Attacks on IoT devices continue to escalate
https://www.helpnetsecurity.com/2020/10/28/attacks-on-iot-devices-continue-to-escalate/
Excerpt:
“Attacks on IoT devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, according to Nokia.”
Donald Trump’s website briefly defaced by cryptocurrency scammers
Graham Cluley
https://grahamcluley.com/donald-trumps-website-briefly-defaced-by-cryptomining-scammers/
Excerpt:
“Donald Trump’s official presidential re-election campaign website was briefly defaced by hackers last night.
The Russian Hackers Playing 'Chekhov's Gun' With US Infrastructure
Andy Greenberg
https://www.wired.com/story/berserk-bear-russia-infrastructure-hacking/
Excerpt:
“Last week the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published an advisory warning that a group known as Berserk Bear—or alternately Energetic Bear, TEMP.Isotope, and Dragonfly—had carried out a broad hacking campaign against US state, local, territorial, and tribal government agencies, as well as aviation sector targets. The hackers breached the networks of at least two of those victims.”
Amazon sacks insiders over data leak, alerts customers
Ax Sharma
https://www.bleepingcomputer.com/news/security/amazon-sacks-insiders-over-data-leak-alerts-customers/
Excerpt:
“Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies.”
Ransomware attack disabled Georgia County Election database
Pierluigi Paganini
https://securityaffairs.co/wordpress/109983/cyber-crime/ransomware-attack-georgia-county-election-db.html
Excerpt:
“A ransomware attack hit a Georgia county government early this month and disabled a database used to verify voter signatures in the authentication of absentee ballots. It is a common process to validate absentee ballots sent by mail by analyzing signatures.”
Dr Reddy's: Covid vaccine-maker suffers cyber-attack
Joe Tidy
https://www.bbc.com/news/technology-54642870
Excerpt:
“Pharmaceutical company Dr Reddy's, which is developing a Covid-19 vaccine, says it has been hit by a cyber-attack.”
Harvest Finance puts $100K bounty on alleged hacker
Helen Partz
https://cointelegraph.com/news/harvest-finance-puts-100k-bounty-on-alleged-hacker
Excerpt:
“Harvest Finance, a major decentralized finance protocol, has seemingly issued a $100,000 bounty in the aftermath of a $24 millon attack targeting its liquidity pools.”
Hackers breach psychotherapy center, use stolen health data to blackmail patients
Zeljka Zorz
https://www.helpnetsecurity.com/2020/10/26/data-breach-psychotherapy-center/
Excerpt:
“News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released.”
63 billion credential stuffing attacks hit retail, hospitality, travel industries
https://www.helpnetsecurity.com/2020/10/23/63-billion-credential-stuffing-attacks-hit-retail-hospitality-travel-industries/
Excerpt:
“Akamai published a report detailing criminal activity targeting the retail, travel, and hospitality industries with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.”
Berlin to Give Secret Services Access to Encrypted Conversations
AFP
https://www.securityweek.com/berlin-give-secret-services-access-encrypted-conversations
Excerpt:
“The German government Wednesday agreed to allow secret services to listen in on conversations via encrypted messaging services such as Messenger or Whatsapp as a means of tackling terrorism.”
Massive US Voters and Consumers Databases Circulate Among Hackers
Ziv Mador
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/massive-us-voters-and-consumers-databases-circulate-among-hackers/
Excerpt:
“Voting in the U.S. elections started recently and there is a real concern over interference and disinformation campaigns that might impact their outcome. During investigations around the elections, the Trustwave SpiderLabs team discovered massive databases with detailed information about U.S. voters and consumers offered for sale on several hacker forums.”
Ryuk Ransomware Attacks Continue Following TrickBot Takedown Attempt
Ionut Arghire
https://www.securityweek.com/ryuk-ransomware-attacks-continue-following-trickbot-takedown-attempt
Excerpt:
“The threat actor behind the Ryuk ransomware continues to conduct attacks following the recent attempts to disrupt the TrickBot botnet, CrowdStrike reports.”
