Security News > 2020

Medical device company Medtronic informed customers last week that it has released patches for some cardiac device vulnerabilities disclosed in 2018 and 2019. One of the advisories, initially published in March 2019 by both CISA and Medtronic, covers vulnerabilities affecting the Medtronic Conexus radio frequency wireless telemetry protocol used by some of the company's implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators.

TA505 - a sophisticated advanced persistent threat group that has targeted financial companies and retailers in several countries, including the U.S. - has returned with a campaign that uses HTML redirectors to deliver malicious Excel documents, according to Microsoft and other security researchers. This threat group is believed to have caused over $100 million in losses over the years, according to the U.S. Treasury Department, which published a report about the group in December when it issued sanctions against some of its members.

Six individuals were arrested in the United Kingdom last week for their involvement in a bank cyber-heist and money laundering operation. The arrests were made in connection to the laundering of money stolen in February 2019 from Malta's Bank of Valletta, after cyber-criminals used malware to access the bank's systems and illegally remove around €13 million.

With the number of high profile breaches and hacks on medical facilities and the increasing "Cyberization" of healthcare in general, this question has been on many security professionals' minds for the last few years: Are medical devices safe from hackers? In fact, the FDA recently informed healthcare providers, facilities, and patients about potential cybersecurity vulnerabilities for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers. Then we will have a real medical device security crisis on our hands.

The Gone Phishing Tournament tested how susceptible people are to opening fraudulent emails and entering their login information. To prepare organizations for an attack, TerraNova Security held the Gone Phishing Tournament over five days in October, testing people at companies in 76 countries and 27 languages on how likely they were to open a malicious email and enter their information into a dangerous website.

The China-linked threat group tracked as Winnti was observed using a new variant of the ShadowPad backdoor in recent attacks targeting Hong Kong universities, ESET's security researchers report. One month later, the security researchers discovered a new campaign run by the Chinese hackers, targeting two Hong Kong universities with a new variant of the ShadowPad backdoor, the group's flagship tool.

A Federal Communications Commission investigation found that one or more U.S. wireless carriers violated federal law by selling consumer location data to third parties, according to a letter FCC Chairman Ajit Pai sent to congressional lawmakers. The findings described in the letter came from an investigation the FCC launched after the New York Times in 2018 reported about how the biggest wireless carriers, including AT&T, Verizon and T-Mobile, were giving real-time location data to third-party companies.

Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week. Victims are receiving emails threatening to expose their Ashley Madison accounts - along with other embarrassing data - to family and friends on social media and via email, unless they pay a Bitcoin ransom.

Australian courier company Toll has shut down several of its key systems after a "Security incident" last week, prompting a backlash from frustrated customers. A Reg reader who spoke to service reps over the phone told us Toll employees have been unable to provide information about their packages, or even to access their internal tracking database.

While a CTI team may be limited to SOC operations, an intelligence team can serve enterprise-wide concerns. Intelligence teams given broader mandates to support intelligence needs beyond the SOC, do not belong in it.