<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/10/2020



Israel shaken by data leak after ransomware attack at Shirbit insurance company

A hacking gang calling itself Black Shadow has demanded a giant insurance firm pay a US $3.8 million ransom after encrypting and stealing sensitive data and documents about its clients. Customers of the victim, Israel's Shirbit insurance company, have been advised to consider obtaining new identity cards and driving licenses due to the risk of identity theft after the hackers released a third wave of stolen data this past weekend. Leaked data has included scans of identity cards... READ MORE...


Hackers can use WinZip insecure server connection to drop malware

The server-client communication in certain versions of the WinZip file compression tool is insecure and could be modified to serve malware or fraudulent content to users. WinZip has been a long standing utility for Windows users with file archiving needs beyond the support built in the operating system. Initially released almost 30 years ago, the tool now has versions for macOS, Android, and iOS, as well as an enterprise edition that adds collaboration features. READ MORE...

Suspect in case of Mirai botnet, which knocked major sites offline in 2016, pleads guilty

The U.S. Department of Justice on Wednesday announced that an unnamed defendant has pleaded guilty in connection with a cyberattack that rocked the internet in 2016. The October 2016 distributed denial-of-service attack affected Dyn, an internet infrastructure company, before rippling out to cause outages for sites including Twitter, Netflix, Spotify, AirBnb and Reddit, among others. DDoS attacks typically occur when attackers access a network of hacked computers. READ MORE...

Hackers leverage Facebook, Dropbox to spy on Egypt, Palestinians

An Arabic-speaking hacking group that's used phishing emails laden with sensational headlines focused on the Middle East to spy on government officials is leveraging recent diplomatic activity to conduct espionage. Operatives with the group, known as MoleRATs, used mainstream technology services like Facebook and Dropbox to obscure their malicious activity and exfiltrate data, according Cybereason, the security company that published details on the activity on Wednesday. READ MORE...

Vaccine Documents Hacked as West Grapples With Virus Surge

Documents related to the Pfizer coronavirus vaccine were illegally accessed during a cyberattack at the EU regulator, the company said Wednesday, as Germany and other northern hemisphere countries grappled with a winter surge in the pandemic. The Amsterdam-based European Medicines Agency (EMA) reported the cyberattack as European countries eagerly await a vaccine, including Germany where Chancellor Angela Merkel is pushing for tougher action against a second wave of Covid-19. READ MORE...


Misery of Ransomware Hits Hospitals the Hardest

Despite hospitals being on the front lines during the pandemic, bad actors have continued to target them with ransomware. In addition to wreaking havoc on operational processes in medical facilities at the worst possible time, the attacks have evolved to threaten patient safety. In September, employees at Universal Health Services (UHS), a Fortune-500 owner of a nationwide network of hospitals, reported widespread outages that resulted in delayed lab results. READ MORE...

Russian Cyberspies Use COVID-19 Vaccine Lures to Deliver Malware

The Russia-linked cyberspy group known as Zebrocy has adopted COVID-19 vaccine-related lures in a recently observed phishing campaign, threat detection and response company Intezer reported on Wednesday. Initially detailed in 2018, Zebrocy is believed to be associated with the infamous Russian state-sponsored hacking group Sofacy (also tracked as APT28, Fancy Bear, Pawn Storm, Sednit, and Strontium). READ MORE...


Critical Steam Flaws Could Let Gamers Crash Opponents' Computers

Game developer Valve has fixed critical four bugs in its popular Steam online game platform. If exploited, the flaws could allow a remote attacker to crash an opponent's game client, take over the computer - and hijack all computers connected to a third-party game server. Steam is utilized by more than 25 million users, and serves as a platform for a number of wildly popular video games, including Counter Strike: Global Offensive, Dota2 and Half Life. READ MORE...

On This Date

  • ...in 1815, mathematician and writer Ada Lovelace, regarded by many as the world's first computer programmer, is born in Nottingham, England.
  • ...in 1884, Mark Twain's satirical novel "Adventures of Huckleberry Finn" is first published.
  • ...in 1901, the first Nobel Prize ceremony is held in Stockholm, Sweden, on the fifth anniversary of founder Alfred Nobel's death.
  • ...in 1978, Richard Donner's "Superman" starring Christopher Reeve, Margot Kidder, and Gene Hackman premieres at the Kennedy Center.