine
December 11, 2020 – Vulnerabilities
Samsung fixes critical Android bugs in December 2020 updates Full Text
Abstract
This week Samsung has started rolling out Android's December security updates to mobile devices to patch critical security vulnerabilities in the operating system. This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical bugs.BleepingComputer
December 11, 2020 – Covid-19
Sacramento turns COVID layoffs into a cyber training opportunity Full Text
Abstract
Sacramento began offering free, comprehensive cybersecurity training for workers displaced from jobs due to COVID-19. It’s a model that could have legs for a national program, with the right government commitment.SCMagazine
December 11, 2020 – Vulnerabilities
Microsoft Office security updates fix critical SharePoint RCE bugs Full Text
Abstract
Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates.BleepingComputer
December 11, 2020 – Criminals
Ex-Cisco engineer who nuked 16k WebEx accounts goes to prison Full Text
Abstract
Sudhish Kasaba Ramesh, a former Cisco engineer, was sentenced on Wednesday to two years in prison and ordered to pay a $15,000 fine for shutting down more than 16,000 WebEx Teams accounts and over 450 virtual machines in 2018,BleepingComputer
December 10, 2020 – Covid-19
Pfizer COVID-19 Vaccine Targeted in EU Cyberattack Full Text
Abstract
Threat actors accessed Pfizer vaccine documentation submitted to EU regulators in the latest cyberattack trying to profit off pandemic suffering.Threatpost
December 10, 2020 – Ransomware
PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers Full Text
Abstract
Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases.Threatpost
December 10, 2020 – Vulnerabilities
Cisco fixes new critical code execution bug in Jabber for Windows Full Text
Abstract
Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September.BleepingComputer
December 11, 2020 – APT
Facebook unmasks Vietnam’s APT32 hacking group Full Text
Abstract
The Facebook security team has revealed today the real identity of APT32, a Vietnam-backed hacking group active in cyberespionage campaigns targeting foreign government, multi-national corporations, and journalists since at least 2014.BleepingComputer
December 11, 2020 – Malware
Skimmers hide in social media buttons and CSS files, but the next big threat lies with the server Full Text
Abstract
Happy shopping: Beyond standard skimming techniques that focus on the client-side, attackers are increasingly focusing on back-end applications.SCMagazine
December 11, 2020 – Malware
Microsoft: New malware can infect over 30K Windows PCs a day Full Text
Abstract
Microsoft has warned of an ongoing campaign pushing a new browser hijacking and credential-stealing malware dubbed Adrozek which, at its peak, was able to take over more than 30,000 devices every day.BleepingComputer
December 11, 2020 – Phishing
Massive Subway UK phishing attack is pushing TrickBot malware Full Text
Abstract
A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware.BleepingComputer
December 10, 2020 – Covid-19
U.S. warns of increased cyberattacks against K-12 distance learning Full Text
Abstract
K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year.BleepingComputer
December 10, 2020 – Business
App visibility startup Bionic comes out of stealth with $17 million in funding Full Text
Abstract
The company, which built a platform designed to reverse engineer and map out application environments and was founded by two former members of the Israeli Defense Force’s cyber division, plans to focus growth on the U.S. market.SCMagazine
December 10, 2020 – Business
Defending the Intelligent Edge from Evolving Attacks Full Text
Abstract
Fortinet’s Aamir Lakhani discusses best practices for securing company data against next-gen threats, like edge access trojans (EATs).Threatpost
December 10, 2020 – Phishing
Fake data breach alerts used to steal Ledger cryptocurrency wallets Full Text
Abstract
A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients.BleepingComputer
December 10, 2020 – Covid-19
Pfizer-BioNTech data stolen in cyberattack on European Medicines Agency Full Text
Abstract
The European Medicines Agency reported Wednesday that it was the focus of a cyberattack involving some of the data around the first COVID-19 vaccine that’s being distributed in Europe. In a brief statement yesterday, the EMA – which assesses medicines and vaccines for the European Union – only said it was the subject of a…SCMagazine
December 10, 2020 – APT
MoleRats APT Returns with Espionage Play Using Facebook, Dropbox Full Text
Abstract
The threat group is increasing its espionage activity in light of the current political climate and recent events in the Middle East, with two new backdoors.Threatpost
December 10, 2020 – Vulnerabilities
