Security News > 2020 > November

The Turkey-Day themed email ploy leverages the juggernaut popularity of the Zoom Video Communications platform. The day after Thanksgiving, Twitter was abuzz with tweets not only about people's various Zoom meetings with family and friends, but also about numerous special events hosted on Zoom to celebrate the holiday.

Players' managers looking to lift salaries by a couple of million pounds or so better check their email read receipts: a full week after Manchester United was hit by hackers, many of its systems remain offline, with at least one report claiming the club is being shaken down for ransom. In a statement, the football club told The Register: "Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations. This attack was by nature disruptive, but we are not currently aware of any fan data being compromised."

South Korean conglomerate and retail giant E-Land has suffered a ransomware attack causing 23 of its retail stores to suspend operations while they deal with the attack. Baltimore County Public Schools hit by ransomware attack.

European IT services provider Sopra Steria estimates that a recent ransomware attack will have a financial impact ranging between €40 million and €50 million. Sopra Steria revealed one month ago that some of its systems were infected with a new variant of the Ryuk ransomware, which is believed to have been used by Russian cybercriminals.

A UK infosec bod has launched a petition asking the government if it would please drop its plans to install backdoors in end-to-end encryption. Application security specialist Sean Wright's Parliamentary petition comes as an expression of uneasiness at long-signalled plans for British state agencies to sidestep encryption and enable snooping on private citizens' online conversations at will.

Sadly, continued attacks against healthcare and medical infrastructure will probably lead to serious consequences going into 2021. While there have been no known attacks against over-the-air updates to vehicle software, it will become a growing concern as more manufacturers adopt the technology.

Despite being concerned about the security risks behind online shopping, consumers lack knowledge about some of the biggest retail risks - with more than half unaware of digital credit-card skimming threats posed by the Magecart group. According to the research, 85 percent are at least mildly concerned about their personal information being compromised when shopping through a website or browser; while 88 percent of shoppers are at least mildly concerned about the safety of mobile apps for retail purposes.

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.

The University of Vermont Medical Center is continuing to recover from the cyber attack late last month that crippled access to electronic records at the Burlington hospital. The restoration includes inpatient and ambulatory sites at the UVM Medical Center and ambulatory clinics at Central Vermont Medical Center in Berlin, Porter Medical Center in Middlebury and Champlain Valley Physicians Hospital in Plattsburgh, New York.

Three Nigerian nationals have been arrested in Lagos for their suspected involvement in Business Email Compromise scams. The three - identified only as OC, 32, IO, 34, and OI, 35 - are believed to be part of a larger organized crime group called TMT, which has been involved in malware distribution, phishing, and extensive BEC fraud.