Table of Contents

  1. Ransomware
    1. Ransomware at IT Services Provider Synoptek
    2. Windows systems at Maastricht University were infected with a ransomware
    3. U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility
  2. Phishing
    1. Nonprofit organization Special Olympics New York hacked and its server used to send phishing emails
  3. Vulnerabilities
    1. Multi-factor authentication isn't necessarily strong
    2. Software failure at the Federal Motor Vehicle Office - Cologne registration office also affected
  4. Malware
    1. FIN7 Hackers' BIOLOAD Malware Drops Fresher Carbanak Backdoor
  5. Crime
    1. Thai Officials confirmed the hack of prison surveillance cameras and the video broadcast
    2. Microsoft seizes web domains used by North Korean hackers
    3. Major US companies breached, robbed, and spied on by Chinese hackers
  6. Surveillance
    1. The Fight Against Government Face Surveillance: 2019 Year in Review
  7. Leaks
    1. Wyze Exposes User Data via Unsecured ElasticSearch Cluster
  8. Crypto
    1. ProtonMail Takes Aim at Google With an Encrypted Calendar
  9. Facebook
    1. Brazil Fines Facebook $1.6 Million for Improper Sharing of User Data

Ransomware

Ransomware at IT Services Provider Synoptek

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible. Synoptek has not yet responded to multiple requests for comment. But two sources who work at the company have now confirmed their employer was hit by Sodinokibi, a potent ransomware strain also known as "rEvil" that encrypts data and demands a cryptocurrency payment in return for a digital key that unlocks access to infected systems. Those sources also say the company paid their extortionists an unverified sum in exchange for decryption keys.

Windows systems at Maastricht University were infected with a ransomware

Almost all Windows systems have been affected and it is particularly difficult to use e-mail services. UM is currently working on a solution. It is currently unknown if scientific data was also accessed or exfiltrated by the attackers during the attack, prior to the systems getting encrypted with the yet unnamed ransomware strain. UM says in a new update that "education at UM can be resumed on January 6. Some important systems that are required for this will be available online again from 2 January."

U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility

The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility. While the incident is still currently being investigated, the USCG says that a phishing email is most likely the point of entry within the MTSA facility's network.

Phishing

Nonprofit organization Special Olympics New York hacked and its server used to send phishing emails

Special Olympics New York provides inclusive opportunities for people with intellectual disabilities to compete in Olympic-style, coached sports. Unfortunately, the nonprofit organization was hacked during the Christmas holiday and the attackers later used its email server to launch a phishing campaign against its donors.

Vulnerabilities

Multi-factor authentication isn't necessarily strong

No MFA solution is perfect, and they have been compromised in the past, but it still may be good enough. Google did a study that showed that even the relatively weak SMS based 2FA protects against all automated bot attacks and 96% of bulk phish attacks.

Software failure at the Federal Motor Vehicle Office - Cologne registration office also affected

The Federal Motor Vehicle Office currently has significant software problems with an acute complete failure of its system. In addition to other cities, this also affects the Cologne registration office. Access to the necessary data from this central register is currently not possible. According to the Federal Motor Vehicle Office, intensive work is currently being carried out on troubleshooting, but a time to restart the system cannot yet be given. There are currently around 250 people waiting in the Cologne registration office. The admissions office will - as soon as it has access to the federal data again - process all processes of those currently waiting. However, new customers cannot currently be accepted.

Malware

FIN7 Hackers' BIOLOAD Malware Drops Fresher Carbanak Backdoor

Experts uncovered a new tool dubbed BIOLOAD used by the FIN7 cybercrime group used as a dropper for a new variant of the Carbanak backdoor. Dubbed BIOLOAD, the malware loader has a low detection rate and shares similarities with BOOSTWRITE, another loader recently identified to be part of FIN7's arsenal. The malware relies on a technique called binary planting that abuses a method used by Windows to search for DLLs required to load into a program. An attacker can thus increase privileges on the system or achieve persistence.

Crime

Thai Officials confirmed the hack of prison surveillance cameras and the video broadcast

Authorities in Thailand are investigating a cyber attack that resulted in the broadcast of surveillance video from inside a prison in the country’s south. Local media reported that hackers broke into the surveillance system at Lang Suan prison in the southern province of Chumphon, the video was broadcast live on YouTube for several hours. The video was published on Tuesday by an account named “BigBrother’s Gaze,” the images from several cameras showed prisoners’ operations.

Microsoft seizes web domains used by North Korean hackers

Microsoft says it has obtained a court order allowing it to seize web domains used by North Korean hacking groups to launch cyberattacks on human rights activists, researchers and others. The U.S. technology giant said a federal court allowed it to take control of 50 domains operated by a group dubbed Thallium, which tricked online users by fraudulently using Microsoft brands and trademarks. This particular North Korean-linked threat group is also known as APT37 and Group 123, and has been linked by other security researchers to various campaigns that have targeted educational institutions, as well as chemical, electronic, manufacturing, aerospace, automotive and healthcare companies around the world.

Major US companies breached, robbed, and spied on by Chinese hackers

In one of the largest-ever corporate espionage efforts, cyberattackers alleged to be working for China's intelligence services stole volumes of intellectual property, security clearance details and other records from scores of companies over the past several years. They got access to systems with prospecting secrets for mining company Rio Tinto PLC, and sensitive medical research for electronics and health-care giant Philips NV.

Surveillance

The Fight Against Government Face Surveillance: 2019 Year in Review

EFF has written a detailed report about government face surveillance laws in 2019.

Leaks

Wyze Exposes User Data via Unsecured ElasticSearch Cluster

Smart home tech maker Wyze Labs confirmed that the user data of over 2.4 million of its users were exposed by an unsecured database connected to an Elasticsearch cluster for over three weeks, from December 4 to December 26. The company discovered the incident after receiving an inquiry from an IPVM reporter via a "support ticket at 9:21 a.m. on December 26," immediately followed by IPVM publishing a piece "at 9:35 a.m" covering the exposed database discovered by security consulting firm Twelve Security. The unsecured database did contain customer emails and camera nicknames, WiFi SSIDs, Wyze device info, roughly 24,000 tokens associated with Alexa integrations, as well as body metrics including height, weight, gender, and other health info for a small number of product beta testers.

Crypto

ProtonMail Takes Aim at Google With an Encrypted Calendar

Encrypted email provider ProtonMail has officially launched its new calendar in public beta. The move is part of the Swiss company's broader push to offer privacy-focused alternatives to Google's key products

Facebook

Brazil Fines Facebook $1.6 Million for Improper Sharing of User Data

Brazil's Ministry of Justice said on Monday it has fined U.S. tech giant Facebook 6.6 million reais ($1.6 million) for improperly sharing user data. From a report: The ministry's department of consumer protection said it had found that data from 443,000 Facebook users was made improperly available to developers of an App called 'thisisyourdigitallife.' The data was being shared for "questionable" purposes, the ministry said in a statement.