Sophos fixes SQL injection vulnerability in their Cyberoam OS Full Text
Abstract
Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability.BleepingComputer
December 10, 2020 – Business
Thales, Google Cloud collaboration puts private keys in hands of the enterprise Full Text
Abstract
The agreement that will compel quicker migration of sensitive data between public clouds, private clouds and private IT infrastructure.SCMagazine
December 10, 2020 – Vulnerabilities
Zero-Click Wormable RCE Vulnerability in Cisco Jabber Gets Fixed, Again Full Text
Abstract
A series of bugs, patched in September, still allow remote code execution by attackers.Threatpost
December 10, 2020 – Vulnerabilities
250,000 stolen MySQL databases for sale on dark web auction site Full Text
Abstract
Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers.BleepingComputer
December 10, 2020 – Business
North America lags behind Europe on proactive security initiatives in Q3 Full Text
Abstract
More encouraging, the Cybersecurity Resource and Spending Allocation (CRAE) Index found that North America added focus to responding and recovering from cyber events.SCMagazine
December 10, 2020 – Business
Cyber Monday is Every Monday: Securing the ‘New Normal’ Full Text
Abstract
From eCommerce threats, to attacks at the smart edge, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.Threatpost
December 10, 2020 – Vulnerabilities
Windows Kerberos Bronze Bit attack gets public exploit, patch now Full Text
Abstract
Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft.BleepingComputer
December 10, 2020 – Vulnerabilities
Cisco fixes new Jabber for Windows critical code execution bug Full Text
Abstract
Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September.BleepingComputer
December 10, 2020 – Malware
Hackers can use WinZip insecure server connection to drop malware Full Text
Abstract
The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users.BleepingComputer
December 10, 2020 – Criminals
Teen who shook the Internet in 2016 pleads guilty to DDoS attacks Full Text
Abstract
One of the operators behind a Mirai botnet pleaded guilty to their involvement in a huge DDoS attack that caused a massive Internet disruption during October 2016.BleepingComputer
December 9, 2020 – Ransomware
Palo Alto creates visualization tool to guide response to Egregor ransomware attacks Full Text
Abstract
In the Unit 42 ATOM Viewer, security pros can view in a table what tactics the attackers used, then click on a chart to see what to enable on a Palo Alto firewall.SCMagazine
December 9, 2020 – Vulnerabilities
Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020 Full Text
Abstract
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.Threatpost
December 9, 2020 – Policy and Law
Lawyer up: Following a breach, companies often call outside counsel first Full Text
Abstract
BakerHostetler assisted in about 1,600 cases tied to cyber breaches this year — about 60 percent more than 2019.SCMagazine
December 9, 2020 – Phishing
Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame? Full Text
Abstract
Researchers observed a spear phishing campaign that exactly spoofed a Microsoft email domain to trick Office 365 users. This suggests Microsoft’s servers were not enforcing protective DMARC authentication protocols when communications were received – and perhaps still are not.SCMagazine
December 9, 2020 – Business
Microsoft’s GitHub adds dependency review to new code submitted from programmers Full Text
Abstract
Modern software is typically a patchwork of interdependent code from multiple sources. GitHub will now deliver an advanced warning of potential vulnerabilities detected so programmers can catch issues early on.SCMagazine
December 09, 2020 – Malware
Qbot malware switched to stealthy new Windows autostart method Full Text
Abstract
A new Qbot malware version now activates its persistence mechanism right before infected Windows devices shutdown and it automatically removes any traces when the system restarts or wakes up from sleep.BleepingComputer
December 9, 2020 – Business
New Gula Tech Foundation pledges to award millions in grants to cyber nonprofits Full Text
Abstract
In an interview with SC Media, the former leaders and founders of Tenable explained why they believe cybersecurity nonprofits have long been overlooked for funding, despite playing a key role in creating a more secure world.SCMagazine
December 09, 2020 – Covid-19
Pfizer COVID-19 vaccine documents accessed in EMA cyberattack Full Text
Abstract
The European Medicines Agency (EMA) responsible for COVID-19 vaccine approval has suffered a cyberattack of an undisclosed nature, according to a statement posted on their website.BleepingComputer
December 09, 2020 – Vulnerabilities
DHS-CISA urges admins to patch OpenSSL DoS vulnerability Full Text
Abstract
