Security News > 2020 > December
Intellectual property theft will join ransomware, cloud-stored patient data theft and advanced phishing efforts as the main hallmarks of medical-related healthcare cyberattacks for the new year. These cyberattacks will have ramifications for geopolitics, with the "Attribution of attacks entailing serious consequences or aimed at the latest medical developments is sure to be cited as an argument in diplomatic disputes."
The exploit sequence he figured out really does allow an attacker to break into a nearby iPhone and steal personal data - using wireless connections only, and with no clicks needed by, or warnings shown to, the innocently occupied user of the device. To give you an idea of just how much effort went into the 5-minute "Teddy bear's data theft picnic" video above, and as a fair warning if you are thinking of studying Beer's excellent article in detail, bear in mind that his blog post runs to more than 30,000 words - longer than the novel Animal Farm by George Orwell, or A Christmas Carol by Charles Dickens.
A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Javvad Malik, security awareness advocate at cybersecurity company KnowBe4, called email account access the "Crown jewels" for anyone looking to damage an organization, and the accounts of C-level executives were even more integral to an enterprise.
For at least the third time in its existence, OGUsers - a forum overrun with people looking to buy, sell and trade access to compromised social media accounts - has been hacked. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum's user database had been compromised.
Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November. K12 announced this week that they suffered a ransomware attack in mid-November that caused them to lock down some of their IT systems to prevent the attack's spread. "In mid-November, we detected unauthorized activity on our network, which has since been confirmed as a criminal attack in the form of ransomware. Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident," K12 told BleepingComputer in a statement.
Threat actors are targeting an Oracle WebLogic flaw patched last month in an attempt to install a piece of malware named DarkIRC on vulnerable systems. The first attacks targeting it were observed roughly one week after and, in early November, Oracle issued an out-of-band update to address an easy bypass for the initial patch.
Microsoft has announced what it calls a more privacy-friendly version of its Productivity Score enterprise feature, following backlash from security experts who condemned it as a "Full-fledged workplace surveillance tool." The Productivity Score feature, which was launched as part of the Microsoft 365 productivity suite on Oct. 29, aimed to provide enterprises with data about how employees were utilizing technology.
UK-based cybersecurity company Glasswall this week announced that it has raised £18 million in equity capital, which it will use to fund its expansion. Glasswall has developed a product designed to protect organizations against file-based threats using content disarm and reconstruction technology, which removes potentially malicious code from files.
Microsoft has dialed back components of its Productivity Score tool for Microsoft 365 apps following concerns about user privacy. Called Productivity Score, the tool assigns each 365 user in an organization a score out of 100 across categories including communication, meetings, collaboration and teamwork - which can be viewed by admins.