The Week in Cyber Security News, July 20 - 26
01.Non-profit fundraising and financial technology supplier, Blackbaud, stopped file encryption after becoming a ransomware attack target, however still paid the ransom to ensure that the attackers deleted all their stolen data.
02.Two separate phishing campaigns, both of which impersonate actual notices from Microsoft, aimed to steal sensitive information from victims by convincing them they needed to renew their Microsoft Office 365 subscription.
03.Experts are predicting that this year could see a record breaking 20,000 vulnerabilities reported, with major increases in mobile bugs already in 2020.
04.An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong, with the intention of stealing sensitive information.
05.Diebold Nixdorf, which made $3.3 billion from ATM sales and service last year, is warning its customers of a new hardware-based form of 'jackpotting', the industry term for attacks that thieves use to quickly empty ATMs.
06.The US government is offering rewards of up to $1 million apiece for information leading to the arrest or conviction of Artem Radchenko and Oleksandr Ieremenko, two Ukrainian men accused of hacking the US Securities and Exchange Commission.
07.US authorities have charged two Chinese hackers for allegedly hacking into the systems of hundreds of companies, governments and individual dissidents, as well as firms developing COVID-19 vaccines, testing technology, and treatments.
08.The UK National Cyber Security Centre has highlighted the increasing risks posed by ransomware attacks, phishing campaigns, and Business Email Compromise fraud schemes targeting sports organizations and teams, including Premier League football clubs.
09.The NSA and CISA have issued an alert warning that adversaries could be targeting critical infrastructure across the US, including power plants, factories, oil and gas refineries and more.
10.The FBI has sent an alert warning US companies about backdoor malware that is silently being installed on the networks of foreign companies operating in China via government-mandated tax software.
11.Cybersecurity researchers have revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism which bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers.
12.Overdraft protection and cash advance service Dave has suffered a data breach after a database containing 7.5 million user records was sold in an auction and then released later for free on hacker forums.
13.Apple co-founder Steve Wozniak is suing YouTube and its parent company Google for allegedly allowing phony Bitcoin giveaway that exploits his name and likeness to scam people.
14.An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
