BBC: How hackers extorted $1.14m from University of California, San Francisco

BBC: How hackers extorted $1.14m from University of California, San Francisco. “A leading medical-research institution working on a cure for Covid-19 has admitted it paid hackers a $1.14m (£910,000) ransom after a covert negotiation witnessed by BBC News.”

AsiaOne: Hacker allegedly breaches Indonesian govt database on Covid-19 test-takers

AsiaOne: Hacker allegedly breaches Indonesian govt database on Covid-19 test-takers. “The hacker, under the username Database Shopping, offered the personal data of Covid-19 test-takers in Indonesia on the data-exchange platform Raid Forums, where another member put up for sale the personal information of 15 million users from homegrown e-commerce unicorn Tokopedia’s internal database for US$5,000 (S$7,000).”

Washington Post: Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found

Excuse me a moment while I headdesk? Washington Post: Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found. “The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers ‘prioritized building cyber weapons at the expense of securing their own systems,’ according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the current director.”

Security Boulevard: High-Profile Data Thefts Shine Spotlight on Dark Web

Security Boulevard: High-Profile Data Thefts Shine Spotlight on Dark Web. “Recent ransomware threats leveled at President Trump, Lady Gaga and Madonna have raised awareness of the need to not only better secure data but also devoting more resources to determine what data has been exposed on the Dark Web. The cybercriminals who make up the REvil (Sodinokibi) ransomware gang this week launched an auction site where they plan to sell stolen data they were unable to ransom. Previously, REvil claimed to have stolen data from Grubman Shire Meiselas & Sacks, a law firm that primarily serves celebrities, and Agromart, an agricultural company based in Canada. Other apparent victims include Wartman Law Firm, Fraser Wheeler and Courtney LLP and Vierra Magen Marcus LLP.”

Vanity Fair: Hackers Are Already Screwing With the 2020 Election

Vanity Fair: Hackers Are Already Screwing With the 2020 Election. “The vulnerabilities of online voting underscore the broader concerns about this year’s election. Observers already warned that Russia, which meddled in the 2016 election on Trump’s behalf, and other bad actors are seeking to interfere with this cycle.”

The Asian Age: Google detects coronavirus-themed phishing attacks by firms in India posing as WHO, banks

The Asian Age: Google detects coronavirus-themed phishing attacks by firms in India posing as WHO, banks. “Hack-for-hire firms, many of them based in India, are creating accounts spoofing the World Health Organisation (WHO) and targeting business leaders in financial services, consulting, and healthcare corporations in the US, the UK and Bahrain among other countries amid the COVID-19 pandemic, according to a report by Google.”

CNN: Nintendo reveals 160,000 accounts were breached

CNN: Nintendo reveals 160,000 accounts were breached. “Nintendo revealed on Friday that 160,000 accounts were breached since the beginning of April, by hackers using others’ Nintendo Network IDs without permission. The company announced users will no longer need to use these IDs to log into their accounts, and that passwords on accounts that may have been breached will be reset.”

Exclusive: Iran-linked hackers recently targeted coronavirus drugmaker Gilead – sources (Reuters)

Reuters: Exclusive: Iran-linked hackers recently targeted coronavirus drugmaker Gilead – sources. “Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, according to publicly-available web archives reviewed by Reuters and three cybersecurity researchers, as the company races to deploy a treatment for the COVID-19 virus.”

Europol: Hacker Group Selling Databases With Millions Of User Credentials Busted In Poland And Switzerland

Europol: Hacker Group Selling Databases With Millions Of User Credentials Busted In Poland And Switzerland. “Polish and Swiss law enforcement authorities, supported by Europol and Eurojust, dismantled InfinityBlack, a hacking group involved in distributing stolen user credentials, creating and distributing malware and hacking tools, and fraud.”

Washington Post: Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online

Washington Post: Nearly 25,000 email addresses and passwords allegedly from NIH, WHO, Gates Foundation and others are dumped online. “Unknown activists have posted nearly 25,000 email addresses and passwords allegedly belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other groups working to combat the coronavirus pandemic, according to the SITE Intelligence Group, which monitors online extremism and terrorist groups. While SITE was unable to verify whether the email addresses and passwords were authentic, the group said the information was released Sunday and Monday and almost immediately used to foment attempts at hacking and harassment by far-right extremists. An Australian cybersecurity expert, Robert Potter, said he was able to verify that the WHO email addresses and passwords were real.”

The Register: Staffer emails compromised and customer details exposed in T-Mobile US’s third security whoopsie in as many years

The Register: Staffer emails compromised and customer details exposed in T-Mobile US’s third security whoopsie in as many years. “T-Mobile US was hacked by miscreants who may have stolen some customer information. The telco did not specify exactly when the intrusion took place (and has yet to respond to questions from The Register) in its Notice Of Data Breach.”

CNN: Clearview AI has billions of our photos. Its entire client list was just stolen

CNN: Clearview AI has billions of our photos. Its entire client list was just stolen. “Clearview AI, a startup that compiles billions of photos for facial recognition technology, said it lost its entire client list to hackers. The company said it has patched the unspecified flaw that allowed the breach to happen.”

University of Texas at Dallas: Computer Scientists’ New Tool Fools Hackers into Sharing Keys for Better Cybersecurity

University of Texas at Dallas: Computer Scientists’ New Tool Fools Hackers into Sharing Keys for Better Cybersecurity. “Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them. The method, called DEEP-Dig (DEcEPtion DIGging), ushers intruders into a decoy site so the computer can learn from hackers’ tactics. The information is then used to train the computer to recognize and stop future attacks.”