Singapore police can access COVID-19 contact tracing data for criminal investigations | ZDNet

Singapore has confirmed its law enforcers will be able to access the country's COVID-19 contact tracing data to aid in their criminal investigations. To date, more than 4.2 million residents or 78% of the local population have adopted the TraceTogether contact tracing app and wearable token, which is one of the world's highest penetration rates.


Russian Software Company May Be Entry Point for Huge U.S. Hack

Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to access federal government and private sector systems in the United States.


Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)

On behalf of President Trump, the National Security Council staff has stood up a task force construct known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks.


Insecure wheels: Police turn to car data to destroy suspects' alibis

On June 26, 2017, the lifeless body of Ronald French, a bearded auto mechanic with once-twinkling eyes, was mysteriously found in a cornfield in Kalamazoo County, Michigan. French, a grandfather of eight who always tried to help people "down on their luck," his daughter Ronda Hamilton told NBC affiliate WOOD of Kalamazoo, had disappeared three weeks before.

NBC News

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

A Secret Hard-Coded Backdoor Account Found in Several Zyxel Firewall, VPN Products

The Hacker News

Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020 | ZDNet

Cobalt Strike and Metasploit, two penetration testing toolkits usually employed by security researchers, have been used to host more than a quarter of all the malware command and control (C&C) servers that have been deployed in 2020, threat intelligence firm Recorded Future said in a report today.


Pay inequity in cyber persists, but new initiatives aim to reverse trend

A 2020 survey of infosec professionals found that U.S.-based male respondents take home an average annual salary of $91,000, while female participants earn an average of $62,000 per year. The findings, shared with SC Media in advance of official publication, further illustrate the stark gender-based pay gap that exists in the cybersecurity industry, and highlight the importance of new or up-and-coming programs aimed at ending this inequity.

SC Media

Nissan suffers data leak via misconfigured Git server

Nissan North America has been hit with a data leak after misconfiguring one of its Bitbucket Git servers. Swiss software engineer and consultant Tillie Kottmann publicly disclosed the incident this week, after learning of it from an anonymous source. Kottmann analysed the exposed data and found that it included source code of Nissan mobile apps and diagnostics tool, among other assets.


1,500 SolarWinds Customers Are Exposing Themselves To Hackers As 'Russian' Espionage Continues

When Derek Abdine looked at the number of SolarWinds customers he could find on the web over the last week, he noticed an anomaly. The cybersecurity researcher expected to see users of SolarWinds' Orion tool drop, as customers responded to what was one of the biggest security breaches of recent years, scrambling to protect themselves from snoops like those who penetrated as many as ten government departments and several tech giants, Microsoft, FireEye and Cisco included.


White House to release maritime cybersecurity update - CyberScoop

Written by Shannon Vavra Jan 5, 2021 | CYBERSCOOP The National Security Council is planning to issue a cybersecurity update to the U.S. government's national maritime security strategy Tuesday, multiple senior administration officials tell CyberScoop.


Google's iOS apps haven't been updated in weeks. Could Apple's privacy labels be the reason?

Not a single one of Google's iOS apps have been updated in almost a month-an unusually long period for a tech behemoth not to release, at the very least, even a minor bug fix or stability update for one of its dozens of insanely popular iPhone and iPad apps.

Fast Company

Cyber attack: Hackers post Hackney Council's 'stolen documents'

"I fully understand and share the concern of residents and staff about any risk to their personal data, and we are working as quickly as possible with our partners to assess the data and take action, including informing people who are affected," he said.

BBC News