Microsoft
Microsoft used a legal attack to disrupt Trickbot, a malware-as-a-service botnet, based on a claim that the botnet abused the software company’s trademarks. Krebs on Security: https://krebsonsecurity.com/2020/10/microsoft-uses-copyright-law-to-disrupt-trickbot-botnet/
Iran
Iran’s cybersecurity authority acknowledged two cyberattacks on government departments this week. The Washington Post: https://www.washingtonpost.com/world/middle_east/iran-acknowledges-cyberattacks-on-government-departments/2020/10/15/de9beb88-0ecf-11eb-b404-8d1e675ec701_story.html
New DDoS campaign
An unknown hacking group, posing as the Lazarus and Fancy Bear APT groups, is threatening organizations with DDoS attacks unless they pay a ransom. Computing: https://www.computing.co.uk/news/4021744/hackers-posing-ddos-attacks
FIN11
Researchers have identified a new hacking group, known as FIN11, that is hacking and extorting pharmaceutical and healthcare companies during the COVID-19 pandemic. Cyberscoop: https://www.cyberscoop.com/fin11-ransomware-pharma-fireeye-cybercrime/
Silent Librarian group
This Iranian advanced-persistent-threat group is targeting schools and universities around the world with spear-phishing attacks. HackRead: https://www.hackread.com/iranian-apt-group-schools-colleges-in-global-spear-phishing-attacks/
Windows “Ping of Death”
SophosLabs, a cybersecurity firm, is urging Windows 10 users to patch their systems because of a bug in the TCPIP.SYS kernel driver. Naked Security:https://nakedsecurity.sophos.com/2020/10/14/windows-ping-of-death-bug-revealed-patch-now/
State of Colorado
Thirty thousand State of Colorado employees may be impacted by a data breach that exposed personal information such as Social Security numbers. CBS Denver: https://denver.cbslocal.com/2020/10/14/data-breach-colorado-state-employees-colleges/
London Borough of Hackney
This U.K. city council was hit by a cyberattack that disrupted many of its online services. Bleeping Computer: https://www.bleepingcomputer.com/news/security/london-borough-of-hackney-suffers-serious-cyberattack/
Barnes & Noble
Barnes & Noble confirmed a cyberattack that impacted Nook services and possibly exposed customer data. ZDNet: https://www.zdnet.com/article/barnes-noble-confirms-cyberattack-customer-data-breach/
British Airways
British Airways was fined a record £20m for a data breach in 2018 — less than the £183m it was initially fined, in part because of its dire COVID-related financial situation. The Guardian: https://www.theguardian.com/business/2020/oct/16/ba-fined-record-20m-for-customer-data-breach
Bluetooth bug in Linux
Google and Intel are warning users of a high-severity Bluetooth bug in the Linux Kernel that could enable code execution by attackers within Bluetooth range. Arstechnica: https://arstechnica.com/information-technology/2020/10/google-and-intel-warn-of-high-severity-bluetooth-security-bug-in-linux/
Fairfax County Public Schools
A cyberattack on Fairfax County Public Schools in Virginia resulted in student and teacher personal information leaked on the dark web. Local DVM: https://www.localdvm.com/news/virginia/fcps-announces-student-teacher-personal-information-leaked-to-the-dark-web-after-cyber-attack/
WisePay
This school-payments company alerted parents who recently made payments to U.K. schools that their credit card details were compromised in a hack of the WisePay website. The Fintech Times: https://thefintechtimes.com/school-payments-service-wisepay-comes-under-cyber-attack/
Seyfarth Shaw
This Chicago-based international law firm confirmed that a ransomware attack impacted its IT systems. Above the Law: https://abovethelaw.com/2020/10/global-biglaw-firm-hit-by-aggressive-ransomware-attack/
Intcomex
This Miami-based tech company suffered a significant data breach in which a terabyte of its users’ data was leaked. Security Magazine: https://www.securitymagazine.com/articles/93576-miami-tech-company-intcomex-suffers-major-data-breach
Dickey’s BBQ
Researchers have linked 3m compromised payment cards found on the dark web to U.S. restaurant franchise Dickey’s Barbeque Pit. Threatpost: https://threatpost.com/dickeys-bbq-breach-jokers-stash/160211/
Manitoba hack
Hackers stole almost $450,000 in a cyberattack on a bank account belonging to a Manitoba, Canada municipality. CTV News: https://winnipeg.ctvnews.ca/nearly-450k-stolen-from-manitoba-municipality-in-cyber-attack-1.5146916