San Francisco commuters were given an unexpected surprise of free rides this holiday weekend, following a ransomware attack that took down the city's MUNI fare system. On Saturday, the hackers left a brief message on Muni ticketing systems which stated, “You Hacked, ALL Data Encrypted.” Muni spokesperson Paul Rose stated, “There’s no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact.” Read more.
Today, new exemptions have gone into effect that allow independent researchers to hack into the software of most IoT devices. These new exemptions will provide a two year time frame for protection from penalties, which forbid unlocking software without the consent of the manufacturer. CIO further reports that there are tight restrictions on these new exemptions, noting the research must be conducted for security or repair purposes only. Read more.
Following allegations of Russian interference in the U.S election, German officials are on high alert for attempts to undermine its election next year. Bruno Kahl, who leads Germany's Federal Intelligence Service, stated "We have evidence of cyber attacks that have no other purpose than triggering political uncertainty. The perpetrators are interested in delegitimizing the democratic process as such, no matter who that subsequently helps." Read more.
A new variant of malware launched on Android is believed to be responsible for the single biggest theft of Google account records. The attacks have compromised one million Google accounts, including hundreds that belong to enterprise users. Read more.
Camelot, operator of the UK's National Lottery, has announced that 26,500 online Lottery accounts have been breached, possibly due to password reuse. SC Magazine reports the incident is still under investigation, but Camelot states it does not believe its own systems have been compromised, nor that any systems connected to the lottery draw itself have been affected. Read more.
Major tech companies are pushing back against a new cybersecurity rule in China that requires software companies, network-equipment makers and other technology suppliers to disclose their proprietary source code to prove their products can’t be compromised by hackers. Tech companies are arguing in defiance of the new rule, stating sharing code will likely decrease security and hurt innovation and competition within the industry. Companies including Microsoft, IBM and Intel have filed objections, which maintain that sharing source code itself cannot prove that software is secure and controllable. Read more.
During its re:Invent developer conference, Amazon announced the general availability of a new product called Shield that provides a DDoS service for web apps that run on Amazon’s cloud computing service. The service is free and already turned on by default for web applications running on AWS. TechCrunch reports Amazon will also a premium version that protects against more sophisticated attacks. Read more.