A recent NYTimes investigative report discloses that a popular UAE web application often used on mobile devices, ToTok, is essentially a spying tool for the Persian Gulf nation. ToTok's ability to collect and monitor user data makes it an effective 'spyware' tool.
NYTimes, Dec 22nd, 2019
Users are advised to either remove the software or excercise caution when using the app, especially if they might be at a higher-than-normal risk for being targeted for surveillance by the UAE government. While the use of any messaging apps increases the risk of exposure to users, some chat apps are viewed with greater suspicion because of their close ties to authoritarian governments.
Ring Home Security camera customers in several states are reporting that their systems are being hacked. The company says that Ring Home Security cameras haven't suffered a breach, but that users are reusing passwords that have been exposed in previous security breaches making them easy to access using a hacking technique called credential stuffing.
On October 20th, a Ransomware attack in the San Bernardino City Unified School District caused numerous problems for students and faculty, causing headaches throughout the organization.
KTLA, October 20th, 2019
A vulnerability in Sudo, a core command utility for Linux, could allow a user to execute commands as a root user
Sudo is a utility that allows a system administrator to give certain users (or groups of users) the ability to run commands in the context of any other user – including as root – without having to log in with a different profile. Sudo also logs all commands and arguments in a centralized audit trail system, so admins know which user performed which command and in which context.
threatpost.com, October 15th, 2019
Security researchers have discovered a new piece of Mac malware; however, some of its purpose and full features will remain a mystery for a little longer. Named Tarmac (OSX/Tarmac), this new malware was distributed to macOS users via online malvertising (malicious ads) campaigns.
ZDNet, Oct 11th, 2019
In September of 2018, a major textbook rental and online tutoring services company Chegg reported it had suffered a data breach affecting the data of 40 million customers. The data involved in this breach includes user’s names, email addresses, passwords, and shipping addresses. This is one of the largest breaches of data affecting college and university students to date. While Chegg took action in 2018 by resetting user passwords on their site, the stolen data is now in the hands of cyber-criminals and it’s possible that students and former students may have used the same or similar passwords for other account logins across other websites.
TechCrunch, Sep 26, 2018
A team of ethical hackers conducted penetration testing to measure cyber-defence for approximately 50 major Universities and research centers in the UK in 2019. The hacking team was able to gain access to research networks, personal information, and financial systems within two hours or less. They report that spear-phishing was the most effective method for network penetration. This testing was part of a nation-wide program to measure and improve cybersecurity in the UK.
BBCNews, Apr 4, 2019
In July of 2019, the city of New Bedford, Mass was the victim of a ransomware attack that affected approximately 3,500 computers. The hackers made a ransom demand of $5.3 million in bitcoin in order to decrypt their files. City officials attempted to negotiate with the hackers to reduce the ransom amount and to gain more time as they attempted to recover and restore encrypted files. This approach worked for New Bedford and they were able to to restore many files from backup and reconstruct the missing data. There is an ongoing debate at this time about whether or not victims should pay the ransom.
NPR, Sep 6, 2019
None of the 22 Texas towns and municipalities that were victims of a massive ransomware attack in mid-August of 2019 paid the $2.5 million ransom demanded of them by the hackers. Texas officials based the decision not to pay largely on public sentiment that tax-payer money should not go to pay hackers. Many people believe paying the ransom incentivizes cyber-criminals to launch more ransomware attacks.
ZDNet, Sep 7, 2019
On August 16, 2019, hackers launched a large-scale "coordinated" ransomware attack on 22 towns in Texas. The cyberassault began Friday morning and mainly affected city business and financial operations. Interrupted services include processing utlity payments, issuing permits, as well as birth and death certificates. Officials say this attack is the first of its kind where one individual or hacking group has targeted multiple cities at once. It is being viewed as a wake-up call for small towns in rural areas.
NYTimes, Aug 20, 2019