Security News > 2020 > October

The Clop ransomware gang hit the network of German enterprise software giant Software AG last Saturday, asking for a ransom of $23 million after stealing employee information and company documents. Software AG is a software company headquartered in Darmstadt, Germany, with more than 5,000 employees and operations in over 70 countries around the globe.

The Clop ransomware gang hit the network of German enterprise software giant Software AG last Saturday, asking for a ransom of $23 million after stealing employee information and company documents. Software AG is a software company headquartered in Darmstadt, Germany, with more than 5,000 employees and operations in over 70 countries around the globe.

Microsoft reported this week that it has spotted Zerologon attacks apparently conducted by TA505, a notorious Russia-linked cybercrime group. According to Microsoft, the Zerologon attacks it has observed involve fake software updates that connect to command and control infrastructure known to be associated with TA505, which the company tracks as CHIMBORAZO. The fake updates are designed to bypass the user account control security feature in Windows and they abuse the Windows Script Host tool to execute malicious scripts.

Other than the network delay between the Ring doorbell, the mobile app, and the Ring Chime, my biggest complaint is the speed at which Ring deploys updates. The new Ring Always Home Cam is a security camera that rests on a base, but when called upon, it will lift off that base and fly around your home in either autonomous paths or pre-programmed patterns.

Belgium's dominant telecom operator Proximus said Friday that it will gradually replace its equipment from the Chinese manufacturer Huawei with products from Finnish supplier Nokia and Sweden's Ericsson. The sensitive decision comes at a time when the United States is heaping pressure on its European allies to shun equipment from Chinese firms in developing their 5G networks.

Facebook has lifted the curtain on what it claims is an industry first: A loyalty program as part of its bug-bounty offering, which aims to further incentivize researchers to find vulnerabilities in its platform. The loyalty program, called "Hacker Plus," offers bonuses on top of bounty awards, access to more products and features that researchers can stress-test, and invites to Facebook annual events.

A team of researchers has received hundreds of thousands of dollars in bug bounties from Apple for reporting 55 vulnerabilities, including ones that exposed source code, employee and customer apps, warehouse software, and iCloud accounts. Researchers Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes decided in early July to take part in Apple's bug bounty program and attempt to find as many vulnerabilities as possible in the tech giant's systems and services.

Among the flaws found in core portions of Apple's infrastructure includes ones that would have allowed an attacker to: "Fully compromise both customer and employee applications; launch a worm capable of automatically taking over a victim's iCloud account; retrieve source code for internal Apple projects; fully compromise an industrial control warehouse software used by Apple; and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources," he wrote. iCloud is an automatic storage mechanism for photos, videos, documents, and app related data for Apple products.

The US Department of Homeland Security said that unknown threat actors have targeted the US Census network during the last year in its first-ever Homeland Threat Assessment report released earlier this week. The US Census Bureau is the largest US federal government statistical agency responsible for collecting statistical data about the US economy and population.

The maker of a 'smart' male chastity device has recommended using a screwdriver to break them open after warnings they can be locked remotely by hackers. Chinese firm Qiui, whose Bluetooth-controlled Cellmate device can only be unlocked via an app, issued a video called "When nothing else works", showing the screwdriver fix.