Special Report: 22 Top Infosec News Stories You Might Have Missed During the Holidays

Special Report: 22 Top Infosec News Stories You Might Have Missed During the Holidays

UK judge bars Assange extradition, GoDaddy sends a cruel phishing test, hackers breached Finland's parliament, Whirlpool hit by ransomware, Livecoin hacked on Christmas Eve, and much more

A UK judge ruled that Wikileaks founder and latter-day alleged operative for Russian intelligence Julian Assange cannot be extradited to the U.S. because authorities would not prevent him from committing suicide.

District Judge Vanessa Baraitser said, “I find that the mental condition of Mr Assange is such that it would be oppressive to extradite him to the United States of America.” (Ben Quinn / The Guardian)

Related: Reuters, The New York Times, Axios

Automotive maker and defense contractor Kawasaki Heavy industries said it was subject to unauthorized access from outside the company, leading to the possible leak of information from overseas offices to external parties.

The company said that it found fraudulent server access via a company based in Thailand during a system audit on June 11th. (Japan Times)

Related: TechNadu, The Daily Swig, SecurityWeek, teiss, DataBreaches.net, Bitdefender, Bleeping Computer, Security Affairs, Threatpost

In what was widely deemed a cruel holiday test, GoDaddy sent out a phishing email test to employees saying they would receive a $650 bonus and instructed them to fill in their personal details by Friday, December 18th.

Two days later, those employees who clicked on the link and filled in their personal details were sent an email informing them they had “failed” the test. (Lorraine Longhi / The Copper Courier)

Related: Technology | International Business Times, Engadget, Reddit - cybersecurity, Technology - CBSNews.com, The Hill, Reddit - cybersecurity, RT USA, Business Insider, The Verge, Reddit - cybersecurity, DataBreaches.net, ibtimes.sg : Top News, Gizmodo, Cymulate Blog, Technology - CBSNews.com, Mashable

Finland’s parliament was the victim of a breach during which the hackers gained entry to its internal IT system and accessed email accounts for some members.

The country’s National Bureau of Investigation (NBI) said it had already launched a preliminary probe into the incident during late autumn. (YLE)

Related: Reuters, Cyberscoop,  Bleeping Computer, ZDNet, euronews, Databreaches.net, Security Affairs, Nord News, Slashdot

Home appliance giant Whirlpool was hit by a Nefilim ransomware attack, which stole data before encrypting devices.

The Nefilim ransomware gang published files from the attack, including documents related to employee benefits, accommodation requests, medical information requests, background checks, and more. (Lawrence Abrams / Bleeping Computer)

Related: Security Affairs, Fox23

Threat actors have used Citrix ADC networking equipment to launch DDoS attacks by bouncing junk web traffic off of German IT systems administrator Marco Hofmann discovered.

Hoffman discovered that the DTLS implementation on Citrix ADC devices appears to be yielding 35 times the original packet, making it one of the most potent DDoS amplification vectors. (Catalin Cimpanu / ZDNet)

Related: Bleeping Computer, SC Magazine, Forbes, Security Affairs, SiliconANGLE, The Hacker News, My Little Farm

REvil hackers who stole the data from a large plastic surgery chain, the Hospital Group, are threatening to publish patients' before and after photos, among other details.

The gang claims to have obtained more than 900 gigabytes of patient photographs. (Joe Tidy / BBC News)

Related: The Sun, Reddit-hacking

Russian cryptocurrency exchange Livecoin said it was hacked on Christmas Eve, losing control of some of its servers and advising customers not to use its services.

The hackers took control over the Livecoin infrastructure and then proceeded to modify the exchange rates to gigantic and unrealistic values. (Catalin Cimpanu / ZDNet)

Related: Invezz, Security Affairs

The Dridex malware gang is luring people into opening malicious attachments by sending pretend Amazon gift certificates by email, researchers at Cybereason discovered.

The attachments will state that they were created in an online version of Microsoft Office and prompt the recipient to click on the 'Enable Content' button, which will execute malicious macros. (Lawrence Abrams / Bleeping Computer)

Related: Dark Reading: Vulnerabilities / Threats, DataBreachToday

Twenty-one men were arrested across the UK as part of a crackdown against a cyber operation against customers of WeLeakInfo.com, the National Crime Agency announced.

WeLeakInfo.com sold access to data hacked from other websites. The suspects used stolen credentials to commit further cyber and fraud offenses. (Ravie Lakshmanan / The Hacker News)

Related: TechNadu, PCMag.com, Owlysec – Cyber Security News, DataBreaches.net, National Crime Agency

The hackers deployed Bookcode (exclusively used by Lazarus) and wAgent malware with backdoor capabilities. (Sergiu Gatlan / Bleeping Computer)

Related: DataBreachToday.com, Cybersecurity Insiders, isssource.com, Security Brief

The usual email and digital attacks on presidential campaigns were largely avoided this year by using physical security keys, particularly by the Biden campaign.

