Data of 14,200 diagnosed with HIV in Singapore leaked online

Eileen Yu

https://www.zdnet.com/article/data-of-14200-diagnosed-with-hiv-in-singapore-leaked-online/

Excerpt:

“Personal information belonging to 14,200 individuals diagnosed with HIV has been leaked online by an American living in Singapore and who had illegally accessed the data through his partner. The data of another 2,400 people listed as part of a contact tracing process also has been exposed online, according to local authorities.”


$1.7 billion in cryptocurrency was stolen and scammed in 2018

https://www.helpnetsecurity.com/2019/01/30/stolen-cryptocurrency/

Excerpt:

“$1.7 billion in cryptocurrency was stolen and scammed in 2018 — a dramatic rise in criminal activity despite a slump in the market, according to CipherTrace. Criminals need to launder all these funds in order to cash out before a wave of regulations go into effect in 2019.”


Hackers Targeting Cisco RV320/RV325 Routers Using New Exploits

Ionut Ilascu

https://www.bleepingcomputer.com/news/security/hackers-targeting-cisco-rv320-rv325-routers-using-new-exploits/

Excerpt:

“Disclosure of proof-of-exploit code for security bugs in Cisco routers for small businesses prompted hackers to scan for vulnerable devices in an attempt to take full control of them.”


Over 1 Million UiTM Students and Alumni Personal Details Leaked Online

Vijandren

https://www.lowyat.net/2019/177033/over-1-million-uitm-students-and-alumni-personal-details-leaked-online/

Excerpt:

“A total of 1,164,540 records, belonging to students who enrolled for various courses at Universiti Teknologi Mara (UiTM) between 2000 and 2018 has been breached and leaked online.”


DailyMotion discloses credential stuffing attack

Catalin Cimpanu

https://www.zdnet.com/article/dailymotion-discloses-credential-stuffing-attack/

Excerpt:

“Video sharing platform DailyMotion announced on Friday that it was the victim of a credential stuffing attack, ZDNet has learned.”


Fifteen Alleged Operators of $8 Million Crypto Scam Arrested in Taiwan

Adrian Zmudzinski

https://cointelegraph.com/news/fifteen-alleged-operators-of-8-million-crypto-scam-arrested-in-taiwan

Excerpt:

“Police in New Taipei, Taiwan, have arrested fifteen suspects for allegedly running a cryptocurrency scam that earned them millions of dollars, English-language local media Focus Taiwan reports on Jan. 26.”


Global IT spending to reach $3.8 trillion in 2019, up 3.2% from 2018

https://www.helpnetsecurity.com/2019/01/29/global-it-spending-2019-up-from-2018/

Excerpt:

“Worldwide IT spending is projected to total $3.76 trillion in 2019, an increase of 3.2 percent from 2018, according to the latest forecast by Gartner.”


Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert

Pierluigi Paganini

https://securityaffairs.co/wordpress/80210/hacking/nest-camera-hack.html

Excerpt:

“Over the weekend, a family living in California was terrified with a hoax nuclear missile attack. The couple explained to the local media that hackers compromised their Nest security camera and used atop their television and issued a warning of an imminent impact of missiles launched from North Korea.”


Online casino group leaks information on 108 million bets, including user details

Catalin Cimpanu

https://www.zdnet.com/article/online-casino-group-leaks-information-on-108-million-bets-including-user-details/

Excerpt:

“An online casino group has leaked information on over 108 million bets, including details about customers' personal information, deposits, and withdrawals, ZDNet has learned.”


Alleged Russian Hacker Pleads Not Guilty After Extradition to United States

Wang Wei

https://thehackernews.com/2019/01/russian-hacker-ad-fraud.html

Excerpt:

“A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York.”


Researchers analyze DDoS attacks as coordinated gang activities

https://www.helpnetsecurity.com/2019/01/21/ddos-attacks-as-coordinated-gang-activities/

Excerpt:

“In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang.”


Virus affecting IT system at Health Sciences North impacting health care across the region

https://www.cbc.ca/news/canada/sudbury/hsn-it-virus-update-1.4982267

Excerpt:

“The head of Health Sciences North says various medical systems at the hospital in Sudbury and other hospitals throughout the region have been shut down to avoid damage from a computer virus.”


Hacker behind 'Football Leaks' arrested in Hungary

Catalin Cimpanu

https://www.zdnet.com/article/hacker-behind-football-leaks-arrested-in-hungary/

Excerpt:

“Portuguese police announced yesterday the arrest of a Portuguese man in Hungary who they believe hacked, stole, and then leaked secret documents from European football (soccer) clubs during the past four years.”


