Security News

Thousands of user accounts for online government services in Canada were recently hacked during cyber attacks, authorities said Saturday. The passwords and usernames of 9,041 GCKey account holders "Were acquired fraudulently and used to try and access government services," the authorities said.

What's more, in most of the cases, an attacker did not need to do much, beyond gaining an initial foothold, to command full internal network access: in 68 per cent of the trials, the infiltrators only needed to take one or two steps to have the entire organization at their fingertips. Network compartmentalization, and access controls limiting who can see what, may have helped minimize intruders' reach.

Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. Play a video file - thanks to flaws in Microsoft Media Foundation and Windows Codecs.

A team of Chinese researchers has described the analysis process that resulted in the discovery of 19 vulnerabilities in a Mercedes-Benz E-Class, including flaws that can be exploited to remotely hack a car. The researchers conducted their analysis on a real Mercedes-Benz E-Class and demonstrated how a hacker could have remotely unlocked the car's doors and started its engine.

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned. KrebsOnSecurity reviewed dozens of emails the fraud group exchanged, and noticed that a great many consumer records they shared carried a notation indicating they were cut and pasted from the output of queries made at Interactive Data LLC, a Florida-based data analytics company.

The trade union's servers were breached at the end of July, knocking out its website on the 30th as BDA personnel scratched their heads. Trade news site Dentistry Online reported BDA chief exec Martin Woodrow as saying: "As we attempted to restore services, it became clear hackers had accessed our systems."

The Vatican and the Catholic Diocese of Hong Kong have been the targets of alleged Chinese state-backed hackers ahead of talks on renewal of a landmark 2018 deal that helped thaw diplomatic relations between the Vatican and China, according to a monitoring group. Recorded Future said that the Hong Kong Study Mission to China - a key link between the Vatican and China - and the Pontifical Institute for Foreign Missions also were targeted.

Vulnerabilities discovered by researchers in VPN products primarily used for remote access to operational technology networks can allow hackers to compromise industrial control systems and possibly cause physical damage. Researchers from industrial cybersecurity company Claroty have identified potentially serious vulnerabilities in Secomea GateManager, Moxa EDR-G902 and EDR-G903, and HMS Networks' eWon.

On Tuesday, the US Department of Justice charged two Chinese nationals with allegedly hacking hundreds of organizations and individuals in America and elsewhere to steal confidential corporate secrets on behalf of Beijing for more than a decade. The US claims that the two accused worked both for themselves and with the backing of the Chinese government's Ministry of State Security.

A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a cryptocurrency scam. Following the tweets, the accounts for Apple, Uber, Mike Bloomberg, and Tesla and SpaceX CEO Elon Musk all posted tweets soliciting bitcoins using the exact same Bitcoin address as the one included on the CryptoForHealth website.