Security News > 2020 > December

A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system at a water facility in Israel. "This gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser," OTORIO said in a blog post.

VMware has patched a zero-day bug that was disclosed in late November - an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also revised the CVSS severity rating for the bug to "Important," down from critical.

An artist has claimed responsibility for the mysterious monoliths that have been appearing across the world, including Utah and California. The pseudonymous artist has these monoliths for sale on their website for $45,000, which includes installation.

German divers searching the Baltic Sea for discarded fishing nets have stumbled upon a rare Enigma cipher machine used by the Nazi military during World War Two which they believe was thrown overboard from a scuttled submarine. Thinking they had discovered a typewriter entangled in a net on the seabed of Gelting Bay, underwater archaeologist Florian Huber quickly realised the historical significance of the find.

The U.S. Internal Revenue Service said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number, a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who've experienced tax refund fraud in previous years.

A man pleaded guilty Thursday to his role in a computer protection services scam that cheated victims out of nearly $1 million by misleading them into believing that malware had been detected on their computers, federal prosecutors said. Himanshu Asri, 33, of Delhi, India, pleaded guilty in federal court in Providence to wire fraud conspiracy, according to the office of U.S. Attorney for Rhode Island, Aaron Weisman.

On the heels of targeting struggling U.S. retailer Kmart, the Egregor gang also disrupted the Vancouver metro system with a ransomware attack. The attack took place on Dec. 1 and left Vancouver residents and other users of the public transit service unable to use their Compass metro cards or pay for new tickets via the agency's Compass ticketing kiosks, according to media reports.

A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released. The Google Play Core Library allows Android developers to deliver updates to their applications at runtime, via the Google API, without requiring interaction from the user.

U.S. District Judge Leonie M. Brinkema in Alexandria signed the order reducing the sentence of Ardit Ferizi to time served. Brinkema also ordered the Bureau of Prisons to immediately place Ferizi in a 14-day quarantine to ensure he's not infected with the coronavirus.

TransLink, the transportation agency of Metro Vancouver in British Columbia, Canada, has been hit by ransomware, and the ransom note delivered by the attackers suggests the incident involved a piece of ransomware named Egregor. TransLink first reported issues related to its IT systems on December 1, when it informed customers that some online services may be unavailable.