Indian start-ups
India’s National Cyber Security Coordinator said that every day there are 375 cyberattacks in India, with start-ups and SMEs the most common targets. WhiteHat Jr, Big Basket and Dunzo are a few such firms whose data was compromised in attacks. Business Insider: https://www.businessinsider.in/business/startups/news/from-whitehat-jr-big-basket-and-unacademy-to-dunzo-these-are-the-indian-startups-that-reported-data-leaks-over-the-past-few-months/slidelist/79467618.cms#slideid=79467641
Lab scientists
Security researchers discovered a remote, trojan-based cyberattack that could enable hackers to trick scientists into creating real-world toxins and viruses by using the victim’s computer to replace short DNA sub-strings with malicious code. The Next Web: https://thenextweb.com/neural/2020/11/30/study-security-flaw-could-allow-hackers-to-trick-lab-scientists-into-making-viruses/
Bismuth
A hacking group known as Bismuth, with links to the Vietnamese government, is hiding behind coin-miners to target private-sector and government institutions in both France and Vietnam. The Hacker News: https://thehackernews.com/2020/12/nation-state-hackers-caught-hiding.html
Crutch malware
Researchers discovered that Russian backdoor and document-stealing malware, code-named Crutch, has been deployed against governments, embassies and military organizations from 2015 to 2020. The Hacker News: https://thehackernews.com/2020/12/experts-uncover-crutch-russian-malware.html
npm packages
The security team behind the npm repository for JavaScript libraries removed two malicious code packages that were installing a remote access trojan on victims’ computers. ZDNet: https://www.zdnet.com/article/malicious-npm-packages-caught-installing-remote-access-trojans/
iOS exploit
A security researcher found that he could remotely trigger an unauthenticated kernel-memory-corruption vulnerability that would cause all iOS devices in radio proximity to reboot. Google Project Zero:https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html?m=1
COVID vaccine
Nation-state hackers are attacking the delivery “cold chain” used to keep COVID vaccines at the correct temperature during transport. BBC: https://www.bbc.com/news/technology-55165552
Android apps
Several popular apps, including Bumble, OkCupid, Cisco Teams and Microsoft Edge, are using an unpatched version of Google’s app-update library, putting the personal data of millions of users at risk. The Hacker News:https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html
PowerPepper malware
Researchers discovered an in-memory Windows backdoor that can execute remote code and steal information from its targets. The Hacker News: https://thehackernews.com/2020/12/hackers-for-hire-group-develops-new.html
AstraZeneca
Hackers targeted AstraZeneca employees by acting as recruiters and contacting them through LinkedIn and WhatsApp with fake job offers. The job description documents contained malicious viruses that could enable access to the company’s systems. HRD: https://www.hcamag.com/us/news/general/vaccine-maker-astrazeneca-staff-targeted-in-cyber-attack-allege-reports/240603
nTreatment
An insecure database exposed thousands of patient records stored by nTreatment, a company that provides electronic records to doctors and psychiatrists. SiliconAngle: https://siliconangle.com/2020/12/01/patient-records-stored-electronic-health-company-found-exposed-online/
Huntsville City Schools
Huntsville City Schools in Alabama closed for an entire week due to a ransomware cyberattack that shut down in-person and virtual learning. WAFF48:https://www.waff.com/2020/12/01/huntsville-city-schools-remains-closed-this-week-due-cyber-attack/
Stuller
A Lafayette-based jewelry manufacturer, Stuller, experienced a cyberattack last weekend that is expected to cause delays to shipments. The Advocate:https://www.theadvocate.com/acadiana/news/business/article_4d51c4da-3405-11eb-b106-5719c12d1544.html
Philabundance
A Philadelphia hunger-relief group lost almost $1m in a cyberattack that took place during the summer. Philly Voice: https://www.phillyvoice.com/philabundance-cyberattack-theft-1-million-dollars/