Security News > 2020 > October

Did you know you can join us for a live cybersecurity lecture every Friday? Thanks for watching hope to see you online later this week!

Users of the extremely popular YouTube-dl YouTube media downloader have flooded GitHub with new repositories containing the tool's source code after GitHub took down the project's repositories on Friday. On October 23, 2020, GitHub took down YouTube-dl's repositories due to a DMCA infringement notice filed by Recording Industry Association of America, an organization that represents the recording industry in the U.S. Before being removed, YouTube-dl's repo was in the top 40 most starred GitHub repositories with more than 72,000 stars, between Node.js and Kubernetes.

The meteoric rise of the game Among Us appears to be outpacing its developer's ability to keep up with malicious actors. Among Us takes place in a space setting, where some platers are "Crewmates," and others are "Imposters" that live among us.

Nearly all enterprises believe cybersecurity will improve a sustainable development strategy and the specific role of a Chief Sustainability Officer, according to new research from Kaspersky's latest, "The State of Industrial Cybersecurity in the Era of Digitalization." In 2019, 40% of large enterprises planned to report on cybersecurity risks to boards of directors annually, but this year, according to a Gartner report, 100% will do so.

A security vulnerability can be exploited to coerce the containerd cloud platform into exposing the host's registry or users' cloud-account credentials. Containerd bills itself as a runtime tool that "Manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond." As such, it offers deep visibility into a user's cloud environment, across multiple vendors.

The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was "a shocking act." Distressed patients flooded victim support services over the weekend as Finnish police revealed hackers accessed records belonging to private company Vastaamo, which runs 25 therapy centres across Finland.

A Finnish psychotherapy centre was hit by hackers who stole therapy session notes - before threatening patients of the clinic with ransom demands amid selective dark web leaks of stolen material. "Psychotherapy Center Vastaamo has been the victim of data breaches and blackmail," said the Helsinki-based clinical chain late last week, adding: "In recent days, the blackmailer has published sections of the information he obtained during the hacking. Now the blackmailer has begun to approach the victims of the breach with blackmail letters demanding a ransom."

Microsoft is currently throttling Windows 10, version 20H2 availability to provide all users who want to upgrade with a positive experience while downloading and upgrading the OS. After Windows 10 20H2 was released on October 20, it immediately started rolling out to users who manually check for updates via Windows Update on devices running Windows 10 1903 or later. According to Microsoft's 20H2 feature update support page, customers need to have the Windows 10 2004 Servicing Stack Update and KB4579311 or later installed before upgrading.

European IT services provider Sopra Steria on Monday said its systems were recently infected with a new variant of the notorious Ryuk ransomware. France-based Sopra Steria, which claims to have 46,000 employees across 25 countries, offers a wide range of IT services, including consulting, technology, software, system integration, business process, infrastructure management and cybersecurity.

Cybercriminals have hacked the systems of psychotherapy giant Vastaamo - and are now reaching out to therapy patients, threatening to dump their patient files if they do not pay a ransom. Finland-based Vastaamo, which has more than 40,000 psychotherapy patients, said on its website that its customer register was likely compromised between the end of November 2018 and March 2019.