03-01-202105-01-2021

Security daily (04-01-2021)

Singapore says COVID tracing app data is fair game for criminal investigations

Police in Singapore are authorized to use data collected by an application for tracking exposure to the coronavirus for criminal prosecutions, a Singaporean government official said Monday in a move that could draw criticism from civil liberties groups over potential privacy violations. “Singapore Police Force is empowered under the Criminal Procedure Code to obtain any data and that includes the Trace Together [TT] data, for criminal investigations,” Desmond Tan, Singapore’s minister of state for home affairs, told members of parliament on Monday. “The government is the custodian of the TT data submitted by the individuals and stringent measures are put in place to safeguard this personal data.” Government officials tried to use the Trace Together website to assure Singaporeans that the data submitted through the contact-tracing app is limited and protected. A website update on Monday nonetheless informed users that police may request data for criminal investigations. Singapore, an island […] The post Singapore says COVID tracing app data is fair game for criminal investigations appeared first on CyberScoop. (CyberScoop)

The anatomy of a modern day ransomware conglomerate

If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need.  What makes the pain even worse is that the group is using an innovative structure that’s becoming more common in the cybercrime underworld. This ransomware gang, dubbed Egregor, in recent months appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies and financial institutions, according to the U.K.-based security firm Sophos. Egregor works much like other strains of ransomware — holding data hostage until a victim pays a fee — though in some ways the group behind it also exemplifies the current state of the hacking economy.  Rather than relying on lone hackers who mastermind massive data breaches, or dark web forums frequented only by Russian scammers, today’s cybercriminals […] The post The anatomy of a modern day ransomware conglomerate appeared first on CyberScoop. (CyberScoop)

T-Mobile: Breach exposed call information for some customers

T-Mobile says that it “recently identified and quickly shut down” a data breach that included call-related information about some accounts. The wireless telecommunication firm said in a notice mailed to some customers in late December that the incident “may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.” It’s the fourth data breach that the company has acknowledged within the last three years. T-Mobile, which completed a merger with Sprint in April 2020, also disclosed incidents that occurred in March 2020, November 2019 and August 2018. The company called the intrusion “malicious, unauthorized access,” but did not release details about the suspected intruders or their methods. Personally identifiable information was not affected in this latest breach, T-Mobile said. “The data accessed did not include names on the account, physical or […] The post T-Mobile: Breach exposed call information for some customers appeared first on CyberScoop. (CyberScoop)

Malvuln Launched Focusing On Exploiting Malware

(News ≈ Packet Storm)

Bitcoin Hits Record High On Twelfth Anniversary Of Its Creation

(News ≈ Packet Storm)

Assange's US Extradition Blocked On Health Grounds

(News ≈ Packet Storm)

Ticketmaster Fined $10 Million After Staff Hacked Competitor

(News ≈ Packet Storm)

Ransomware Gang Collects Data from Blood Testing Lab

Apex Laboratory patient data was lifted and posted on a leak site. (Threatpost)

Researcher Breaks reCAPTCHA With Google’s Speech-to-Text API

Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate. (Threatpost)

Leading Game Publishers Hit Hard by Leaked-Credential Epidemic

Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online. (Threatpost)

03-01-202105-01-2021

/security-daily/ 05-01-2021 23:44:25