E-commerce hackers
Researchers discovered that hackers are hiding malicious code implants in the metadata of image files to steal payment card information. The Hacker News:https://thehackernews.com/2020/06/image-credit-card-skimmers.html
Roblox
Hackers post “Vote for Trump” messages on the Roblox gaming platform, which has 90m users. Forbes:
University of California San Francisco
UCSF paid a $1m ransom to recover medical-school data from hackers; the school is the third university targeted by cyberattacks in the past two months. The Mercury News:
Lenovo
Old Lenovo devices are being targeted by hackers who are blackmailing victims for $200-$275 to return their data. TechTimes:
Apache Guacamole
Researchers discovered multiple reverse RDP vulnerabilities in Apache Guacamole, a remote-desktop application used by system administrators. The Hacker News:https://thehackernews.com/2020/07/apache-guacamole-hacking.html
Microsoft
Microsoft released out-of-band software updates to patch two vulnerabilities in Windows 10 and various Windows Server editions. The Hacker News: https://thehackernews.com/2020/07/windows-security-update.html
macOS
Researchers discovered a new type of ransomware targeting macOS users that spreads through pirated apps. The Hacker News: https://thehackernews.com/2020/07/macos-ransomware-attack.html
Arizona schools
An analysis of 15 years of school-data breaches identified Arizona as a top target with more than 2.8m private records leaked. Patch:
https://patch.com/arizona/across-az/az-data-breaches-leaked-2-8-million-school-records-2005-report
V Shred
Customer data belonging to fitness company V Shred was exposed online due to misconfigured cloud storage. SiliconAngle: https://siliconangle.com/2020/07/02/customer-data-fitness-company-v-shred-exposed-misconfigured-cloud-storage/
Knoxville Police Department
This Tennessee police department regained access to its in-car computers two weeks after a ransomware attack shut down IT systems. Knox News: https://www.knoxnews.com/story/news/local/2020/06/30/knoxville-police-regain-computer-system-access-after-ransomware-attack/5350331002/
Heartland Farm Mutual
This Waterloo, Canada-based insurance company announced that it had experienced a data breach involving access to an employee’s email. Global News:https://globalnews.ca/news/7124198/heartland-farm-mutual-data-breach/
BMW
The personal information of 400,000 UK-based BMW customers is available for sale on an online black market. Tom’s Guide: https://www.tomsguide.com/news/bmw-call-centre-data-breach
MongoDB
A hacker that uploaded ransomware on 23,000 unprotected MongoDB databases gave victims an ultimatum: pay up, or be reported to the European Commission for breaching its General Data Protection Regulation (which applies globally, and could impose hefty fines). SCMagazine:https://www.scmagazine.com/home/security-news/mongodb-hacker-threatens-to-report-breach-to-gdpr/
F5 Networks
F5 Networks, an application-services company, is urging customers to patch a security vulnerability in its BIG-IP networking product immediately. ZDNet: https://www.zdnet.com/article/f5-patches-vulnerability-that-received-a-cvss-10-severity-score/