Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.
Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers. (Both companies have since patched the security flaws.) The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors' devices.
Other things to check out:
Pfizer COVID-19 vaccine data leaked by hackers | Healthcare IT News
The European Medicines Agency (EMA) has reported that some of the data on the Pfizer/BioNTech COVID-19 vaccine that was stolen during a cyber-attack in early December 2020 was released online illegally shortly after the attack.
The leak was discovered during an investigation that was launched into the attack by the EMA and law enforcement. It is claimed that evidence of the stolen data was found on various hacking forums as early as 31 December. The EMA stated yesterday (13 January) that action is being taken by authorities.
Georgia Senate: Hackers block online access to Warnock's MLK Shabbat service in Atlanta
Suspected Russian hacking campaign hit over 40 organizations, Microsoft says
The suspected Russian hacking campaign that has torn through the U.S. government zeroed in on more than 40 organizations, Microsoft's president said Thursday.
The campaign, which U.S. officials believe is the work of Russian intelligence, began at least as early as March , though it was discovered only last week, and has broken into multiple federal agencies.
A multi-agency statement described it this week as " ongoing ," leaving open the question of how many organizations were compromised and how badly.
Other things to check out:
Hackers leak medical records of truckers, rail workers - FreightWaves
UPS ( NYSE: UPS ) and Norfolk Southern ( NYSE: NSC ) said they are looking into whether employee health data was compromised after hackers posted medical records of truck drivers and rail workers to a leak site following an apparent ransomware attack and data breach at a Virginia-based occupational healthcare provider.
It was not immediately clear how many UPS and Norfolk Southern personnel were affected by the leak of over 3,000 files from occupational health provider Taylor Made Diagnostics on Jan. 8. But FreightWaves found multiple health records for employees from both firms, in addition to multiple smaller trucking companies, U.S. government agencies and defense contractors from as recently as December 2020.
When hackers can take your nether regions hostage, something has gone very wrong | Arwa Mahdawi |
As Understanding of Russian Hacking Grows, So Does Alarm - The New York Times
On Election Day, General Paul M. Nakasone, the nation's top cyberwarrior, reported that the battle against Russian interference in the presidential campaign had posted major successes and exposed the other side's online weapons, tools and tradecraft.
* * *
Eight weeks later, General Nakasone and other American officials responsible for cybersecurity are now consumed by what they missed for at least nine months: a hacking , now believed to have affected upward of 250 federal agencies and businesses, that Russia aimed not at the election system but at the rest of the United States government and many large American corporations.
Widely Used Software Company May Be Entry Point for Huge U.S. Hacking - The New York Times
American intelligence agencies and private cybersecurity investigators are examining the role of a widely used software company, JetBrains, in the far-reaching Russian hacking of federal agencies, private corporations and United States infrastructure, according to officials and executives briefed on the inquiry.
Officials are investigating whether the company, founded by three Russian engineers in the Czech Republic with research labs in Russia, was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies. Security experts warn that the monthslong intrusion could be the biggest breach of United States networks in history.
Happening on Twitter
Hackers used 4 zero-days to infect Windows and Android devices https://t.co/mlxw9CpOo9 by @dangoodin001 arstechnica (from NYC - Boston - Chicago - SF) Wed Jan 13 21:27:02 +0000 2021
No comments:
Post a Comment