IT Security

Hackers have tapped into 150,000 US company surveillance cameras in hospitals, prisons, schools and police stations, among other places, according to a media report. Companies such as the electric car manufacturer Tesla and the IT security firm Cloudflare were also affected, as the financial service Bloomberg reported on Wednesday night. For example, the hackers would have shown footage from Tesla's Shanghai site. The Californian start-up Verkada, from which the cameras originated, told Bloomberg in an initial reaction that it was investigating "the extent of the potential problem".

Cyberpunk 2077 developer CD Projekt Red announced on Twitter that they have been the victim of a hacker attack. Apparently, the security barriers of the internal network were cracked and numerous datasets were stolen with the help of malware, as well as some of them were made unusable for the developer. Personal data, according to the developer, was not affected.

One of the biggest media organizations in German-speaking territories has become the victim of a sustained cyberattack over the Christmas holiday, forcing several newspapers to cancel or offer severely curtailed "emergency" editions. The attack, which is still ongoing, began last Tuesday.

As part of the widespread cyber attack on a number of United States federal agencies, the National Nuclear Security Administration and Energy Department have suffered from network hacks. Shaylyn Hynes, a Department of Energy spokesperson, has stated that "At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration".

U.S. drugmaker Pfizer and its German partner BioNTech said on Wednesday that documents related to development of their COVID-19 vaccine had been “unlawfully accessed” in a cyberattack on Europe’s medicines regulator.

Gionee, a Chinese manufacturer of low-cost smartphones, has been found guilty by the Chinese courts of installing malware on more than 20 million devices it sold between December 2018 and October 2019.

According to the report, the company used a subsidiary to plant a "Trojan horse" to carry ads without the users' permission.

Brazilian company Embraer, considered today's third-largest airplane maker after Boeing and Airbus, was the victim of a ransomware attack last month.

Google on Thursday was sued for allegedly stealing Android users' cellular data allowances though unapproved, undisclosed transmissions to the web giant's servers.

The complaint contends that Google is using Android users' limited cellular data allowances without permission to transmit information about those individuals that's unrelated to their use of Google services.

After patient data has been stolen from a large psychotherapy clinic in Finland, patients have been contacted individually by a blackmailer. The data appears to have included personal identification records and notes about what was discussed in therapy sessions. It said it believed the data had been stolen in November 2018, with a further potential breach in March 2019.

According to Twitter, there are no indications that the claims of the security researcher are true that Trump's Twitter account has been compromised by using the password "maga2020".

The press office of the White House also does not want to comment on "Security procedures around the social media accounts of the president" and says that the story around the alleged hack is "Definitely not correct".

The researcher, Victor Gevers, had access to Trump’s personal messages, could post tweets in his name, and change his profile. Gevers took screenshots when he had access to Trump’s account. Trump, an active Twitterer with 87 million followers, had an extremely weak and easy to guess password and had according to the researcher, not applied two-step verification.

With a delay of almost nine years, the new Berlin airport is scheduled to be opened on the last day of October. A journalist from t-online has now spotted that parts of the IT systems at the Berlin airport still run on an outdated version of Windows XP that lost support my Microsoft latest in April 2019.

The system has been spotted in an elevator. Currently, it is unclear if the system is connected to the internet or to an internal network leaving the security implications unclear.

A woman in Germany died during a ransomware attack on the Düsseldorf University Hospital, in what may be the first death directly linked to a cyberattack on a hospital. The hospital couldn’t accept emergency patients because of the attack, and the woman was sent to a health care facility around 20 miles away.

It could be the first death directly linked to a cybersecurity attack.

Hackers from China, Russia and Iran are targeting the 2020 presidential elections, Microsoft found. In a blog post, Microsoft stated that the three hacker groups Strontium (Russia), Zirconium (China) and Phosphorus (Iran) have launched attacks aimed at both the Democratic and Republican party. The groups have attacked "more than 200 organizations including political campaigns, advocacy groups, parties and political consultants", "high-profile individuals associated with the election" including associates of Biden's campaign and "personal accounts of people associated" with the Trump campaign.

"The majority of these attacks were detected and stopped by security tools built into our products. We have directly notified those who were targeted or compromised so they can take action to protect themselves," so Microsoft

More than a billion Android devices are at risk of data theft and of becoming spying tools because of more than 400 flaws discovered this week in Qualcomm’s Snapdragon chip.

If an user downloads content that’s rendered by the chip an attacker can exploit those vulnerabilities to install malicious apps without any permission and use them to monitor locations and listen to nearby audio in real time, withdraw photos and videos and even render the phone completely unresponsive.

During an interview at Fox News, Laura Ingraham asked the United States Secretary of State Mike Pompeo if the Trump Administration is considering to ban Chinese social media apps such as TikTok. Pompeo stated that "With respect to Chinese apps on people's cell phones, I can assure you the United States will get this one right too, Laura" and that he doesn't "want to get out in front of the President, but it's something we're looking at". He also stated security concerns with TikTok and suggested that people should only install the app on their phones if they want their "private information in the hands of the Chinese Communist Party".

New Zealand Police has frozen $90 million from a New Zealand based company belonging to Alexander Vinnik who had been arrested in July 2017 while on a family vacation in Greece. The Russian IT expert has an open extradition warrant from the United States and France where the authorities accuse him of money laundering, identity theft, drug trafficking and computer hacking. The authorities also accuse him that he has operated BTC-e, a cryptocurrency exchange that allegedly enabled money-laundering. The Greek legal team of Vinnik denies that he ran the exchange and says he was an employee.

Criminals have released a screenshot of an alleged Madonna contract together with a demand for payment. In addition, the website of the law firm Grubman Shire Meiselas & Sacks, based in New York, is down. The firm has announced that clients have been notified and a cybersecurity company has been called in for help.

The Indonesian e-commerce platform Tokopedia has announced that " that there had been an attempt to steal data from Tokopedia users". The cybercrime monitoring firm Under the Breach has shared that hackers are allegedly offering the user data of 91 million compromised user profiles for around "$5,000 on the Darknet". The company itself has told the news agency Reuters that all transactions and payment methods would be still secure.

Two security vulnerabilities in iOS have been actively exploited for several years. One patch has not yet been applied. Attackers can exploit the vulnerabilities via prepared emails that they send to their victims. Currently, iOS users should no longer use Apple's integrated mail app. Under iOS 12, the attacker email must be opened by the user. However, this e-mail does not contain any content. Under iOS 13, the attack can be carried out in the background without any user interaction. Only the mail app in the mobile operating system is affected. macOS is not affected.