14 June 2022
2021
#TECH: Tackling security threats in automotive industry
BOTS team
Excerpt:
“THE automotive industry has been experiencing an increase in cyber attacks recently. The focus has moved on from the security of embedded devices to security of vehicles.”
Crossing the 10 Million Mark: DDoS Attacks in 2020
Richard Hummel, Carol Hildebrand
https://www.netscout.com/blog/asert/crossing-10-million-mark-ddos-attacks-2020
Excerpt:
“Not all world records are cause for celebration—just look at the DDoS attack numbers from 2020. For the first time in history, we observed more than 10 million DDoS attacks in a single year, with NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT) observing 10,089,687 attacks over the course of the year. That’s nearly 1.6 million more attacks than 2019’s count of 8.5 million.”
Pwn2Own 2021: Hackers Offered $200,000 for Zoom, Microsoft Teams Exploits
Eduard Kovacs
https://www.securityweek.com/pwn2own-2021-hackers-offered-200000-zoom-microsoft-teams-exploits
Excerpt:
“Trend Micro’s Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes and rules for the Pwn2Own Vancouver 2021 hacking competition, a hybrid event scheduled to take place on April 6-8.”
Beware of this active UK NHS COVID-19 vaccination phishing attack
Lawrence Abrams
https://www.bleepingcomputer.com/news/security/beware-of-this-active-uk-nhs-covid-19-vaccination-phishing-attack/
Excerpt:
“A very active phishing campaign is underway pretending to be from the UK's National Health Service (NHS), alerting recipients that they are eligible to receive the COVID-19 vaccine.”
SonicWall hit by attackers leveraging zero-day vulnerabilities in its own products?
Zeljka Zorz
https://www.helpnetsecurity.com/2021/01/25/sonicwall-zero-day-vulnerabilities/
Excerpt:
“On Friday evening, SonicWall announced that it “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”
Financial institutions must prepare for increased risk of financial crime
https://www.helpnetsecurity.com/2021/01/22/risk-financial-crime/
Excerpt:
“LexisNexis Risk Solutions published survey results of U.S. and Canadian compliance professionals on the range of challenges that financial institutions have experienced during the COVID-19 pandemic.”
Another ransomware now uses DDoS attacks to force victims to pay
Lawrence Abrams
Excerpt:
“Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.”
MyFreeCams site hacked to steal info of 2 million paying users
Ionut Ilascu
Excerpt:
“A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.”
Rogue: An Android Malware That Gives Hackers Full Control Over a Phone
https://www.ehackingnews.com/2021/01/rogue-android-malware-that-gives.html
Excerpt:
“Another sort of Android malware that provides hackers with nearly-full access to a client's Android cell phone is doing rounds on underground forums. Colloquially known as 'Rogue' Remote Administration Tool (RAT), the malware infects victims with a keylogger – permitting attackers to effectively monitor the utilization of sites and applications to take usernames and passwords, just as more delicate data like a client's financial data. The malware, as per reports, is accessible on underground forums for as low as $29.99 (generally Rs 2,200).”
Ubiquiti warns customers about potential data breach
Zeljka Zorz
https://www.helpnetsecurity.com/2021/01/12/ubiquiti-data-breach/
Excerpt:
“American networking tech vendor Ubiquiti is asking customers to change their password because of unauthorized access to some of their information technology systems hosted by a third party cloud provider.”
Healthcare Hit by 187 Million Monthly Web App Attacks in 2020
Phil Muncaster
https://www.infosecurity-magazine.com/news/healthcare-187m-monthly-web-app/
Excerpt:
“Web application attacks in the healthcare sector surged in December as distribution of the first COVID-19 vaccines began, according to new data from Imperva.”
Hacker sells Aurora Cannabis files stolen in Christmas cyberattack
Lawrence Abrams
Excerpt:
“A hacker is selling the data stolen from cannabis giant Aurora Cannabis after breaching their systems on Christmas day.”
Ryuk Ransomware Attackers Have Made $150m
Phil Muncaster
https://www.infosecurity-magazine.com/news/ryuk-ransomware-attackers-have/
Excerpt:
“The infamous operators of the Ryuk ransomware have amassed a fortune of at least $150m, according to researchers who studied the flow of Bitcoin to the group.”
The 15 biggest data breaches of the 21st century
Dan Swinhoe
https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
Excerpt:
“Not long ago, a breach that compromised the data of a few million people would have been big news. Now, breaches that affect hundreds of millions or even billions of people are far too common. About 3.5 billion people saw their personal data stolen in the top two of 15 biggest breaches of this century alone. The smallest incident on this list involved the data of a mere 134 million people.”
Hospitals under siege: 5 ways to boost cybersecurity as the COVID-19 vaccine rolls out
Ara Aslanian
https://www.helpnetsecurity.com/2021/01/07/hospitals-under-siege/
Excerpt:
“After a spate of cyberattacks on organizations involved in developing COVID-19 vaccines, there are growing concerns that hackers are taking aim at the distribution systems currently ramping up.”
US: Fewer Than 10 Govt Agencies Hit by SolarWinds Attack
Phil Muncaster
https://www.infosecurity-magazine.com/news/us-fewer-10-government-agencies/
Excerpt:
“The US government has, for the first time, attributed the SolarWinds cyber-espionage attacks to Russia, and clarified that fewer agencies have been affected than some first thought.”
Cyber-Attack on US Laboratory
Sarah Coble
https://www.infosecurity-magazine.com/news/cyberattack-on-us-laboratory/
Excerpt:
“An American laboratory specializing in home phlebotomy has disclosed a cyber-attack that occurred five months ago after data stolen in the attack turned up online.”