A global phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, IBM security researchers say.
In a blog post , analysts Claire Zaboeva and Melissa Frydrych of IBM X-Force IRIS announced that the phishing campaign spans six regions: Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan.
The campaign appears to be focused on the "cold chain," the segment of the vaccine supply chain that keeps doses cold during their storage and transportation. Some vaccines need to stay at extremely low temperatures in order to remain potent. Pfizer, for example, recommends that their COVID-19 vaccine be stored at negative 70 degrees Celsius ( colder than winter in Antarctica ).
And here's another article:
North Korean Hackers Are Said to Have Targeted Companies Working on Covid-19 Vaccines - WSJ
SEOUL—North Korean hackers have targeted at least six pharmaceutical companies in the U.S., the U.K. and South Korea working on Covid-19 treatments, according to people familiar with the matter, as the regime seeks sensitive information it could sell or weaponize.
North Korea had also tried infiltrating U.K.-based AstraZeneca PLC, whose vaccine co-developed with the University of Oxford, has been shown to be as much as 90% effective and is seeking emergency approval, the people said. On Friday, Reuters reported that suspected North Korean hackers had tried to break into the systems of AstraZeneca, citing unnamed sources.
Subscribe to read | Financial Times
Hackers Are Targeting US Think Tanks - Infosecurity Magazine
Think tanks in the United States have been cautioned that they are being actively targeted by advanced persistent threat (APT) actors.
The warning was issued yesterday by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
CISA and the FBI advised America's think tanks to develop network defense procedures after observing APT actors performing "persistent continued cyber intrusions."
Quite a lot has been going on:
Meet the hackers who earn millions for saving the web, one bug at a time | ZDNet
One of her friends had signed her up for an event in London, where hackers aim to find the vulnerabilities in a particular piece of software.
Without any experience of cybersecurity, beyond being a programmer and developer, she found one bug - and then another. "To be fair, I thought it was a fluke," she says. But since then she's found 30 more security bugs.
* * *
"You feel like a detective, going in rooting around and saying, 'That looks interesting', and having a stream of clues," she says. "And, when you get all the pieces neatly together, and it works and there's a bug there – it's the most thrilling experience ever."
Account Hijacking Site OGUsers Hacked, Again — Krebs on Security
For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked.
An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment.
But unlike in previous breaches at OGUsers, the perpetrators of this latest incident have not yet released the forum database. In the meantime, someone has been taunting forum members, saying they can have their profiles and private messages removed from an impending database leak by paying between $50 and $100.
'Hacker collective' member sentenced to nearly 8 years
A North Carolina man who was part of a "hacker collective" and involved in threats to dozens of school districts and other crimes was sentenced to nearly eight years in prison Monday, officials said .
Timothy Dalton Vaughn, 22, was a member of "Apophis Squad," which prosecutors described as a group of computer hackers and swatters, and went by online names that included "WantedbyFeds."
He and others sent threats to more than 80 school districts; Vaughn helped report a fake hijacking of a London-to-San Francisco plane; he also tried to extort around $20,000 in the cryptocurrency bitcoin from a California business and when he was refused he made the company's website inaccessible, federal prosecutors said.
This incredible exploit could have let hackers remotely own iPhones without even touching them -
While Beer says he has "no evidence that these issues were exploited in the wild" and admits it took him six whole months to sniff out, verify and demonstrate this exploit — and while it's been patched as of May — he suggests we shouldn't take the existence of such a hack lightly:
Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into close contact with.
Happening on Twitter
Nation-state hackers are targeting companies responsible for storing and distributing the #COVIDー19 vaccine. Read… https://t.co/tVDC4rGs3Q TheHackersNews (from The Internet) Fri Dec 04 09:25:05 +0000 2020
"Hackers, assumed to be state agents, have been carrying out a global phishing campaign targeting the vital 'cold c… https://t.co/656uSCBbF5 histoftech (from Chicago, IL) Sun Dec 06 00:42:36 +0000 2020