This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability, CVE-2020-1971. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately.BleepingComputer
December 09, 2020 – Malware
Credit card stealer hides in CSS files of hacked online stores Full Text
Abstract
Credit card stealer scripts are evolving and become increasingly harder to detect due to novel hiding tactics. The latest example is a web skimmer that uses CSS code to blend within the pages of a compromised store and to steal customers' personal and payment information.BleepingComputer
December 09, 2020 – Malware
Russian hackers hide Zebrocy malware in virtual disk images Full Text
Abstract
Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives (VHD) to avoid detection.BleepingComputer
December 09, 2020 – Vulnerabilities
Adobe fixes critical security vulnerabilities in Lightroom, Prelude Full Text
Abstract
Adobe has released security updates to address critical severity security bugs affecting Windows and macOS versions of Adobe Lightroom and Adobe Prelude.BleepingComputer
December 09, 2020 – Vulnerabilities
Microsoft fixes new Windows Kerberos security bug in staged rollout Full Text
Abstract
Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout.BleepingComputer
December 09, 2020 – Books
New Book - RIGHTS OF MAN, By Thomas Paine Full Text
Abstract
Chapter 1It was a bright cold day in April, and the clocks were striking thirteen. Winston Smith, his chin nuzzled into his breast in an effort to escape the vile wind, slipped quickly through the glass doors of Victory Mansions, though not quickly enough to prevent a swirl of gritty dust from entering along with him.
December 08, 2020 – APT
FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community Full Text
Abstract
FireEye is on the front lines defending companies and critical infrastructure globally from cyber threats. We witness the growing threat firsthand, and we know that cyber threats are always evolving. Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. Our number one priority is working to strengthen the security of our customers and the broader community. We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber attacks.December 07, 2020 – Encryption
Law Enforcement Is Accessing Locked Devices Quite Well, Thank You Full Text
Abstract
Apple introduced the iPhone in 2007—and discovered it was a great target for street theft. The device was small and expensive, and it could easily be grabbed from someone’s hand. Apple worked to secure the phone, developing Find My iPhone. Thefts dropped. But criminals are nothing if not creative, and it soon became clear that street theft was the least of Apple’s security problems. Hackers in China used data from the devices to commit identity theft. And later the criminals started selling instructional videos to other criminals, showing how to do these hacks themselves.December 07, 2020 – Phishing
Microsoft O365 Fails to Block Spoofed Emails Sent from Microsoft.com Full Text
Abstract
The 200 million Microsoft Office 365 (O365) users worldwide are now being targeted by a new global spear-phishing attack spoofing Microsoft.com. Two weeks ago, IRONSCALES researchers first identified what we can now confirm to be a well-coordinated email spoofing campaign targeting O365 users particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom industries, among others. giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices.December 07, 2020 – Ransomware
Foxconn electronics giant hit by ransomware, $34 million ransom Full Text
Abstract
Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices.December 07, 2020
Russian State-Sponsored Malicious Cyber Actors Exploit Known Vulnerability in Virtual Workspaces Full Text
Abstract
Ft. MEADE, Md., Dec. 7, 2020 — The National Security Agency (NSA) released a Cybersecurity Advisory today detailing how Russian state-sponsored actors have been exploiting a vulnerability in VMware® products to access protected data on affected systems. This advisory emphasizes the importance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provides further details on how to detect and mitigate compromised networks.December 06, 2020 – Ransomware
GBMC HealthCare detected a ransomware incident Full Text
Abstract
On the morning of Sunday, December 6, 2020, GBMC HealthCare detected a ransomware incident that impacted information technology systems. Although many of our systems are down, GBMC HealthCare has robust processes in place to maintain safe and effective patient care. We are collectively responding in accordance with our well-planned process and policies for this type of event.December 06, 2020 – Terrorist
Rethinking Global Counterterrorist Financing Full Text
Abstract
