Table of Contents
Ransomware at IT Services Provider Synoptek
Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible. Synoptek has not yet responded to multiple requests for comment. But two sources who work at the company have now confirmed their employer was hit by Sodinokibi, a potent ransomware strain also known as "rEvil" that encrypts data and demands a cryptocurrency payment in return for a digital key that unlocks access to infected systems. Those sources also say the company paid their extortionists an unverified sum in exchange for decryption keys.
Windows systems at Maastricht University were infected with a ransomware
Almost all Windows systems have been affected and it is particularly difficult to use e-mail services. UM is currently working on a solution. It is currently unknown if scientific data was also accessed or exfiltrated by the attackers during the attack, prior to the systems getting encrypted with the yet unnamed ransomware strain. UM says in a new update that "education at UM can be resumed on January 6. Some important systems that are required for this will be available online again from 2 January."
U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility
The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility. While the incident is still currently being investigated, the USCG says that a phishing email is most likely the point of entry within the MTSA facility's network.
Nonprofit organization Special Olympics New York hacked and its server used to send phishing emails
Special Olympics New York provides inclusive opportunities for people with intellectual disabilities to compete in Olympic-style, coached sports. Unfortunately, the nonprofit organization was hacked during the Christmas holiday and the attackers later used its email server to launch a phishing campaign against its donors.
Multi-factor authentication isn't necessarily strong
No MFA solution is perfect, and they have been compromised in the past, but it still may be good enough. Google did a study that showed that even the relatively weak SMS based 2FA protects against all automated bot attacks and 96% of bulk phish attacks.
Software failure at the Federal Motor Vehicle Office - Cologne registration office also affected
The Federal Motor Vehicle Office currently has significant software problems with an acute complete failure of its system. In addition to other cities, this also affects the Cologne registration office. Access to the necessary data from this central register is currently not possible. According to the Federal Motor Vehicle Office, intensive work is currently being carried out on troubleshooting, but a time to restart the system cannot yet be given. There are currently around 250 people waiting in the Cologne registration office. The admissions office will - as soon as it has access to the federal data again - process all processes of those currently waiting. However, new customers cannot currently be accepted.
FIN7 Hackers' BIOLOAD Malware Drops Fresher Carbanak Backdoor
Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Dubbed BIOLOAD, the malware loader has a low detection rate and shares similarities with BOOSTWRITE, another loader recently identified to be part of FIN7's arsenal. The malware relies on a technique called binary planting that abuses a method used by Windows to search for DLLs required to load into a program. An attacker can thus increase privileges on the system or achieve persistence.
Thai Officials confirmed the hack of prison surveillance cameras and the video broadcast
Authorities in Thailand are investigating a cyber attack that resulted in the broadcast of surveillance video from inside a prison in the country’s south. Local media reported that hackers broke into the surveillance system at Lang Suan prison in the southern province of Chumphon, the video was broadcast live on YouTube for several hours. The video was published on Tuesday by an account named “BigBrother’s Gaze,” the images from several cameras showed prisoners’ operations.
Microsoft seizes web domains used by North Korean hackers
Microsoft says it has obtained a court order allowing it to seize web domains used by North Korean hacking groups to launch cyberattacks on human rights activists, researchers and others. The U.S. technology giant said a federal court allowed it to take control of 50 domains operated by a group dubbed Thallium, which tricked online users by fraudulently using Microsoft brands and trademarks. This particular North Korean-linked threat group is also known as APT37 and Group 123, and has been linked by other security researchers to various campaigns that have targeted educational institutions, as well as chemical, electronic, manufacturing, aerospace, automotive and healthcare companies around the world.
Major US companies breached, robbed, and spied on by Chinese hackers
In one of the largest-ever corporate espionage efforts, cyberattackers alleged to be working for China's intelligence services stole volumes of intellectual property, security clearance details and other records from scores of companies over the past several years. They got access to systems with prospecting secrets for mining company Rio Tinto PLC, and sensitive medical research for electronics and health-care giant Philips NV.
The Fight Against Government Face Surveillance: 2019 Year in Review
EFF has written a detailed report about government face surveillance laws in 2019.
Wyze Exposes User Data via Unsecured ElasticSearch Cluster
Smart home tech maker Wyze Labs confirmed that the user data of over 2.4 million of its users were exposed by an unsecured database connected to an Elasticsearch cluster for over three weeks, from December 4 to December 26. The company discovered the incident after receiving an inquiry from an IPVM reporter via a "support ticket at 9:21 a.m. on December 26," immediately followed by IPVM publishing a piece "at 9:35 a.m" covering the exposed database discovered by security consulting firm Twelve Security. The unsecured database did contain customer emails and camera nicknames, WiFi SSIDs, Wyze device info, roughly 24,000 tokens associated with Alexa integrations, as well as body metrics including height, weight, gender, and other health info for a small number of product beta testers.
ProtonMail Takes Aim at Google With an Encrypted Calendar
Encrypted email provider ProtonMail has officially launched its new calendar in public beta. The move is part of the Swiss company's broader push to offer privacy-focused alternatives to Google's key products
Brazil Fines Facebook $1.6 Million for Improper Sharing of User Data
Brazil's Ministry of Justice said on Monday it has fined U.S. tech giant Facebook 6.6 million reais ($1.6 million) for improperly sharing user data. From a report: The ministry's department of consumer protection said it had found that data from 443,000 Facebook users was made improperly available to developers of an App called 'thisisyourdigitallife.' The data was being shared for "questionable" purposes, the ministry said in a statement.