Snatch ransomware
Cybersecurity researchers found a new variant of the Snatch ransomware infecting Windows computers. Snatch runs in Safe Mode to avoid antivirus detection. To read more: https://thehackernews.com/2019/12/snatch-ransomware-safe-mode.html
BMW and Hyundai
Hackers with ties to the Vietnamese government breached BMW and Hyundai. The attackers installed a pen-testing toolkit on infected hosts to backdoor into the compromised network. To read more: https://www.zdnet.com/article/bmw-and-hyundai-hacked-by-vietnamese-hackers-report-claims/
macOS
Researchers caught a hacking group attempting to put a fileless Trojan, disguised as a cryptocurrency trading application, on Apple macOS computers. To read more: https://nakedsecurity.sophos.com/2019/12/06/mac-users-targetted-by-lazarus-fileless-trojan/
iPR Software
Researchers discovered a misconfigured AWS S3 bucket that belongs to iPR Software, a hosted CMS platform for online newsrooms. The database contained sensitive documents belonging to GE, Dunkin’ Donuts, Forever 21, and others. To read more: https://threatpost.com/ge-dunkin-forever21-internal-doc-leak/150920/
Complete Technology Solutions
Hackers broke through the network of a Colorado-based IT company and installed ransomware on computers at more than 100 dentists who use the company for IT services. To read more: https://krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/
Airtel
A security vulnerability in Airtel’s mobile application exposed the data of 32 core subscribers of what is the third-largest telecom service provider in India. To read more: https://www.businessinsider.in/tech/news/airtel-data-breach-exposes-personal-data-of-32-crore-subscribers/articleshow/72428075.cms
Pensacola
The city of Pensacola experienced a cyberattack that took several services offline. Officials are unsure whether the incident is related to the shooting at Pensacola Naval Air Station. To read more:https://www.cnn.com/2019/12/09/us/pensacola-cyber-attack/index.html
STCS
A Saudi Arabian telecom company exposed a server containing thousands of continuously updated GPS locations. The server contained an instance of Kibana, software used for sorting and visualizing data entries. To read more:https://www.vice.com/en_us/article/3kxxe9/saudi-telecom-stcs-exposed-gps-locations
PlunderVolt
Researchers discovered a new attack called Plundervolt that relies on how modern processors allow frequency and voltage to be adjusted when needed to induce errors in the memory by flipping bits. The attack, which is similar to Spectre, injects faults in the CPU before they get written to memory. To read more: https://thehackernews.com/2019/12/intel-sgx-voltage-attack.html
Windows
Microsoft patched a Windows zero-day vulnerability that attackers are exploiting in the wild alongside a Chrome exploit to take control of vulnerable devices. To read more: https://thehackernews.com/2019/12/windows-zero-day-patch.html
Adobe
Adobe released updates for Acrobat, Photoshop, ColdFusion and Brackets to patch 25 security vulnerabilities. To read more: https://thehackernews.com/2019/12/adobe-software-update.html
https://upscri.be/9816bc
Birth certificates
A company that enables users to obtain a copy of their birth certificates from US state governments left an AWS S3 bucket open online. The bucket contained more than 752,000 birth certificates. To read more: https://techcrunch.com/2019/12/09/birth-certificate-applications-exposed/
Cherokee Indians
Ransomware targeted the computer networks and websites for the Eastern Band of Cherokee Indians. To read more: https://www.charlotteobserver.com/news/state/north-carolina/article238221444.html
Zeppelin ransomware
A new variant of Vega ransomware called Zeppelin is targeting healthcare companies around the world. Zeppelin is deployed as an EXE, DLL, or wrapped in a PowerShell loader and logs IPs of victim machines. To read more:https://thehackernews.com/2019/12/zeppelin-ransomware-attacks.html
DroneSense
This company, which sells a drone platform to government, law enforcement and private clients, exposed a database of customer information. The data gives in-depth insights into how police departments are using drones, potentially putting the integrity of law-enforcement investigations at risk. To read more: https://www.vice.com/en_us/article/qjdddp/data-shows-where-police-fly-drones-dronesense
Ring
A hacker broke into a Ring security camera installed in the bedroom of three children and spoke through the device to one of the girls. To read more:https://www.vice.com/en_us/article/3a88k5/how-hackers-are-breaking-into-ring-cameras
iPhone encryption key
Researchers accused Apple of abusing the Digital Millennium Copyright Act to take down a tweet and Reddit posts that discussed techniques to hack iPhones. A researcher posted an encryption key that could be used to reverse engineer the Secure Enclave Processor in iPhones on Twitter. To read more: https://www.vice.com/en_us/article/pkeeay/apple-dmca-take-down-tweet-containing-an-iphone-encryption-key
Elementor and Beaver addons
WordPress websites with the Elementor and Beaver plugins installed are vulnerable to hacks. Hackers started exploiting the vulnerability in the wild two days after discovery to install malicious backdoors on websites. To read more: https://thehackernews.com/2019/12/wordpress-elementor-beaver.html
Siemens
Researchers reported 54 bugs in a Siemens industrial-control system, which is mostly used by fossil-fuel and large-scale renewable power plants. To read more: https://www.theregister.co.uk/2019/12/13/siemens_security_advisory/
Echobot botnet
Echobot was updated to include 77 new exploits that enable remote code execution. The exploits impact routers, IP cameras, VoIP phones, smart home hubs, and other IoT devices. To read more: https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
Node.js Package Manager (Npm)
The Npm team issued a security alert advising all users to update to the latest version to stop binary planting attacks. The Npm command-line interface client was vulnerable to a file traversal, and an arbitrary overwrite issue where an attacker could plant malicious binaries on a user’s computer. To read more: https://www.zdnet.com/article/npm-team-warns-of-new-binary-planting-bug/