Gitpaste-12 botnet
A wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners is targeting Linux servers and IoT devices. The Hacker News:https://thehackernews.com/2020/12/wormable-gitpaste-12-botnet-returns-to.html
SolarWinds
Around 18,000 of SolarWind’s high-profile customers have installed a version of its Orion Products with a malicious backdoor. The HackerNews: https://thehackernews.com/2020/12/nearly-18000-solarwinds-customers.html
Communist Party of China
Sensitive data on 2m members of the Communist Party of China was leaked. The information includes official records such as party position, birthday and ethnicity. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/data-leak-chinese-communist-party/
5G network flaws
Researchers discovered several exploitable weaknesses in 5G networks that could carry out DoS attacks and intercept data traffic. The Hacker News:https://thehackernews.com/2020/12/new-5g-network-flaws-let-attackers.html
Spotify
Spotify alerted users that their data was exposed to a third-party partner in the streaming service’s third breach in less than a month. Threatpost:https://threatpost.com/spotify-changes-passwords-data-breach/162256/
Desjardins Group
Quebec privacy commissioners reported that a 2019 data breach at Canada’s Desjardins Group, a financial-services company, was caused by lax administrative and technological safeguards. IT World Canada: https://www.itworldcanada.com/article/breaking-desjardins-at-fault-for-huge-data-breach-say-privacy-commissioners/439581
Hurtigruten
This Norwegian cruise company said that it suffered a severe ransomware attack this week that left several of its systems paralyzed. Nasdaq: https://www.nasdaq.com/articles/norwegian-cruise-liner-hurtigruten-sustains-cyber-attack-2020-12-14
Instagram click farm
Researchers discovered an Instagram click farm after uncovering a command and control server that contained data for thousands of Instagram profiles. Best Gaming Pro: https://bestgamingpro.com/massive-instagram-click-farm-found-following-data-breach/
European Medicines Agency
Europe’s drug regulator confirmed that it was hit by a cyberattack, and that some documents, including those related to COVID-19, were unlawfully accessed by a third-party. KFGO: https://kfgo.com/2020/12/11/eu-drugs-regulator-confirms-data-breach-in-cyber-attack/
Vietnam Government Certification Authority
Researchers discovered an attack targeting the Vietnam Government Certification Authority that compromised the agency’s digital-signature toolkit to install a backdoor on systems. The Hacker News: https://thehackernews.com/2020/12/software-supply-chain-attack-hits.html
Russian attacks on US federal agencies
The Energy Department and National Nuclear Security Administration found that hackers had accessed their networks, part of an extensive cyber-espionage campaign that has impacted several other federal agencies. Politico: https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855
Browser extensions
Three million people have been infected by Chrome and Edge browser extensions that steal data and redirect users to phishing sites. Researchers discovered a total of 28 extensions that contained malware. Ars Technica: https://arstechnica.com/information-technology/2020/12/up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons/
RAM as wireless emitter
Researchers published a new technique that converts a RAM card into a wireless emitter that could transmit sensitive data from inside non-networked air-gapped computers. ZDNet: https://www.zdnet.com/article/academics-turn-ram-into-wifi-cards-to-steal-data-from-air-gapped-systems/
Microsoft
Microsoft made a statement saying that it had detected malicious SolarWinds binaries in its environment. The Hacker News: https://thehackernews.com/2020/12/microsoft-says-its-systems-were-also.html
University of Vermont hospital
An October cyberattack is costing the University of Vermont Medical Center $1.5m a day in lost revenue and recovery costs. Insurance Journal: https://www.insurancejournal.com/news/east/2020/12/15/593996.htm
Lithuania
Lithuania’s defense minister announced that hackers hit the country with one of the “most complex” cybersecurity attacks in recent history. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/lithuania-cyberattack/