Ransomware Disables GA Elections Database; COVID Vaccine and US Government Targeted; Psychotherapy Patients Blackmailed after Breach

A ransomware attack earlier this month disabled a Hall County, Georgia, database that is used to verify voters' signatures on absentee ballots. While the attack did not affect the voting process, county employees have had to manually verify signatures from voter registration cards.

Read more in

In a joint cybersecurity advisory, the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn that a Russian advanced persistent threat (APT) actor has targeted "US state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks." The APT actor has "exfiltrated data from at least two victim servers."

Read more in

A company that is manufacturing a COVID-19 vaccine for Russia has shut down operations in five countries following a cyberattack against its network. Dr. Reddy's is based in India and is about to enter Phase 2 human trials of the vaccine, which has been given the nickname Sputinik V. Dr. Reddy's has also isolated its data centers.

Read more in

Patients of Finland's Vastaamo psychotherapy clinic are reporting that they are being contacted with blackmail demands. Last week, Vastaamo disclosed a data breach compromised patient data. The hackers have reportedly posted some patient information on the dark web; patients who have been contacted by the hackers say they have been asked to pay 200 EUR (236 USD) to prevent their information from being exposed.

Read more in

The US Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned "a Russian government research institution that is connected to the destructive Triton malware." The State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM or TsNIIKhM) supported threat actors' use of Triton, which has been described as "the most dangerous threat activity publicly known."

Read more in

In an excerpt from Andy Greenberg's book, "SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers," Michael Assante's 2007 Aurora demonstration proves the danger hackers could pose to the power grid by manipulating protective relays.

Read more in

Researchers from Imperva have detected a botnet that is exploiting vulnerabilities in various content management systems (CMS) to infect websites. The botnet, which has been given the nickname KashmirBlack, is being used for cryptomining and spam. It uses Dropbox for its command-and-control infrastructure and stores files on GitHub and Pastebin. Hundreds of thousands of sites are believed to have been infected since late 2019.

Read more in

Sopra Steria, the French IT service company, has acknowledged the cyberattack that hit its network last week was actually a ransomware attack. The company says the infection was kept to "a limited part" of its IT systems. Sopra Steria predicts "it will take a few weeks for a return to normal."

Read more in

When users browsing in Internet Explorer attempt to access a website that is not IE-compatible, the site will launch in Microsoft Edge. Users will be notified that the site is not compatible with IE, and will be prompted to update to Edge, migrating their settings from IE. Microsoft plans to disable support for Internet Explorer in certain services starting in mid-November.

Read more in

Officials in Louisiana have called in the state's National Guard to help handle cyberattacks against government systems. Multiple local government systems in Louisiana have reportedly been infected with a remote access Trojan (RAT) that has previously been linked to hackers with ties to North Korea's government.

Read more in

A former systems administrator for the Century 21 department store has been indicted on several charges, including computer tampering and computer trespass. Prior to resigning from his position in November 2019, Hector Navarro allegedly stole employee data and created a superuser account that he used to access the system after he had left the company. Navarro allegedly deleted data to prevent people hired to replace him from accessing the network.

Read more in

An Israeli security company found more than 100 smart irrigation systems were left unprotected on the Internet. The vulnerable CC PRO systems were installed with the factory default settings unchanged, which means that the default account does not require a password. From there, malicious actors could access the system's control panel and change settings and delete other users from the system. The company notified CERT Israel of the situation, which contacted affected companies as well as Motorola, the manufacturer, and shared information with CERTs in other countries. The number of exposed systems is falling.

Read more in