BotNet News

From Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing, 2019 was another banner year for cybercrime. We look back at the highlights.

Cyberattacks have critical detrimental effects on journalists’ mental health (as explored in CNTI’s upcoming issue primer on journalist safety) and damage trust in news media, even when they don’t expose sources’ identities. Nonetheless, the ability to mitigate these threats varies widely across newsrooms and countries, with many policies inadvertently making it easier for spyware to be deployed or jeopardizing end-to-end encryption vital to press freedom.

In the last week, a major auto industry software provider was hit with a massive cyberattack that left thousands of dealerships in the US and Canada unable to process appointments and complete sales transactions. Also, a security vulnerability in Rockwell Automation HMIs could allow attackers to gain unauthenticated remote code execution with root privileges.

China is targeting 24 government networks in Cambodia, including the National Defense, Election Oversight, Finance, Commerce, Telecommunications and Human Rights agencies. The attack may be part of a broader espionage campaign by Chinese hacker groups. Hackers are in love with APIs, leveraging them not only to remotely control botnets but also to mask malicious traffic by encrypting it as valid cloud data. Meanwhile, a flaw in Ghostscript allows hackers to bypass the sandbox for remote code execution. Also, smart grill maker OpenAI is hacked and OVHcloud mitigates the largest DDoS attack yet. Lastly, an update for iOS and macOS fixes two vulnerabilities.