Saturday, December 5, 2020
ZDNet

Ransomware hits helicopter maker Kopter

Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web.
ZDNet

Ransomware gangs are now cold-calling victims if they restore from backups without paying

Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.
ZDNet

Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day

Johnson & Johnson is one of six COVID-19 research companies that have been recently targeted by North Korean state-sponsored hackers.
ZDNet

Ransomware attack cripples Vancouver public transportation agency

TransLink customers left unable to use the agency's public ticketing kiosks and cards for two days.
ZDNet

Edward Snowden asks Trump to pardon Wikileaks founder Julian Assange

Snowden claims the pardon would save Assange's life.
ZDNet

Dell announces new protections for its PC and server supply chain

Dell to start using tamper-evident seals during physical transport and provide a software reset feature to wipe hard-drives before customer deployment.
ZDNet

Data of 243 million Brazilians exposed online via website source code

The password to access a highly sensitive Ministry of Health database was stored inside a government site's source code.
ZDNet

Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain

Targets include EU directorates, companies making vaccine shipping containers, a website development firm linked to vaccine supply chains.
ZDNet

8% of all Google Play apps vulnerable to old security bug

Devs have not updated a crucial library inside their apps, leaving users exposed to dangerous attacks. Some of the vulnerable apps include Microsoft's Edge browser, Grindr, OKCupid, and Cisco Teams.
ZDNet

New TrickBot version can tamper with UEFI/BIOS firmware

New TrickBot feature scares security researchers.
ZDNet

This phishing group is targeting COVID-19 vaccine supply chains

Clues indicate state-sponsored hackers may be to blame.
ZDNet

Compounder Finance DeFi project allegedly pulls the rug from under investors, $11 million stolen

One investor is offering a $100,000 bounty leading to the unmasking of the thief, or thieves, involved.
ZDNet

Open source software security vulnerabilities exist for over four years before detection

GitHub research suggests there is a need to reduce the time between bug detection and fixes.
ZDNet

Absa bank embroiled in data leak, rogue employee accused of theft

Personal information belonging to banking customers was compromised.
ZDNet

Ivanti announces double acquisition of MobileIron, Pulse Secure in zero-trust security push

Ivanti says the deals strengthen the company in the mobile zero-trust security space.
ZDNet

Malicious npm packages caught installing remote access trojans

JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware.
ZDNet

FBI warns of email forwarding rules being abused in recent hacks

FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators."
ZDNet

Microsoft removes 18 malicious Edge extensions for injecting ads into web pages

Some extensions mimicked official apps while others copied popular Chrome extensions.
ZDNet

'Hacker_R_US' gets eight years in prison for bomb threats and DDoS extortion

'Hacker_R_US' was one of the two members of the Apophis Squad hacker group.
ZDNet

2020's worst cryptocurrency breaches, thefts, and exit scams

Cryptocurrency exchanges have felt the impact of everything from vulnerability exploit to social engineering scams over this year.
SecurityWeek

Italy Says Two Arrested for Defense Data Theft

Two people have been arrested for stealing defense data from the Italian aerospace and electronics group Leonardo, the interior ministry said on Saturday. The company has a wide range of activities from naval electronics, network and protection systems, electronic warfare...

The US Used the Patriot Act to Justify Logging Website Users

Plus: Better Twitter two-factor, a Spotify hack, and more of the week’s top security news.
ZDNet

Ransomware hits helicopter maker Kopter

Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web.
ZDNet

Ransomware gangs are now cold-calling victims if they restore from backups without paying

Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.
SC Magazine

Kmart, a vulnerable target, among those hit in Egregor ransomware attack spree

The fast-moving Egregor ransomware added Kmart to its list of retail targets, one day before the same attack group hit the Vancouver metro. The fast-moving Egregor ransomware has already hit other recognizable companies, most notably Barnes and Noble. Egregor first...