Summary:
Several US telecoms were infiltrated by Chinese hackers in the group known as "Salt Typhoon". The full extent of the damage is not known, but call metadata was targeted.

Summary:
The Biden administration's FCC ordered telecoms to harden their infrastructure against cyberattacks. It remains to be seen if the new administration will stand behind those new rules.

Summary:
The US Department of the Treasury issued sanctions against an individual and a networking company who were associated with the infiltration of several US telecoms. The announcement (Treasury Sanctions Company Associated with Salt Typhoon and Hacker Associated with Treasury Compromise) includes information about rewards of up to $10M USD for information about malicious cybersecurity individuals.

Summary:
Online orders of Krispy Kreme donuts were shutdown in December due to cybersecurity attack, according to a filing with the SEC by the company. Desperate customers could still get the treats from the brick-and-mortar stores.

Summary:
An AMD chip that provides a high level of security through encrypted memory was found susceptible to a relatively easy hands-on attack. The attack starts by changing the information about the size of the RAM so that is appears larger than it really is. Then, by aliasing from a fake address to a real address. When the OS tries to read the non-existent address, it gets the data from the real address. Although the attack requires physical access and does not immediately imperil cloud-computing systems, AMD will fix the chip design to nullify the attack.

Summary:
The personal information of applicants for social services in Rhode Island was "most likely" captured by hackers using a ransomware attack against the state's computer systems for benefits. The state detected the attack before the ransom demand and began mitigation of the damage, but attackers subsequently showed that they had obtained a great deal of information. There was no information about any kind of immediate damage suffered by benefit seekers.

Summary:
Despite an ever increasing focus on cybersecurity from software companies, the US continues to suffer from data breaches and system impairments. To better protect US agencies and infrastructure from this harm, the Biden administration issued and executive order throwing responsibility onto the software providers themselves. The EO requires that software provided to the US government must be free of flaws that would let hackers gain entry. Because the EO increases regulation and also seeks to deter Chinese hacking, it seems to present opposing goals for the new administration.

Summary:
First, a security researcher found that Subaru that his mother owned had a security flaw that allowed easy, remote access to the car's data and controls. The mechanism for this was part of the vehicle's Starlink system. Moreover, the Starlink website had feeble security controls, allowing any Subaru employee to read all the data from any car. That seemed like a security and privacy nightmare, but it got worse. The cars kept a year's worth of detailed location information, and that was also available to the Subaru organization at large. Subaru said that permission for the data access was granted by the owner at time of purchase, and that it was only used by dealership employees for special purposes, like helping law enforcement.