The Week in Cyber Security News, Jan. 18 - 24
01. Malwarebytes has fallen prey to the nation state actor said to be behind the SolarWinds supply chain hack that compromised the US Treasury and other government agencies as well.
02. Windows utility developer IObit has been hacked to facilitate a widespread attack for distributing the DeroHE ransomware to IObit forum members.
03. A city in the US state of Georgia is using (AI)-powered software that gives security cameras the ability to tell if people are violating COVID-19 regulations.
04. The number of suspicious domains featuring the word "vaccine" in their title increased by almost 100% in the month after the first Pfizer COVID-19 vaccine was given outside of a clinical trial.
05. Cybersecurity researchers have unearthed a fourth new malware strain — designed to spread the malware onto other computers in victims' networks — which was deployed as part of the SolarWinds supply chain attack disclosed late last year.
06. Threat actors have hacked verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active.
07. Security firm Malwarebytes said it was breached by the same nation-state-sponsored hackers who compromised SolarWinds and, in turn, a dozen or more US government agencies and private companies.
08. Brave, an open source web browser devoted to privacy has introduced an option that allows for direct peer-to-peer transfers. This means that instead of relying on a massive network in which data are stored on dedicated servers, information can now rest on and be accessed from numerous nodes dispersed globally.
09. Intel has disclosed that a hacked infographic from its unpublished quarterly report led the company to post its fourth quarter 2020 financial results a few minutes before the stock market closed (4 pm) on Jan 21, instead of afterwards.
10. About 4,000 stolen files from the Scottish Environmental Protection Agency have been dumped online by frustrated ransomware criminals after the public sector body refused to pay out.
11. Security researchers have identified a phishing attack impersonating PayPal that allowed criminals to access people’s credentials, their PayPal account, and then their finances.
12. The Avaddon ransomware gang is now using DDoS attacks to take down a victim's site or network until the victim contacts them and begins negotiating.
13. Facebook has given the FBI data on users who took part in the Capitol Hill siege, including their private messages, after calls from lawmakers to do so.
14. A well-known hacker has leaked this week the details of more than 2.28 million users registered on the dating website, MeetMindful.com.
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US17/mth, both of which include software updates and news relating to your software stack. Join more than 1,500 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.