The Week in Cyber Security News, Nov. 23 - 29
01. After suffering the most severe cyberattack ever orchestrated against a Brazilian public sector institution, the Superior Electoral Court has managed to get its systems back up and running, after more than two weeks facing disruption.
02. Researchers have shown how it's possible to breach a Tesla Model X's key fob and drive away in a victim's car, all within minutes.
03. Fake Minecraft Modpacks on Google Play are delivering millions of abusive ads and making normal phone use impossible.
04. Two apps developed by Chinese tech giant Baidu were leaking 'sensitive' user data that potentially left as many as 1.4 billion users open to surveillance or cybercrime
05. IT services giant Sopra Steria, which has 46,000 employees in 25 countries, has said that a Ryuk ransomware attack in October this year will lead to a loss of between €40 million and €50 million (US$47 - $59 million).
06. Cyber actors have spoofed legitimate FBI websites in an effort to trick people, possibly by disseminating false information or gathering credentials.
07. Ticketmaster has claimed that the £1.25m data breach fine handed down by UK data regulator, the Information Commissioner's Office, clears it of any responsibility for its network being infected by card-skimming malware.
08. After months of public reporting on a suspected Chinese hacking campaign targeting entities linked with diplomacy between the Vatican and Beijing, the hackers are still trying their luck.
09. A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries, deploying "dozens of digitally signed variants" of the 13-year-old Bandook Windows Trojan.
10. Two in five remote workers in the UK are vulnerable to cyber-attacks as they have not received information about how to avoid COVID-19 scams or had any video call security training.
11. A threat actor is selling passwords - on a closed-access underground forum for Russian-speaking hackers - for the email accounts of hundreds of C-level executives at companies across the world.
12. Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals on video platforms such as Zoom, in what is being referred to as "TurkeyBombing" as opposed to "ZoomBombing".
13. The Conti ransomware gang hit the systems of industrial automation and Industrial IoT chip maker Advantech and is demanding a $14 million ransom to decrypt affected systems and to stop leaking stolen company data.
14. Europol and a cybersecurity firm, in collaboration with the law enforcement agencies from Hungary, UK, and Italy, has disrupted the trading of tens of thousands of credit cards stolen credit data on Dark Web forums.
++
Thanks for visiting SecAlerts and reading our weekly cyber security news roundup. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,500 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.
