Nonprofit technology supplier Blackbaud stops ransomware attack from encrypting files, but pays to ensure attackers delete stolen customer information
News security
German Court Strikes Down Telecoms Data Access Law
Current laws give security services ‘excessive’ access to citizens’ data, finds top court, giving government until end of 2021 to bring in higher thresholds
Microsoft Project Freta Looks To Eradicate Undetected Malware
Demonstration technology carries out offline sweeps of Linux virtual machine snapshots at large scale to help organisations root out in-memory malware
‘BlueLeaks’ Hacked US Police Data Removed In German Takedown
Zwickau public prosecutor confiscates server used to distribute hundreds of gigabytes of data hacked from police forces across the US
Apple Reconfigures Macs To Block Adware
Apple will no longer allow user profiles to be installed on Macs without user interaction, in move targeting ‘plague of adware’
F5 Networks Warns Of Critical Security Flaw In Networking Devices
F5 says BIG-IP application delivery controllers used on many corporate and government networks are vulnerable to takeover by remote attackers
Thanos Ransomware Adds New Features
Rapid evolution of Thanos ransomware-as-a-service, along with high-end attacks, indicate evolving threat as criminals seek to monetise organisations’ data
US Police Forces Hit By Huge Data Breach
Activist hackers release 24 years’ worth of data from hundreds of police forces in move timed to coincide with protests against police brutality and racism
Amazon Records Record 2.3Tbps Denial-Of-Service Attack
Amazon says its AWS Shield mitigated a DDoS attack peaking at 2.3Tbps, far larger than previous assaults, amidst increasing cloud security threats
NCSC Warns Mobile Operators To Stock Up On Huawei Parts
Security officials warn operators that Huawei may be unable to continue to provide gear following ‘escalating US action’ against the company
Covid-19 Phishing Campaigns Becoming ‘More Effective’
Peak of pandemic-related phishing traffic has passed by volume, but attackers are using increasingly focused and effective lures to steal data, study finds
GitLab Bolsters DevSecOps With Peach Tech, Fuzzit Acquisitions
GitLab to integrate Peach Tech and Fuzzit fuzz-testing into its DevOps lifecycle tool, helping developers to catch security bugs earlier on
Attacks On Critical Infrastructure Now ‘More Targeted’
Study finds cyber-criminals are shifting tactics to favour multi-stage ransomware attacks that include stealing sensitive data to maximise damage and profits
Apple Project Aims To Improve Password Managers
Apple’s open source Password Manager Resources project includes site-specific data aimed at improving compatibility of third-party password tools
TrickBot Malware Update Makes It Harder To Detect
TrickBot information-stealing malware updated with new ‘nworm’ module that uses encryption and in-memory execution to hinder detection efforts
Cryptocurrency-Mining Campaign Hits ‘Thousands’ Of Enterprises
Security researchers find attackers breaking into public-facing Windows IIS web servers to install Monero-mining malware across networks
Microsoft Uncovers ‘Massive’ Pandemic-Themed Phishing Campaign
Scam emails use Excel spreadsheets containing Covid-19 data as a lure, then execute malicious macros that give attackers control over system
FBI Criticises Apple For Failing To Help Unlock iPhones
Agency says it had to develop its own tool to access two locked iPhones used by gunman who attacked Pensacola Naval Air Station in December 2019
Bluetooth Standard Vulnerable To Unpatched Spoofing Attack
Researchers warn of weaknesses affecting all Bluetooth-compliant devices – just as governments roll out coronavirus apps reliant on the tech
Supercomputers Across Europe Shut Down After Crypto-Mining Attacks
Hackers break into academic high-performance computing clusters in Edinburgh, Germany and Switzerland to install Monero currency-mining software
GoDaddy Warns Customers Of Password Breach
Attackers gained access to customers’ websites last October, says hosting giant, but only via SSH, with ‘main accounts’ not affected
Phishing Campaign Targets Financial Services Companies
Attackers impersonate US self-regulatory body for brokerage firms in phishing email campaign that looks to harvest Office and SharePoint passwords
Bug Allowed Hackers To Steal Teams Data Via GIF Image
Microsoft patches security vulnerability that could have allowed attackers to take over Teams accounts and groups if users viewed a seemingly innocent GIF
Spies Urged To Adopt AI To Counter Augmented Threats
UK’s intelligence agencies must use artificial intelligence to repel increasingly sophisticated cyber-attacks and disinformation campaigns, finds study
Researchers Take Down Massive Crypto-Mining Botnet
VictoryGate crypto-mining botnet infected at least 35,000 systems, mostly in Peru, and continues to spread via infected removable USB drives
Dutch Police Shut Down DDoS Services
As people around the world turn to online services during the pandemic, hackers seek profits from denial-of-service and ransomware attacks
Smartphone Scheme Aims To Track Coronavirus While Protecting Privacy
Boston University proposal would involve tracking randomly generated IDs via short-range broadcasts as means to contain coronavirus infections
Europol: Coronavirus Crisis Spurs Rise In Ransomware, DDoS Attacks
Cyber-criminals increasingly targeting organsiations’ computing and online infrastructure for extortion attempts as huge numbers of staff work remotely
Researchers Find ‘Weaknesses’ In Zoom Encryption
Videoconferencing app employs custom encryption scheme and uses servers based in Beijing, researchers find as Zoom popularity soars
UK Spearheads Quantum Key Distribution Breakthrough
Team headed by University of Glasgow develops technique for generating and detecting entangled photons at wavelength less susceptible to solar interference