A security flaw in Grindr let anyone easily hijack user accounts

Grindr, one of the world's largest dating and social networking apps for gay, bi, trans, and queer people, has fixed a security vulnerability that allowed anyone to hijack and take control of any user's account using only their email address.

TechCrunch

Clinical Trials Hit by Ransomware Attack on Health Tech Firm

No patients were affected, but the incident was another reminder of the risks in the increasingly common assaults on computer networks. A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks.

Nytimes

DOD, DHS expose hacking campaign in Russia, Ukraine, India, Malaysia - CyberScoop

Written by Shannon Vavra Oct 1, 2020 | CYBERSCOOP The Department of Defense and the Department of Homeland Security are calling out an unspecified "sophisticated cyber actor" Thursday for using malware to launch cyberattacks against targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine.

CyberScoop

Emotet Makes Timely Adoption of Political and Elections Lures | Proofpoint US

During the 76 days since Emotet's return, researchers have observed activity reminiscent of past Emotet campaigns, like high message volumes and global distribution. Emotet uses a variety of lure themes, some of which occasionally leverage current events or news items, like COVID-19 or Greta Thunberg.

Proofpoint

Raspberry Pi's and Hardware For Kids, organized by Nicole Beckwith

Update: Thank you all so much for the generous donations! We have met our first goal and are now working towards our larger goal of $10,000. This will provide computers for the labs, and the necessary network setup for the students to learnon. Keep sharing and thank you so much for making this opportunity possible.

gofundme.com

The IRS Is Being Investigated for Using Location Data Without a Warrant

Do you work at Venntel, Babel Street, or other company providing location data to the government? Did you used to? Do you know anything else about the sale of location data? We'd love to hear from you.

Vice

PodcastOne: Cybersecurity Becomes A Business Imperative

Ann Johnson, Corporate Vice President, Business Development, Security, Compliance, and Identity at Microsoft, talks about perceptions of cybersecurity with information security researcher, political scientist, author, and Fulbright Scholar Tarah Wheeler. They dive into how security and risk management have ascended within organizations, as well as the importance of looking beyond cybercrime to the people most affected by the fallout.

Podcastone

Sophisticated new Android malware marks the latest evolution of mobile ransomware - Microsoft Security

Attackers are persistent and motivated to continuously evolve - and no platform is immune. That is why Microsoft has been working to extend its industry-leading endpoint protection capabilities beyond Windows.

Microsoft Security

Spoofed Internet Domains Pose Cyber and Disinformation Risks to Voters

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to help the public recognize and avoid spoofed election-related internet domains during the 2020 election year.

Cisa

Five Hackers Found 55 Bugs in Apple Products in 3 Months and Made $51,500

Apple rewarded the researchers for finding some very serious bugs in the company's websites. But for some, the researchers should have been paid more.

Vice

Neo23x0/Raccine

A Simple Ransomware Vaccine We see ransomware delete all shadow copies using vssadmin pretty often. What if we could just intercept that request and kill the invoking process? Let's try to create a simple vaccine. We register a debugger for vssadmin.exe which is our compiled raccine.exe.

GitHub

New Jersey hospital paid ransomware gang $670K to prevent data leak

University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of the data.

BleepingComputer

Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic

Professional hackers who already try to hide their activity through an array of technical means now seem to be trying on more corporate disguises, by creating front companies or working as government contractors to boost their legitimacy. U.S.

CyberScoop