14 June 2022
2021
Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach
Ravie Lakshmanan
https://thehackernews.com/2021/04/passwordstate-warns-of-ongoing-phishing.html
Excerpt:
“Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor.”
Brazil's Rio Grande do Sul court system hit by REvil ransomware
Lawrence Abrams
Excerpt:
“Brazil's Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee's files and forced the courts to shut down their network.Tribunal de Justiça do Estado do Rio Grande do Sul (TJRS) is the court system for the Brazilian state of Rio Grande do Sul.”
Researchers find two dozen bugs in software used in medical and industrial devices
Sean Lyngaas
https://www.cyberscoop.com/microsoft-azure-iot-badalloc-vulnerabilities/
Excerpt:
“Microsoft researchers have discovered some two dozen vulnerabilities in software that is embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash.”
48 recommendations for a global fight against ransomware
Zeljka Zorz
https://www.helpnetsecurity.com/2021/04/29/fight-against-ransomware/
Excerpt:
“The Institute for Security and Technology’s Ransomware Task Force (RTF) has released a comprehensive strategic framework to help worldwide organizations fight against ransomware and will be delivering it to the U.S. President’s team.”
Paleohacks data leak exposes customer records, password reset tokens
Charlie Osborne
https://www.zdnet.com/article/paleohacks-data-leak-exposes-customer-records-password-reset-tokens/
Excerpt:
“A popular online resource for paleo recipes and tips was the source of a data leak impacting roughly 70,000 users.”
DC police department hit by apparent extortion attack
https://techxplore.com/news/2021-04-dc-police-department-apparent-extortion.html
Excerpt:
“The Washington, D.C., police department said Monday that its computer network was breached, and a Russian-speaking ransomware syndicate claimed to have stolen sensitive data, including on informants, that it threatened to share with local criminal gangs unless police paid an unspecified ransom.”
61% of organizations impacted by ransomware in 2020
https://www.helpnetsecurity.com/2021/04/26/ransomware-2020/
Excerpt:
“Enterprises faced unprecedented cybersecurity risk in 2020 from increasing attack volume, the pandemic-driven digital transformation of work, and generally deficient cyber preparedness and training, a Mimecast survey reveals.”
Mount Locker Ransomware Aggressively Changes Up Tactics
Tara Seals
https://threatpost.com/mount-locker-ransomware-changes-tactics/165559/
Excerpt:
“The Mount Locker ransomware has shaken things up in recent campaigns with more sophisticated scripting and anti-prevention features, according to researchers. And, the change in tactics appears to coincide with a rebranding for the malware into “AstroLocker.”
Linux bans University of Minnesota for committing malicious code
Ax Sharma
Excerpt:
“In a rare, groundbreaking decision, Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project.”
6 Cybersecurity Tips for Working from Home
Lilie Matia
Excerpt:
“Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as opposed to pant sales.”
Consumers worry about the cybersecurity of connected vehicles
https://www.helpnetsecurity.com/2021/04/16/cybersecurity-connected-vehicles/
Excerpt:
” U.S. motorists worry about the cybersecurity of their connected vehicles, according to a survey by HSB, part of Munich Re. Some even believe a hacker could confront them over their car audio systems or disable automotive safety features.”
Swinburne University confirms over 5,000 individuals affected in data breach
Asha Barbaschow
Excerpt:
“Swinburne University of Technology has confirmed personal information on staff, students, and external parties had inadvertently made its way into the wild.”
New Jersey School Districts Investigate Cyber-Attacks
Sarah Coble
https://www.infosecurity-magazine.com/news/new-jersey-schools-cyber-attack/
Excerpt:
“Cyber-attackers are believed to be targeting school districts in the New Jersey county of Somerset.”
Victorian government earmarks AU$30m to lift hospital cyber capabilities
Aimee Chanthadavong
Excerpt:
“The Victorian government plans to invest a total of AU$30 million to upgrade and modernise the IT infrastructure of 28 of the state's hospitals and health services in a bid to guard against further cyber attacks.”
Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire
Excerpt:
“eSentire, a leading cybersecurity solutions provider, reported today that business professionals are currently being lured to hacker-controlled websites, hosted on Google Sites, and inadvertently installing a known, emerging Remote Access Trojan (RAT).”
330 million people across 10 countries were victims of cybercrime in 2020
https://www.helpnetsecurity.com/2021/04/14/victims-of-cybercrime/
Excerpt:
“Over the past year, 65% of people around the world report spending more time online than ever before, likely a result of the COVID-19 pandemic. As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams.”
FBI removes web shells from hacked Microsoft Exchange servers
https://www.helpnetsecurity.com/2021/04/14/fbi-microsoft-exchange/
Excerpt:
“Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United State”
Zoom zero-day discovery makes calls safer, hackers $200,000 richer
Pieter Arntz
Excerpt:
“Two Dutch white-hat security specialists entered the annual computer hacking contest Pwn2Own, managed to find a Remote Code Execution (RCE) flaw in Zoom and are $200,000 USD better off than they were before.”