Ransomware gang donates part of ransom demands to charity organizations
Catalin Cimpanu
https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/
Excerpt:
“A ransomware gang has donated a part of the ransom demands it extorted from victims to charity organizations.”
This new malware uses remote overlay attacks to hijack your bank account
Charlie Osborne
https://www.zdnet.com/article/this-new-malware-uses-remote-overlay-attacks-to-hijack-your-bank-account/
Excerpt:
“Researchers have uncovered a new form of malware using remote overlay attacks to strike Brazilian bank account holders.”
Barnes & Noble warns customers it has been hacked, customer data may have been accessed
Graham Cluley
https://www.tripwire.com/state-of-security/featured/barnes-noble-warns-customers-hacked-customer-data-accessed/
Excerpt:
“American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed.”
State and local governments under siege from cyber threats
https://www.helpnetsecurity.com/2020/10/15/state-local-governments-cyber-threats/
Excerpt:
“With both security budgets and talent pools negatively affected by the ongoing pandemic, state and local governments are struggling to cope with the constant wave of cyber threats more than ever before, a Deloitte study reveals.”
Self-driving cars can be forced to brake by hijacked billboards
Charlie Osborne
https://www.zdnet.com/article/self-driving-cars-can-be-forced-to-brake-by-hijacked-billboards/
Excerpt:
“Security researchers have demonstrated how hijacked billboards could be used to confuse self-driving cars -- forcing them to slam on the brakes, or worse.”
Norway blames Russia for cyber attack on Parliament
Pierluigi Paganini
https://securityaffairs.co/wordpress/109465/cyber-warfare-2/norway-blames-russia-cyber-attack.html
Excerpt:
“Norway ‘s government is blaming Russia for the cyberattack that targeted the email system of the country’s parliament this summer.”
Hacker groups chain VPN and Windows bugs to attack US government networks
Catalin Cimpanu
https://www.zdnet.com/article/hacker-groups-chain-vpn-and-windows-bugs-to-attack-us-government-networks/
Excerpt:
“Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday.”
Researchers found alleged sensitive documents of NATO and Turkey
Pierluigi Paganini
https://securityaffairs.co/wordpress/109386/breaking-news/nato-turkey-data-leak.html
Excerpt:
“Researchers from the US-based firm Cyble recently came across a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO and Havelsan (Turkish Military/defence manufacturer).”
Credit card skimmer targets virtual conference platform
Threat Intelligence Team
https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/
Excerpt:
“We’ve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others”
Phishing emails lure victims with inside info on Trump's health
Lawrence Abrams
https://www.bleepingcomputer.com/news/security/phishing-emails-lure-victims-with-inside-info-on-trumps-health/
Excerpt:
“A phishing campaign pushing a network-compromising backdoor pretends to have the inside scoop on President Trump's health after being infected with COVID-19.”
UN Shipping Agency Forced Offline After Cyber-Attack
Phil Muncaster
https://www.infosecurity-magazine.com/news/un-shipping-agency-offline/
Excerpt:
“The United Nations agency for international shipping came under cyber-attack at the end of last week, forcing a number of services offline, it has emerged.”
Huawei 'failed to improve UK security standards'
Gordon Corera
https://www.bbc.com/news/technology-54370574
Excerpt:
“Huawei has failed to adequately tackle security flaws in equipment used in the UK's telecoms networks despite previous complaints, an official report says.”
Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks
David Bisson
https://www.tripwire.com/state-of-security/security-data-protection/russian-gets-7-years-in-prison-for-linkedin-dropbox-formspring-hacks/
Excerpt:
“A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring.”
What to do first when your company suffers a ransomware attack
Graham Cluley
https://www.tripwire.com/state-of-security/featured/what-first-when-your-company-suffers-ransomware-attack/
Excerpt:
“For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals.”
70% of consumers would cut ties with doctors over unprotected health data
https://www.helpnetsecurity.com/2020/10/01/unprotected-health-data-privacy-concerns/
Excerpt:
‘There are growing privacy concerns among Americans due to COVID-19 with nearly 70 percent citing they would likely sever healthcare provider ties if they found that their personal health data was unprotected, a CynergisTek survey reveals.”
Read full article