Two Ukrainians Charged with Plot to Hack into SEC and Commit Fraud

David Bisson

https://www.tripwire.com/state-of-security/security-data-protection/two-ukrainians-charged-with-plot-to-hack-into-sec-and-commit-fraud/

Excerpt:

“The U.S. Department of Justice (DOJ) has charged two Ukrainians with participating in a plot to hack into computers systems at the U.S. Securities and Exchange Commission (SEC) and use the information they stole to commit fraud.”


The Advanced Persistent Threat files: APT10

William Tsing

https://blog.malwarebytes.com/cybercrime/2019/01/advanced-persistent-threat-files-apt10/

Excerpt:

“We’ve heard a lot about Advanced Persistent Threats (APTs) over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a person, business, or other organization—APTs are often associated with government or military operations, as they tend to be the organizations with the resources necessary to conduct such an attack. Starting with Mandiant’s APT1 report in 2013, there’s been a continuous stream of exposure of nation-state hacking at scale.”


“Stole $24 Million But Still Can’t Keep a Friend”

Brian Krebs

https://krebsonsecurity.com/2019/01/stole-24-million-but-still-cant-keep-a-friend/

Excerpt:

“Unsettling new claims have emerged about Nicholas Truglia, a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims. The lurid details, made public in a civil lawsuit filed this week by one of his alleged victims, paints a chilling picture of a man addicted to thievery and all its trappings. The documents suggest that Truglia stole from his father and even a dead man — all the while lamenting that his fabulous new wealth brought him nothing but misery.”


North Korean hackers infiltrate Chile's ATM network after Skype job interview

Catalin Cimpanu

https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/

Excerpt: 

A Skype call and a gullible employee was all it took for North Korean hackers to infiltrate the computer network of Redbanc, the company that interconnects the ATM infrastructure of all Chilean banks.”


Cranes, drills and other industrial machines exposed to hack by RF protocols 

Pierluigi Paganini

https://securityaffairs.co/wordpress/79915/hacking/rf-protocols-hacking.html

Excerpt:

“Security experts from Trend Micro have discovered several vulnerabilities in the communication protocols used by cranes, hoists, drills and other industrial machines.”


The costs of cyberattacks increased 52% to $1.1 million

https://www.helpnetsecurity.com/2019/01/16/2018-2019-global-application-and-network-security-report/

Excerpt:

“Radware has released its 2018-2019 Global Application and Network Security Report, in which survey respondents estimate the average cost of a cyberattack at $1.1M. For those organizations that calculate (versus estimate) the cost of an attack, that number increases to $1.67M.”


Ransomware attack sends City of Del Rio back to the days of pen and paper

Charlie Osborne

https://www.zdnet.com/article/ransomware-attack-sends-city-of-del-rio-back-to-the-days-of-pen-and-paper/

Excerpt:

“Officials based at the City of Del Rio, in Texas, were forced to abandon electronic services and switch to pen and paper after a ransomware attack effectively closed down City Hall servers.”


International hacker-for-hire jailed for cyber attacks on Liberian telecommunications provider

http://www.nationalcrimeagency.gov.uk/index.php/news-media/nca-news/1542-international-hacker-for-hire-jailed-for-cyber-attacks-on-liberian-telecommunications-provider

Excerpt:

’ A British cyber criminal has been sentenced to two years and eight months for conducting attacks that disrupted a Liberian telecommunications provider, resulting in losses estimated at tens of millions of US dollars.”


Chinese hackers may have struck Keidanren system in 2016

Tatsuya Sudo

http://www.asahi.com/ajw/articles/AJ201901130021.html

Excerpt:

“A Chinese group that has been accused by the U.S. government in a series of cybertheft cases around the world is now suspected in the 2016 hacking of the computer system used by Keidanren (Japan Business Federation).”


Hackers who DDoSed African telecom and US hospital get long prison sentences

Zeljka Zorz

https://www.helpnetsecurity.com/2019/01/14/ddos-attacks-prison-sentences/

Excerpt:

“Two men who launched DDoS attacks against a variety of targets have received substantial prison sentences on Friday.”


A new taxonomy for SCADA attacks

Zeljka Zorz

https://www.helpnetsecurity.com/2019/01/15/analyze-scada-attacks/

Excerpt:

“Attacks aimed at SCADA networks are still much rarer than those targeting IT networks, but the number is slowly rising.”


US Carriers Promise Again to Stop Selling Customer Location Data

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/us-carriers-promise-again-to-stop-selling-customer-location-data/

Excerpt:

“Everyone knows that major mobile service providers such as AT&T, T-Mobile, and Sprint are actively collecting their customers' location data, but not many know that they're also selling it to the highest bidder.”