Bob Lord, the CISO of the Democratic National Committee, said his organization issued physical keys to the vast majority of the 3,400 people who worked on getting out the vote. The committee had a way to check that people were actually using the keys. (Jordan Novet / CNBC)

Kaggle, an online competition platform for scientists and machine learning specialists that is a subsidiary of Google, exposes private competition in a data breach due to a misconfigured API.

Kaggle has yet to release a statement but says it is looking into the incident. (Ram Sagar / Analytics India)

Related: Security Report

U.S. District Judge Rodney Smith ruled in favor of Corellium, saying its software emulating the iOS operating system that runs on the iPhone and iPad amounted to “fair use” because it was “transformative” and helped developers find security flaws. (Jonathan Stempel / Reuters)

Related: Law & Disorder – Ars Technica, TechNadu, HackRead, MobileSyrup.com, SlashGear » security

T-Mobile announced a security incident that exposed customers' proprietary network information (CPNI), including phone numbers and call records.

T-Mobile said it found that the threat actors gained access to the telecommunications information generated by customers, known as CPNI, or customer proprietary network information. (Lawrence Abrams / Bleeping Computer)

Related: DataBreachToday.com, Security Affairs, HackRead, T-Mobile

A newly discovered and self-spreading Golang-based malware that spreads by brute force to MySQL, Tomcat, Jenkins, and WebLogic servers, among others, has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December, Intezer security researcher Avigayil Mechtinger.

The campaign's attackers have been actively updating the worm's capabilities through its command-and-control (C2) server since it was first spotted, which hints at an actively maintained malware. (Sergiu Gatlan / Bleeping Computer)

Related: SC Magazine, Reddit, Security Report

Israeli spyware maker NSO used real phone location data on thousands of unsuspecting people when it demonstrated its new COVID-19 contact-tracing system to governments and journalists, security researchers have concluded.

Using real data, NSO “violated the privacy” of 32,000 individuals across Rwanda, Israel, Bahrain, Saudi Arabia, and the United Arab Emirates, all of whom are reportedly customers of NSO. (Zack Whittaker / TechCrunch)

Related: PogoWasRight.org, Forensic Architecture, Slashdot

Ticketmaster subsidiary Live Nation already paid $110 million in 2018 to settle a civil suit brought by Songkick. (Tom Hays / Associated Press)

Related: Channel News Asia, PerthNow, Washington Examiner, TORONTO STAR, PYMNTS.com, The Independent, Tech Insider, The Verge, CyberNews, Bleeping Computer, Gizmodo, NDTV Gadgets360.com, DataBreaches.net, SiliconANGLE, Reddit - cybersecurity, HackRead, Reddit - cybersecurity, Security Affairs, The Hacker News

Dutch security researchers from Eye Control discovered a backdoor account in more than 100,000 Zyxel firewalls, VPN gateways, and access point controllers that can grant attackers root access to devices via either the SSH interface or the web administration panel.

Device owners are instructed to update their systems as soon as possible. (Catalin Cimpanu / ZDNet)

Related: Security Report, The Hacker News, Security Affairs, Reddit-hacking, Slashdot, Business Standard, TechNadu, HackRead, TechDator, Cyber Kendra, Bleeping Computer, DataBreaches.net

The most widely known of these recommendations recreates a National Cyber Director post in the White House. (Charlie Mitchell / InsiderCyberSecurity)

Related: Fox Business, GANNETT Syndication Service, Roll Call, Axios, Fox Business

The New York Stock Exchange will delist three large Chinese telecom carriers — China Mobile, China Telecom, and China Unicom — after mounting pressure by Washington, which believes the companies spy on behalf of Beijing's government.

The delisting is largely symbolic because the companies will continue to be traded in Hong Kong, where analysts and investors more closely follow them. (Chong Koh Ping and Drew FitzGerald / Wall Street Journal)

Related: Financial Times, Telecomlive.com

Must-Read: Israeli Intel Genius Has a Finger in Every Spyware Pie

This excellent long read by Haaretz’s Shuki Sadeh tells the tale of a brash but a brilliant former member of Israel’s elite intel community, Tal Dilian, who has spearheaded the development of the country’s controversial spyware community and still plays an influential role in virtually every spyware company.

By C.Suthorn / cc-by-sa-4.0 / commons.wikimedia.org, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=81242414

Read more