4 things you can do to minimize cyberattacks on supply and value chains
Dennis McDermott
https://www.helpnetsecurity.com/2021/04/08/minimize-supply-chain-cyberattacks/
Excerpt:
“Supply chain attacks target the weakest spot in most every enterprise’s security program: third-party access.”
Italian man arrested after allegedly paying hitman in cryptocurrency
Charlie Osborne
https://www.zdnet.com/article/italian-man-arrested-after-allegedly-paying-hitman-in-cryptocurrency/
Excerpt:
“An Italian man has been arrested on suspicion of paying a hitman to assassinate his former partner.”
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof
CyberNews Team
Excerpt:
“We updated our personal data leak checker database with more than 780,000 email addresses associated with this leak. Use it to find out if your LinkedIn profile has been scraped by the threat actors.”
Industries critical to COVID-19 response suffer surge in cloud cyberattacks
Charlie Osborne
Excerpt:
“Industries and organizations critical to the fight against COVID-19 have faced a surge in cyberattacks due to their rapid transition to cloud platforms in light of the pandemic.”
Janeleiro, the time traveler: A new old banking trojan in Brazil
Facundo Muñoz and Matías Porolli
https://www.welivesecurity.com/2021/04/06/janeleiro-time-traveler-new-old-banking-trojan-brazil/
Excerpt:
“ESET Research has been tracking a newly discovered banking trojan that has been targeting corporate users in Brazil since 2019 across many verticals affecting sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government.”
Attackers Disclose Personal Data of Students in Massive Cyberattack
Antonia Din
https://heimdalsecurity.com/blog/attackers-disclose-data-of-students-in-cyberattack/
Excerpt:
“In recent months, several universities were hit by the Clop ransomware gang, specialists think all the attacks are linked to Accellion File Transfer Appliance (FTA) software, a third-party vendor, which was used by students and staff to transfer encrypted files.”
Personal data from over 500M Facebook users leaked online
José Adorno
https://9to5mac.com/2021/04/03/personal-data-from-over-500m-facebook-users-leaked-online/
Excerpt:
“The phone numbers and personal data of over 553 million Facebook users have been published online for free by a user in a low-level hacking forum, according to Business Insider. At least 100 countries are included in this leak, with data from 32 million users in the U.S. and 11 millions users in the UK.”
US DOJ: Phishing attacks use vaccine surveys to steal personal info
Sergiu Gatlan
Excerpt:
“The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.”
Report: USB threats to ICS systems have nearly doubled
Anastasios Arampatzis
Excerpt:
“The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period.”
22-Year-Old Charged With Hacking Water System and Endangering Lives
Ravie Lakshmanan
https://thehackernews.com/2021/04/22-year-old-charged-with-hacking-water.html
Excerpt:
“A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community.”
3 Key Cybersecurity Trends To Know For 2021 (and On ...)
Chuck Brooks
Excerpt:
“Most business ventures rely on lessons learned to improve outcomes. They analyze what they did right or wrong to fill gaps and adapt strategies is often a barometer of future success. The cybersecurity industry needs to follow this heuristic model. In 2021 we are already facing a variety of cyber-attacks and look to lessons learned to close cyber vulnerabilities. Three trends to focus on include 1) the expanding cyber-attack surface (remote work, IoT supply chain), 2) Ransomware as a cyber weapon of choice, 3) threats to critical infrastructure via ICS, OT/IT cyber-threat convergence.”
4 cybersecurity threats that haunt financial establishments
Apoorva Komarraju
https://www.fintechnews.org/4-cybersecurity-threats-that-haunt-financial-establishments/
Excerpt:
“Cybersecurity is next to the internet in the order of necessity in life. It’s a crucial component of this digital world where industries thrive with the power of disruptive technologies. For this reason, cybersecurity is a big concern, especially for industries pertaining to financial services.”
The Top 10 Most Significant Data Breaches Of 2020
https://blog.ariacybersecurity.com/blog/the-top-10-most-significant-data-breaches-of-2020
Excerpt:
‘Most everyone agrees that 2020 was a loss-leader of a year. To put it mildly, the year in cybersecurity wasn’t much better. While the COVID-19 pandemic was transforming the world of work, it fueled a pandemic of cyberattacks and data breaches.”
Getting it right on tech sovereignty
Farlina Md Said
https://www.nst.com.my/opinion/columnists/2021/04/686300/getting-it-right-tech-sovereignty
Excerpt:
“The term "sovereignty" is used to describe an independent state, whereby a government's legitimacy rests on its ability to keep the national interests above others. But in the digital age, with cyberspace operating as a borderless concept, the notion of "territory" is facing multiple challenges.”