Attacks on IoT devices continue to escalate

https://www.helpnetsecurity.com/2020/10/28/attacks-on-iot-devices-continue-to-escalate/

Excerpt:

“Attacks on IoT devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, according to Nokia.”


Donald Trump’s website briefly defaced by cryptocurrency scammers

Graham Cluley

https://grahamcluley.com/donald-trumps-website-briefly-defaced-by-cryptomining-scammers/

Excerpt:

“Donald Trump’s official presidential re-election campaign website was briefly defaced by hackers last night.


The Russian Hackers Playing 'Chekhov's Gun' With US Infrastructure

Andy Greenberg

https://www.wired.com/story/berserk-bear-russia-infrastructure-hacking/

Excerpt:

“Last week the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published an advisory warning that a group known as Berserk Bear—or alternately Energetic Bear, TEMP.Isotope, and Dragonfly—had carried out a broad hacking campaign against US state, local, territorial, and tribal government agencies, as well as aviation sector targets. The hackers breached the networks of at least two of those victims.”


Amazon sacks insiders over data leak, alerts customers

Ax Sharma

https://www.bleepingcomputer.com/news/security/amazon-sacks-insiders-over-data-leak-alerts-customers/

Excerpt:

“Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies.”


Ransomware attack disabled Georgia County Election database

Pierluigi Paganini

https://securityaffairs.co/wordpress/109983/cyber-crime/ransomware-attack-georgia-county-election-db.html

Excerpt:

“A ransomware attack hit a Georgia county government early this month and disabled a database used to verify voter signatures in the authentication of absentee ballots. It is a common process to validate absentee ballots sent by mail by analyzing signatures.”


Dr Reddy's: Covid vaccine-maker suffers cyber-attack

Joe Tidy

https://www.bbc.com/news/technology-54642870

Excerpt:

“Pharmaceutical company Dr Reddy's, which is developing a Covid-19 vaccine, says it has been hit by a cyber-attack.”


Harvest Finance puts $100K bounty on alleged hacker

Helen Partz

https://cointelegraph.com/news/harvest-finance-puts-100k-bounty-on-alleged-hacker

Excerpt:

“Harvest Finance, a major decentralized finance protocol, has seemingly issued a $100,000 bounty in the aftermath of a $24 millon attack targeting its liquidity pools.”


Hackers breach psychotherapy center, use stolen health data to blackmail patients

Zeljka Zorz

https://www.helpnetsecurity.com/2020/10/26/data-breach-psychotherapy-center/

Excerpt:

“News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released.”


63 billion credential stuffing attacks hit retail, hospitality, travel industries

https://www.helpnetsecurity.com/2020/10/23/63-billion-credential-stuffing-attacks-hit-retail-hospitality-travel-industries/

Excerpt:

“Akamai published a report detailing criminal activity targeting the retail, travel, and hospitality industries with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft.”


Berlin to Give Secret Services Access to Encrypted Conversations

AFP

https://www.securityweek.com/berlin-give-secret-services-access-encrypted-conversations

Excerpt:

“The German government Wednesday agreed to allow secret services to listen in on conversations via encrypted messaging services such as Messenger or Whatsapp as a means of tackling terrorism.”


Massive US Voters and Consumers Databases Circulate Among Hackers

Ziv Mador

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/massive-us-voters-and-consumers-databases-circulate-among-hackers/

Excerpt:

“Voting in the U.S. elections started recently and there is a real concern over interference and disinformation campaigns that might impact their outcome. During investigations around the elections, the Trustwave SpiderLabs team discovered massive databases with detailed information about U.S. voters and consumers offered for sale on several hacker forums.”


Ryuk Ransomware Attacks Continue Following TrickBot Takedown Attempt

Ionut Arghire

https://www.securityweek.com/ryuk-ransomware-attacks-continue-following-trickbot-takedown-attempt

Excerpt:

“The threat actor behind the Ryuk ransomware continues to conduct attacks following the recent attempts to disrupt the TrickBot botnet, CrowdStrike reports.”


Ransomware gang donates part of ransom demands to charity organizations

Catalin Cimpanu

https://www.zdnet.com/article/ransomware-gang-donates-part-of-ransom-demands-to-charity-organizations/

Excerpt:

“A ransomware gang has donated a part of the ransom demands it extorted from victims to charity organizations.”


