Evil Corp, the notorious Russian hacking group, has breached 31 major American corporations with a new ransomware attack targeting employees working from home.
Cybersecurity firm Symantec was first to announce the breach, attributing it to a sophisticated new ransomware called WastedLocker.
The company has declined to disclose the identities of the targeted companies, but they include eight Fortune 500 companies and one major news publication.
Source & full story: Daily Mail
Hackers have targeted Roblox profiles to support Donald Trump in the forthcoming US presidential election.
Users of the online multiplayer game complained their profiles were hacked with the message: “Ask your parents to vote for Trump this year!” and “MAGA2020”, an abbreviation of Make America Great Again.
With 100 million+ users worldwide, Roblox is marketed at children aged nine to 14.
Reportedly, in-game messages were sent from the hacked profiles to the account holders’ friends, urging them to support Trump in the November vote.
Hacked avatars have been dressed in existing in-game accessories which resemble items worn by Trump supporters.
Source & full story: BBC News
A leading medical-research institution working on a cure for Covid-19 has admitted it paid hackers a $1.14m (£910,000) ransom after a covert negotiation witnessed by BBC News.
The Netwalker criminal gang attacked University of California San Francisco (UCSF) on 1 June. IT staff unplugged computers in a race to stop the malware spreading.
An anonymous tip-off enabled BBC News to follow the ransom negotiations in a live chat on the dark web.
Cyber-security experts say these sorts of negotiations are now happening all over the world – sometimes for even larger sums – against the advice of law-enforcement agencies, including the FBI, Europol and the UK’s National Cyber Security Centre.
Netwalker alone has been linked to at least two other ransomware attacks on universities in the past two months.
Source & full story: BBC News
Social media platform TikTok has told the BBC it did not receive or store any personal data from Apple iPhone clipboards.
In trials of the latest update to the phone’s operating system, users are notified whenever an app accesses the handset’s clipboard.
TikTok was one of 53 apps that security researchers had previously flagged as regularly seeking clipboard access.
The company said it introduced the move to stop people spamming the platform by copying and pasting the same content.
The platform, owned by Chinese firm Bytedance, also said it disabled the feature via an automated app update pushed out on 27 June, and added that it was never enabled on Android devices.
In a statement TikTok said:
Following the beta release of iOS14 on June 22, users saw notifications while using a number of popular apps,” it said in a statement. …For TikTok, this was triggered by a feature designed to identify repetitive, spammy behaviour. We submitted an updated version of the app to the App Store removing the anti-spam feature to eliminate any potential confusion.
Source & full story: Yahoo
Facebook has admitted it mistakenly let 5,000 developers gather information from users’ profiles after a time limit on their rights had expired.
Apps on Facebook are supposed to be prevented from accessing people’s personal data if the app has not been used for 90 days.
However, the Social media giant claims that the lock-out had not always worked due to a flaw in the way it recorded inactivity, saying it fixed the issue the day after it was discovered.
Facebook has not stated how many users had their personal data scraped.
The harvesting of Facebook users’ personal information by third-party apps was at the centre of the Cambridge Analytica privacy scandal that was exposed in 2018.
Cambridge Analytica’s app on Facebook had harvested not only the data of people who interacted with it, but also that of friends who had not given consent. The company built a vast and lucrative database in the process.
Source & full story: BBC News