The terrorism and extremism landscape has shifted significantly over the past several years, but global counterterrorism and particularly counterterrorist financing (CTF) practices have been slow to adapt. CTF has traditionally been conceptualized as stopping the flow of funds to terrorists or “following the money,” but CTF has much more utility than just those narrow ideas in the fight against terrorism. The way the international community thinks about CTF is out of date, and global efforts to prevent and detect terrorist financing are falling short. Fortunately, a conceptual shift and a broader scope for CTF policy and practice can yield significant benefits. Improved policies should expand the criminalization and financial intelligence approach to CTF to include covert and disruptive action against terrorist financiers and financial activity, and reevaluate financial exclusion—such as sanctions and derisking—and their utility against both new and old threats.December 06, 2020 – Law Article
New Article - The Freedom of Information Act, 5 USC 552: Public information; agency rules, opinions, orders, records, and proceedings Full Text
Abstract
(a) Each agency shall make available to the public information as follows: (1) Each agency shall separately state and currently publish in the Federal Register for the guidance of the public- (A) descriptions of its central and field organization and the established places at which, the employees (and in the case of a uniformed service, the members) from whom, and the methods whereby, the public may obtain information, make submittals or requests, or obtain decisions; (B) statements of the general course and method by which its functions are channeled and determined, including the nature and requirements of all formal and informal procedures available; (C) rules of procedure, descriptions of forms available or the places at which forms may be obtained, and instructions as to the scope and contents of all papers, reports, or examinations; (D) substantive rules of general applicability adopted as authorized by law, and statements of general policy or interpretations of general applicability formulated and adopted by the agency; and (E) each amendment, revision, or repeal of the foregoing. Except to the extent that a person has actual and timely notice of the terms thereof, a person may not in any manner be required to resort to, or be adversely affected by, a matter required to be published in the Federal Register and not so published. For the purpose of this paragraph, matter reasonably available to the class of persons affected thereby is deemed published in the Federal Register when incorporated by reference therein with the approval of the Director of the Federal Register.December 05, 2020 – General
A National Cybersecurity Agenda for Resilient Digital Infrastructure Full Text
Abstract
In 1858, a public health crisis gripped the city of London. Successive cholera outbreaks spread by contaminated water were killing thousands. The river Thames was so polluted that Parliament refused to meet. As London’s population exploded, no one had invested in the basic wastewater infrastructure necessary to manage the consequences of cramming millions of people into one of the world’s first metropolises. After decades of failing to safeguard access to clean water, the government finally embarked on an unprecedented civil works project to retrofit the entire city with its first sewer system.December 04, 2020 – Law Article
New Article - Privacy Act of 1974, 5 USC 552a - Records maintained on individuals Full Text
Abstract
(a) Definitions.-For purposes of this section- (1) the term “agency” means agency as defined in section 552(e) of this title; (2) the term “individual” means a citizen of the United States or an alien lawfully admitted for permanent residence; (3) the term “maintain” includes maintain, collect, use, or disseminate; (4) the term “record” means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph;December 03, 2020 – Quantum
Quantum computational advantage using photons Full Text
Abstract
Quantum computers promises to perform certain tasks that are believed to be intractable to classical computers. Boson sampling is such a task and is considered as a strong candidate to demonstrate the quantum computational advantage. We perform Gaussian boson sampling by sending 50 indistinguishable single-mode squeezed states into a 100-mode ultralow-loss interferometer with full connectivity and random matrix—the whole optical setup is phase-locked—and sampling the output using 100 high-efficiency single-photon detectors. The obtained samples are validated against plausible hypotheses exploiting thermal states, distinguishable photons, and uniform distribution. The photonic quantum computer generates up to 76 output photon clicks, which yields an output state-space dimension of 1030 and a sampling rate that is ~1014 faster than using the state-of-the-art simulation strategy and supercomputers.December 03, 2020 – Law Article