Anonymous hacker gets 10 years in prison for DDoS attacks on children's hospitals

Catalin Cimpanu

https://www.zdnet.com/article/anonymous-hacker-gets-10-years-in-prison-for-ddos-attacks-on-childrens-hospitals/

Excerpt:

“A Massachusetts man was sentenced today to ten years in prison for launching DDoS attacks on behalf of the Anonymous hacker collective against US children's hospitals in 2014.”


APT heist of Singapore health data exploited Microsoft Outlook, inquiry finds

Sean Lyngaas

https://www.cyberscoop.com/apt-heist-singapore-health-data-exploited-microsoft-outlook-inquiry-finds/

Excerpt:

“An advanced hacking operation that last year stole personal data on 1.5 million health care patients in Singapore, including the prime minister, targeted an unpatched version of Microsoft Outlook, an official inquiry has found.”


Tens of thousands of hot tubs are exposed to hack

Pierluigi Paganini

https://securityaffairs.co/wordpress/79601/hacking/hot-tubs-hacking.html

Excerpt:

“Security experts at Pen Test Partners have discovered thousands of connected hot tubs vulnerable to remote cyber attacks. The hot tubs could be remotely controlled by an app, dubbed Balboa Water App, that lack of authentication mechanisms.


Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users

Ecular Xu

https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/

Excerpt:

“Adware is bothersome, disruptive, and have been around for a long time, but they’re still around. In fact, we recently discovered an active adware family (detected by Trend Micro as AndroidOS_HidenAd) disguised as 85 game, TV, and remote control simulator apps on the Google Play store.”


Coinbase suspends Ethereum Classic (ETC) trading after double-spend attacks

Catalin Cimpanu

https://www.zdnet.com/article/coinbase-suspends-ethereum-classic-etc-trading-after-double-spend-attacks/

Excerpt:

“Cryptocurrency trading portal Coinbase delisted today the Ethereum Classic (ETC) currency after detecting a series of double-spend attacks over the last three days.”


Cops: German suspect, 20, 'confessed' to mass hack of local politicians

Gareth Corfield

https://www.theregister.co.uk/2019/01/08/german_20_yr_old_confess_mass_hack_angriff/

Excerpt:

“German police say a 20-year-old German man has "confessed" to leaks in connection what the country's media is calling "the Hacker Attack", a years-long data exfiltration campaign against politicians and other public figures.”


Small manufacturers play important role in supply chain security

https://www.helpnetsecurity.com/2019/01/10/supply-chain-security/

Excerpt:

“Though the manufacturing sector does not attract the sheer volume of total cyberattacks as other areas of the economy, research has shown that coordinated cyber espionage targets manufacturing more than any other sector.”


Worldwide spending on IoT to reach $745 billion in 2019

https://www.helpnetsecurity.com/2019/01/09/worldwide-iot-spending-2019/

Excerpt:

“Worldwide spending on the Internet of Things (IoT) is forecast to reach $745 billion in 2019, an increase of 15.4% over the $646 billion spent in 2018, according to IDC. IDC expects worldwide IoT spending will maintain a double-digit annual growth rate throughout the 2017-2022 forecast period and surpass the $1 trillion mark in 2022.”


Battling attacks from global criminal networks in the financial sector

Zeljka Zorz

https://www.helpnetsecurity.com/2019/01/09/attacks-financial-sector/

Excerpt:

“Every now and then, banks and financial institutions (and their customers) are targeted by opportunistic hackers, but they are much more worried about those that are smarter, have access to better technologies and knowledge of new techniques, and have considerable funding provided either by organized crime groups or nation-states.”


German politicians' data published online in massive breach

Hans-Edzard Busemann, Tassilo Hummel

https://www.reuters.com/article/us-germany-politics-cyber/german-politicians-data-published-online-in-massive-breach-idUSKCN1OY0IW

Excerpt:

“Personal data and documents from hundreds of German politicians and public figures including Chancellor Angela Merkel have been published online in what appears to be one of Germany’s most far-reaching data breaches.”


Marriott says 25 million passport numbers, some unencrypted, involved in massive breach

Jeff Stone

https://www.cyberscoop.com/marriott-breach-passport-numbers-revision/

Excerpt:

“Marriott International said Friday that 383 million customer records were stolen in a data breach last month, down from the hotel chain’s original estimate of 500 million.”


Nearly 5 million passengers’ data leaked from online train ticketing platforms

Jill Shen

https://technode.com/2019/01/02/beijing-police-data-leak-5-million/

Excerpt:

“Data thieves stole the personal information of nearly 5 million people from an unconfirmed number of Chinese online ticket reservation platforms, according to Beijing police, who arrested a suspect in the case.”