This new malware uses remote overlay attacks to hijack your bank account

Charlie Osborne

https://www.zdnet.com/article/this-new-malware-uses-remote-overlay-attacks-to-hijack-your-bank-account/

Excerpt:

“Researchers have uncovered a new form of malware using remote overlay attacks to strike Brazilian bank account holders.”


Barnes & Noble warns customers it has been hacked, customer data may have been accessed

Graham Cluley

https://www.tripwire.com/state-of-security/featured/barnes-noble-warns-customers-hacked-customer-data-accessed/

Excerpt:

“American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed.”


State and local governments under siege from cyber threats

https://www.helpnetsecurity.com/2020/10/15/state-local-governments-cyber-threats/

Excerpt:

“With both security budgets and talent pools negatively affected by the ongoing pandemic, state and local governments are struggling to cope with the constant wave of cyber threats more than ever before, a Deloitte study reveals.”


Self-driving cars can be forced to brake by hijacked billboards

Charlie Osborne

https://www.zdnet.com/article/self-driving-cars-can-be-forced-to-brake-by-hijacked-billboards/

Excerpt:

“Security researchers have demonstrated how hijacked billboards could be used to confuse self-driving cars -- forcing them to slam on the brakes, or worse.”


Norway blames Russia for cyber attack on Parliament

Pierluigi Paganini

https://securityaffairs.co/wordpress/109465/cyber-warfare-2/norway-blames-russia-cyber-attack.html

Excerpt:

“Norway ‘s government is blaming Russia for the cyberattack that targeted the email system of the country’s parliament this summer.”


Hacker groups chain VPN and Windows bugs to attack US government networks

Catalin Cimpanu

https://www.zdnet.com/article/hacker-groups-chain-vpn-and-windows-bugs-to-attack-us-government-networks/

Excerpt:

“Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday.”


Researchers found alleged sensitive documents of NATO and Turkey

Pierluigi Paganini

https://securityaffairs.co/wordpress/109386/breaking-news/nato-turkey-data-leak.html

Excerpt:

“Researchers from the US-based firm Cyble recently came across a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO and Havelsan (Turkish Military/defence manufacturer).”


Credit card skimmer targets virtual conference platform

Threat Intelligence Team

https://blog.malwarebytes.com/malwarebytes-news/2020/10/credit-card-skimmer-targets-virtual-conference-platform/

Excerpt:

“We’ve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others”


Phishing emails lure victims with inside info on Trump's health

Lawrence Abrams

https://www.bleepingcomputer.com/news/security/phishing-emails-lure-victims-with-inside-info-on-trumps-health/

Excerpt:

“A phishing campaign pushing a network-compromising backdoor pretends to have the inside scoop on President Trump's health after being infected with COVID-19.”


UN Shipping Agency Forced Offline After Cyber-Attack

Phil Muncaster

https://www.infosecurity-magazine.com/news/un-shipping-agency-offline/

Excerpt:

“The United Nations agency for international shipping came under cyber-attack at the end of last week, forcing a number of services offline, it has emerged.”


Huawei 'failed to improve UK security standards'

Gordon Corera

https://www.bbc.com/news/technology-54370574

Excerpt:

“Huawei has failed to adequately tackle security flaws in equipment used in the UK's telecoms networks despite previous complaints, an official report says.”


Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks

David Bisson

https://www.tripwire.com/state-of-security/security-data-protection/russian-gets-7-years-in-prison-for-linkedin-dropbox-formspring-hacks/

Excerpt:

“A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring.”


What to do first when your company suffers a ransomware attack

Graham Cluley

https://www.tripwire.com/state-of-security/featured/what-first-when-your-company-suffers-ransomware-attack/

Excerpt:

“For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals.”


70% of consumers would cut ties with doctors over unprotected health data

https://www.helpnetsecurity.com/2020/10/01/unprotected-health-data-privacy-concerns/

Excerpt:

‘There are growing privacy concerns among Americans due to COVID-19 with nearly 70 percent citing they would likely sever healthcare provider ties if they found that their personal health data was unprotected, a CynergisTek survey reveals.”