What to expect from a Biden FCC on Section 230, net neutrality, and 5G Full Text
Abstract
Inauguration Day promises sweeping change across the federal government—and the Federal Communications Commission (FCC) is no exception. Ajit Pai, the FCC’s current Republican chairman appointed by President Trump, will depart the agency on January 20, as is customary with past agency leaders. With his departure may come some sweeping changes at the Commission. The FCC’s current policy and enforcement priorities may shift, especially with the Republicans slated to lose their majority with the departures of Pai and Commissioner Mike O’Rielly (whose replacement Nathan Simington from the Commerce Department was approved by the Senate Commerce Committee).December 03, 2020 – Events
State of Alaska’s Online Voter Registration System victim of data exposure Full Text
Abstract
December 3, 2020 (Anchorage, AK) – The State of Alaska was the victim of data exposure by outside actors that targeted the Division of Elections Online Voter Registration System, which was built and maintained by an outside vendor and operated by the Division. Although some voters’ personal information was exposed, the Division has determined that no other elections systems or data were affected. The Division’s ballot tabulation systems, 2020 general election results, and voter database remain secure.December 03, 2020 – Events
Randstad statement on cyber incident. Full Text
Abstract
Randstad NV (“Randstad”) recently became aware of malicious activity in its IT environment and an internal investigation into this incident was launched immediately with our 24/7 incident response team. Third party cyber security and forensic experts were engaged to assist with the investigation and remediation of the incident.December 03, 2020 – Ransomware
Egregor Ransomware, Used in a String of High-Profile Attacks, Shows Connections to QakBot Full Text
Abstract
Egregor ransomware is a complex piece of malware that appears to be associated with the operators of QakBot. The ransomware has been used against organizations across many industries since its debut in September 2020 and is likely to continue to present a threat to organizations in the future. Unlike most ransomware variants, Egregor’s payload cannot be executed or decrypted fully without the correct cryptographic key provided to the malware at runtime, rendering static or dynamic analysis impossible. Because very little is known about the deployment of the ransomware in open sources and how the threat actors target victims, Recorded Future recommends employing mitigations for technical threats used by other “big game hunting” threat actors to mitigate the threat prior to ransom, using the provided hunting package to threat hunt Egregor and ensuring that internet-facing systems are appropriately configured to provide only the minimum needed access.December 03, 2020 – Events
US, Estonia Partnered to Search Out Cyber Threat From Russia Full Text
Abstract
WASHINGTON - In a modern twist on old-fashioned war games, the U.S. military dispatched cyber fighters to Estonia this fall to help the small Baltic nation search out and block potential cyber threats from Russia. The goal was not only to help a NATO partner long targeted by its powerful neighbor but also to gain insight on Russian tactics that could be used against the U.S. and its elections.December 03, 2020 – Events
Phishing Ploy Targets COVID-19 Vaccine Distribution Effort Full Text
Abstract
BOSTON - IBM security researchers say they have detected a cyberespionage effort using targeted phishing emails to try to collect vital information on the World Health Organization's initiative for distributing COVID-19 vaccine to developing countries.December 03, 2020 – Books
New Book - 1984, By George Orwell Full Text
Abstract
Chapter 1It was a bright cold day in April, and the clocks were striking thirteen. Winston Smith, his chin nuzzled into his breast in an effort to escape the vile wind, slipped quickly through the glass doors of Victory Mansions, though not quickly enough to prevent a swirl of gritty dust from entering along with him.
December 02, 2020 – Ransomware
Alabama school district shut down by ransomware attack Full Text
Abstract
Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week.The Huntsville City Schools district is the sixth-largest school district in Alabama, with almost 24,000 students, 2,300 employees, and thirty-seven schools. Due to the COVID-19 pandemic, the school district offered both in-school instruction and a fully online learning experience.
December 01, 2020 – APT
Alert (AA20-336A) - Advanced Persistent Threat Actors Targeting U.S. Think Tanks Full Text