US Treasury and SolarWinds
Russian hackers have been monitoring internal email traffic at the US Treasury and Commerce departments, and potentially other organizations. The intruders tampered with software updates released by SolarWinds, a cybersecurity firm whose products monitor the health of IT networks. It is used by organizations as diverse as governments and multinationals. Krebs on Security: https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
Global GDP
According to a new study, worldwide losses from cybercrime total more than $1 trillion a year, equivalent to over 1% of global GDP. Infosecurity:https://www.infosecurity-magazine.com/news/cybercrime-costs-1trillion/
RMD Kwikform
This British engineering-services firm is investigating a security breach that occurred in November. BBC: https://www.bbc.com/news/uk-england-birmingham-55208202
Shirbit
Israeli insurance-company Shirbit experienced a data breach, and the hackers have already released documents containing personal information on Shirbit employees and customers. So far the company has refused to pay the $1m bitcoin ransom demand. I24: https://www.i24news.tv/en/news/israel/1607253802-shirbit-declines-to-pay-hackers-as-it-faces-further-threats-of-leaked-documents-increased-ransom
Ransomware tactics
Some ransomware gangs are now cold-calling their victims if they suspect the hacked entity might restore from a backup and avoid paying ransom demands. ZDNet: https://www.zdnet.com/article/ransomware-gangs-are-now-cold-calling-victims-if-they-restore-from-backups-without-paying/
D-Link VPN routers
Some D-Link VPN router models are vulnerable to three high-severity security vulnerabilities. The Hacker News: https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html
Microsoft Teams
A no-click remote code execution bug in Microsoft Teams desktop apps enables hackers to execute arbitrary code by sending a specially-crafted chat message. The Hacker News: https://thehackernews.com/2020/12/zero-click-wormable-rce-vulnerability.html
FireEye
A well-known cybersecurity company that works with government agencies and companies worldwide announced that it had been hacked, and the (probably Russian) nation-state actors had taken red-team pentest tools that can mount sophisticated new attacks. New York Times: https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html?referringSource=articleShare
Zebrocy malware
A Russian hacker is leveraging COVID for phishing lures to deliver a Go version of Zebrocy malware. The Hacker News: https://thehackernews.com/2020/12/russian-apt28-hackers-using-covid-19-as.html
AMNESIA:33
Researchers discovered 33 vulnerabilities in TCP/IP stacks that could impact millions of IoT and embedded devices. The Hacker News: https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html
Randstad
One of the world’s leading recruitment agencies fell victim to a ransomware attack, and the hackers accessed sensitive data. Graham Cluley: https://grahamcluley.com/recruitment-giant-randstad-hit-by-ransomware-sensitive-data-stolen/
Foxconn
Hackers hit electronics manufacturer Foxconn with DoppelPaymer ransomware last month. The hackers are demanding $34m in ransom. Hot for Security:https://hotforsecurity.bitdefender.com/blog/foxconn-hit-with-record-breaking-34-million-ransom-demand-after-cyber-attack-24797.html
Steam
Critical flaws in a core networking library in Valve’s Steam online-gaming platform could enable hackers to crash games and take over third-party game servers remotely. The Hacker News: https://thehackernews.com/2020/12/valves-steam-server-bugs-couldve-let.html
Embraer
Brazilian airplane maker Embraer experienced a ransomware attack last month. The hackers leaked private files after the company refused to negotiate and instead restored systems from backups. ZDNet: https://www.zdnet.com/article/hackers-leak-data-from-embraer-worlds-third-largest-airplane-maker/
Long Beach, NY
Hackers targeted the city of Long Beach with a cyberattack that forced the city to shut down its computer network. Patch: https://patch.com/new-york/longbeach/long-beach-computer-network-shut-down-after-cyber-attack-found
Cisco Jabber
Cisco fixed four previously disclosed bugs in its Jabber video-conferencing app that were inadequately addressed the first time. The Hacker News:https://thehackernews.com/2020/12/cisco-reissues-patches-for-critical.html
APT32 hackers
Researchers from Facebook linked the activities of a Vietnamese hacker to an IT company in the country. The criminal is part of a hacking group that has been running espionage campaigns since 2012. The Hacker News: https://thehackernews.com/2020/12/facebook-tracks-apt32-oceanlotus.html
MySQL
More than 85,000 MySQL databases are on sale on the dark web for $550 per database. The hacked databases are a part of a ransom scheme where hackers download tables, delete the originals, and leave ransom notes behind. ZDNet: https://www.zdnet.com/article/hackers-are-selling-more-than-85000-sql-databases-on-a-dark-web-portal/
Ledger
Hackers are targeting users of the Ledger cryptocurrency wallet with fake data-breach notifications to steal cryptocurrency from their victims. Bleeping Computer: https://www.bleepingcomputer.com/news/security/fake-data-breach-alerts-used-to-steal-ledger-cryptocurrency-wallets/
UiPath
A startup that makes robotics automation software is emailing users about a security incident that exposed their personal information online. ZDNet:https://www.zdnet.com/article/robotics-unicorn-uipath-discloses-data-breach/