Security News > 2020 > December

A late October cyberattack on the computer systems of the University of Vermont Medical Center is costing the hospital about $1.5 million a day in lost revenue and recovery costs, its CEO said. The Oct. 28 attack crippled the computer systems of the hospital system that serves much of Vermont and parts of upstate New York.

The EU's medicines regulator said Wednesday it had been the victim of a cyberattack, just weeks before it is due to decide on special approval for two coronavirus vaccines. "EMA has been the subject of a cyberattack. The agency has swiftly launched a full investigation, in close cooperation with law enforcement and other relevant entities," the EMA said in a brief statement.

Increasingly, it isn't just people using that data to influence us, it's robots-unthinking algorithms on e-commerce sites, search engines and social media are continually categorizing our behavior to where it seems they can read our minds. The algorithms on those platforms are working behind the scenes, all the time.

A new global report on phishing attempts shows how the workforce has responded to security threats since COVID-19, and the new vulnerabilities that have resulted from the remote work landscape. Terranova Security's new "2020 Gone Phishing Tournament," part of its Phishing Benchmark Global Report, looks at the impact of phishing attacks on the remote workforce, citing an increase in phishing simulation clicks, as well as compromised data.

Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread media attention around the development and distribution of COVID-19 vaccines - as well as recent reports that manufacturers like Pfizer may not be able to supply additional doses of its vaccine to the U.S. large volumes until sometime in Q2. These lures continue to play into the high emotions of victims during a pandemic - something seen in various phishing and malware campaigns throughout the last year.

A report released Tuesday by identity verification firm Onfido looks at the increase in ID fraud since the outbreak of COVID-19 and offers tips on how to protect your organization, your users, and your customers from this type of crime. To compile its "Identity Fraud Report for 2020," Onfido teamed up with criminal police organization Interpol to analyze different fraud techniques.

Cloud security startup Wiz on Wednesday emerged from stealth mode with $100 million in Series A funding. The money came from Index Ventures, Sequoia, Insight Partners and Cyberstarts, and Wiz says it plans on using it to scale and meet customer demand for its cloud security solutions.

A new Qbot malware version now activates its persistence mechanism right before infected Windows devices shutdown and it automatically removes any traces when the system restarts or wakes up from sleep. Starting with November 24, when Binary Defense threat researcher James Quinn says that the new Qbot version was spotted, the malware is using a newer and stealthier persistence mechanism that takes advantage of system shutdown and resume messages to toggle persistence on infected devices.

Some of the impacted router models were first introduced in 2012 and appear to lack the same type of patching cadence as more modern D-Link router models. The routers are common home networking devices sold at numerous retail outlets, which means that people working remotely due to the COVID-19 pandemic likely are exposing not only their own environments but also corporate networks to risk, Digital Defense researchers noted.

A new survey of the free and open-source software community conducted by the Linux Foundation suggests that contributors spend less than 3% of their time on security issues and have little desire to increase this. A report based on the answers of nearly 1,200 FOSS contributors carried out by the Linux Foundation and Laboratory for Innovation Science at Harvard highlighted a "Clear need" for developers to dedicate more time to the security of FOSS projects as businesses and economies become increasingly reliant on open-source software.