Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Lithuania Suffers "Most Complex" Cyber-attack in Years

    • On the night of December 9, cyber-criminals breached multiple content management systems to gain access to 22 different websites operated by Lithuania's public sector. The attackers then published articles containing misinformation on the sites.
    • In a statement published on Wednesday, Lithuania's defense minister, Arvydas Anušauskas, described the digital assault as one of the "biggest and most complex" cyber-attacks to hit the republic in recent years. 
    • Anušauskas added that the attack, which took place “on the eve of the government’s transition [...] was prepared in advance and with a goal in mind.”
    • Following the attack, the NKSC has submitted a number of cybersecurity recommendations to municipalities. These include actively searching for vulnerabilities, limiting access to content management systems, installing a firewall, and avoiding the use of passwords that are easy to guess. 
    - Sarah Coble | December 16, 2020
    hak-iq.us20.list-manage.comDecember 16, 2020

  • California Hospital Notifies 67k Patients of Data Breach

    • The Sonoma Valley Hospital in California has notified 67,000 patients that their personal data may have been exposed in a cyberattack on the facility. In the letter, the hospital states that it was one of several American healthcare providers targeted two months ago as part of a sweeping ransomware campaign going after hospitals.
    • The hospital states that the criminals could have accessed patients’ names, dates of births, addresses, and insurer group numbers.
    OODA Loop | December 16, 2020
    hak-iq.us20.list-manage.comDecember 16, 2020

  • Why the US government hack is literally keeping security experts awake at night

    • "I woke up in the middle of the night last night just sick to my stomach," said Theresa Payton, who served as White House Chief Information Officer under President George W. Bush. "On a scale of 1 to 10, I'm at a 9 — and it's not because of what I know; it's because of what we still don't know."
    • On Sunday evening, the Commerce Department acknowledged it had been hit by a data breach after Reuters first reported that sophisticated hackers compromised the agency through a third-party software vendor known as SolarWinds.
    • Experts are increasingly questioning the reliance of many businesses on just a handful of third-party vendors, and saying that perhaps society makes it a little too easy for data to be accessed or shared, particularly during a pandemic when working remotely is normal for countless individuals.
    CNN Business - Brian Fung | December 16, 2020
    hak-iq.us20.list-manage.comDecember 16, 2020

  • Russia's Alleged SolarWinds Cyber Attack Likely to Provoke Tough Western Response

    • Russian fingerprints are said to be all over the hack of SolarWinds software used by U.S. government networks, including the Treasury and Commerce Departments, the Department of Home Security (DHS), and several others.
    • Recent western efforts to contain Russia's behavior, such as the expulsion of diplomats, appear to have had little success.
    • Cybersecurity expert Dmitri Alperovitch told the Associated Press that the hack which compromised the corporate software management tool SolarWinds could be "one of the most impactful" espionage campaigns ever.
    • The next move by the U.S. could depend on whether Russia had simply carried out a clandestine information gathering hack or made a definite move to destabilize the country.
    - Brendan Cole | December 15, 2020
    hak-iq.us20.list-manage.comDecember 15, 2020

  • 'Massively disruptive' cyber crisis engulfs multiple agencies

    • The sophisticated cyber campaign that breached email accounts across the federal government created a deepening crisis Monday as signs multiplied about the scope of the foreign intruders’ reach.
    • Agencies throughout the government scrambled Monday to assess the full scope of the breaches, as did executives in industries including energy and health care.
    • The Trump administration suspects that the campaign is the work of Russia’s foreign intelligence service, the SVR, according to a second U.S. official, who also requested anonymity to speak freely. The SVR unit dubbed “Cozy Bear” was one of the teams that hacked the Democratic National Committee during the 2016 cycle.
    • Investigators believe that the hackers added malicious code to software updates for an IT product used across the federal government, used that code to pry open doors into agency networks and then used a sophisticated technique to access federal workers’ emails.
    - Eric Geller | December 14, 2020
    hak-iq.us20.list-manage.comDecember 14, 2020

  • Do I Need To Reset My Spotify Password After Latest Data Breach?

    • At least 300,000 Spotify accounts are thought to have been hacked earlier this year, with email addresses, login credentials, and other user data exposed.
    • California law requires organizations to notify residents whose unencrypted personal information may reasonably have been accessed by unauthorized parties.
    • The sample notification is dated December 9, 2020, but, in it, Spotify estimates that the security vulnerability dates back to April 9, 2020, and says that it was discovered on November 12, 2020.
    • It states that registration information of users affected — including their email address, preferred display name, password, gender, and date of birth — may have been exposed to certain business partners.
    RANT
    hak-iq.us20.list-manage.comDecember 14, 2020

  • 2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic

    • 2020 will also be remembered as the year that security events exploded and cyberincidents transformed society in numerous ways.
    • Some experts argue that technology has been a silver lining during this pandemic, since so many communication, business and personal interactions moved online without significant outages or business impacts for 80 percent of the economy (excluding travel, hotels, restaurants, etc.).
    • In a sense, cyberspace has stepped up to the challenges brought by COVID-19 in ways that did not (and could not) happen during the last major pandemic in 1918.
    • "We’re sleepwalking into a world where our most sensitive personal and biometric data will soon be at the mercy of private companies, security agencies, and even cybercriminals." - unnamed expert
    Government Technology - Dan Lohrmann | December 12, 2020
    hak-iq.us20.list-manage.comDecember 12, 2020

  • FireEye’s stolen Pentesting Tools & the vulnerabilities they target

    • US Cybersecurity firm FireEye was attacked by a nation-state group who stole their pentesting tools. The ramification of such a breach is monumental because FireEye’s ‘red team’ tools are used by their team to assess evolving zero-day security threats.
    • A few key findings from our analysis of these vulnerabilities –
    CSW - Sumeetha | December 10, 2020
    hak-iq.us20.list-manage.comDecember 10, 2020

  • FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State

    • For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be.
    • FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.
    • Security firms have been a frequent target for nation-states and hackers, in part because their tools maintain a deep level of access to corporate and government clients all over the world. By hacking into those tools and stealing source code, spies and hackers can gain a foothold to victims’ systems.
    - David E. Sanger and Nicole Perlroth | December 8, 2020
    hak-iq.us20.list-manage.comDecember 8, 2020

  • Foxconn electronics giant hit by ransomware, $34 million ransom

    • Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices.
    • Foxconn is the largest electronics manufacturing company globally, with recorded revenue of $172 billion in 2019 and over 800,000 employees worldwide. Foxconn subsidiaries include Sharp Corporation, Innolux, FIH Mobile, and Belkin.
    • In an interview with DoppelPaymer, the ransomware gang confirmed that they attacked Foxconn's North America facility on November 29th but did not attack the whole company.
    • The threat actors are demanding a 1804.0955 BTC ransom, or approximately $34,686,000 at today's bitcoin prices.
    • Ransom note above
    - Lawrence Abrams | December 7, 2020
    hak-iq.us20.list-manage.comDecember 7, 2020

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence