Category: Industry News – HOTforSecurity

Read the original article: Tech Support Scams Inflicted Nearly $150 Million in Losses in 2020, IC3 Reveals Despite newly created opportunities for fraudsters to rip-off unsuspecting citizens during the ongoing pandemic, tech support scams inflicted nearly $150 million in reported…

Read more →

Read the original article: Microsoft 365 Spoofing Campaign Targets CEOs and Decision Makers, Research Finds Security researchers have identified a new Microsoft 365 spoofing campaign that targets specific people in companies, trying to compromise peoples’ accounts such as C-suite executives…

Read more →

Read the original article: BEC Is 62 Times More Profitable than Ransomware, IC3 Finds The FBI’s Internet Crime Complaint Center (IC3) is out with its annual Internet Crime Report, revealing that Business Email Compromise (BEC) remains a lucrative affair for…

Read more →

Read the original article: To share or not to share? Secrets behind the popular “share” button The share button is not as innocent as it seems. You might be animated by the best intentions when you click it and we…

Read more →

Read the original article: TrickBot Operators Now Use ‘Traffic Violations’ to Spear-Phish Unsuspecting Victims The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI have released a Joint Cybersecurity Advisory on TrickBot warning that a sophisticated group of cyber actors…

Read more →

Read the original article: Hidden Code Suggests Apple Will Offer Standalone Security Updates to iDevices New code strings in the latest iOS betas indicate that Apple Inc plans to begin treating customers to out-of-band security updates starting with the next…

Read more →

Read the original article: Celebrity Twitter hacker agrees to three-year prison sentence Hacker exploited access to Twitter’s internal tools to post scam from high profile accounts Elon Musk, Joe Biden, Barack Obama, Apple, and Uber amongst accounts exploited A teenager…

Read more →

Read the original article: PYSA Ransomware Attacks Targeting Healthcare, Education and Government Institutions, FBI Warns The Federal Bureau of Investigation has issued a flash alert warning of an increase in PYSA ransomware attacks targeting government entities, educational institutions, private companies…

Read more →

Read the original article: Sky Global’s Criminal Secure Network Taken Down; Arrest Warrant Issued for CEO The CEO of Sky Global and one of his associates received indictments and were charged with conspiracy to violate the federal Racketeer Influenced and…

Read more →

Read the original article: Half of Americans Experienced Identity Theft During COVID-19 Pandemic, New Study Shows A new report uncovers a striking pervasiveness of identity theft perpetrated against U.S. consumers where half of respondents surveyed experienced such an occurrence during…

Read more →

Read the original article: With Proof-of-Concept Out, FBI & CISA Urge Organizations to Mitigate Microsoft Exchange Threat ASAP The US Cybersecurity & Infrastructure Security Agency (CISA) and the FBI have released a joint advisory urging organizations to take steps towards…

Read more →

Read the original article: FTC Urged to Enforce Rules that Protects User Health Data Shared with Fertility Apps United States lawmakers urged the Federal Trade Commission (FTC) to exercise its authority and take action against menstruation-tracking mobile apps, which presumably…

Read more →

Read the original article: The Microsoft Exchange Server mega-hack – what you need to know What’s going on?In case you’ve missed the news – hundreds of thousands of Microsoft Exchange Server systems worldwide are thought to have been compromised by…

Read more →

Read the original article: CISA Offers IT Admins Guidelines to Mitigate Recent MS Exchange Vulnerabilities The Cybersecurity & Infrastructure Security Agency (CISA) has issued an emergency directive and alert addressing several critical vulnerabilities recently found in Microsoft Exchange products. Microsoft…

Read more →

Read the original article: New ObliqueRAT Malware Campaign Now Integrates Steganography, Researchers Finds Security researchers have identified a new malware campaign designed to infect host machines with ObliqueRAT, a remote access Trojan, with the help of malicious Microsoft Office documents.…

Read more →

Read the original article: Microsoft Issues Exchange Server Updates for Four 0-Day Vulnerabilities Used by Chinese Hafnium APT Microsoft has revealed a new state threat actor, named Hafnium, that’s been exploiting previously unknown zero-day vulnerabilities in the on-premises Exchange Server…

Read more →

Read the original article: Android Security Bulletin: Google Issues Fix for Critical Remote Code Execution Flaw in Android System This Monday, Google revealed fixes for 37 Android vulnerabilities, including one critical security flaw found in the System component. The announcement…

Read more →

Read the original article: Update Your Chrome Browser Now! Zero-Day Actively Exploited in the Wild A new zero-day vulnerability has been discovered in the popular web browser Chrome, with Google noting that the flaw is being exploited by malicious actors.…

Read more →

Read the original article: Scams 101: All you need to know to protect against online fraud and identity theft Internet scams are everywhere, inflicting billions of dollars in reported losses from victims each year. Anyone can fall for online scams,…

Read more →

Read the original article: UK Fraud and Cybercrime Watchdog Warns of Travel-Related Scams in Anticipation of Holiday Booking Surge UK’s national reporting center for fraud and cybercrime (Action Fraud) is warning citizens to watch out for travel-related fraud following the government’s announcement…

Read more →

Read the original article: “Mentally ill demon hackers” blamed for massive Gab data leak Far-right service allegedly breached via SQL injection vulnerability More than 40 million posts, messages, profiles, and hashed passwords compromised Gab, the Twitter-like social networking service known…

Read more →

Read the original article: UK National Cyber Security Centre Issues Distance Learning Guide For Families The National Cyber Security Centre (NCSC) has issued a family-oriented guide to help parents and caretakers ensure a safe digital learning experience for students. Although…

Read more →

Read the original article: NY Department of Financial Services Issues Cyber Fraud Alert to Auto Insurers The New York Department of Financial Services (NYDFS) has issued an alert to instant-quote websites, particularly car insurers, warning of a growing campaign to…

Read more →

Read the original article: Austin Energy Customers Targeted in Vishing Scams After Severe Winter Storm Provokes Utility Outages Utility provider Austin Energy is warning residents that scammers are exploiting the chaos surrounding the severe winter storms that cut power to…

Read more →

Read the original article: Japan Suffered Record Number of Privacy and Security Violations in 2020 88 publicly traded companies in Japan compromised personal information last year, either because of a malware infection or misconfigured access protocols. As many as 30%…

Read more →

Read the original article: DoppelPaymer Gang Reportedly Attacked Kia Motors America with Ransomware Kia Motors America was hit by a ransomware attack, and the criminals asked for a $20 million ransom to provide a decryptor, BleepingComputer reported. The initial reports…

Read more →

Read the original article: Lakehead University Shuts Down Campuses and Computers After Cyberattack Computer systems at Lakehead University (LU) in Ontario, Canada, remain offline after a cyberattack hit the public research institution on Tuesday. In response to the attack, officials…

Read more →

Read the original article: Banks Investing in Automated Cyber-Defenses to Fight Business Email Compromise, Survey Shows The COVID-19 pandemic has intensified both the threat of fraud and the response to it, with corporate environments and banking in particular aligning on…

Read more →

Read the original article: Data Breach at DMV Contractor Exposes Vehicle Registration Data of Millions of Californians The California Department of Motor Vehicles (DMV) is investigating a data breach at an address verification company that may have compromised vehicle registration…

Read more →

Read the original article: Telegram Vulnerabilities Could Let Attackers Send Malicious Animated Stickers, Research Finds A security researcher has discovered a series of vulnerabilities within Telegram that could let attackers send modified animated stickers, which could have exposed the victims’…

Read more →

Read the original article: Yandex Email Admin Sold His Inbox Access and Compromised Almost 5,000 Accounts Yandex is an Internet company that provides users with a suite of products like Internet browsers for all major platforms, a search engine, an…

Read more →

Read the original article: 124 Million Rows of Customer Data Exposed Through Leaky Adorcam Database An unsecure database owned by webcam app Adorcam has exposed thousands of user accounts, according to security researcher Justin Paine. Adorcam is a specialized app…

Read more →

Read the original article: Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns. Hackers could trigger ‘fake…

Read more →

Read the original article: IRS Warns Tax Professionals of Phishing Campaign Targeting EFINs The Internal Revenue Service (IRS) began accepting tax-return applications last Friday. As millions of citizens prepare for what may be the most challenging tax season to date,…

Read more →

Read the original article: Telegram Didn’t Destroy Multimedia Files Sent Through Secret Chat on macOS, Researcher Finds A security researcher discovered that one of Telegram’s features on macOS that should have guaranteed complete privacy by destroying the information sent by…

Read more →

Read the original article: After hackers blackmailed their clients, Finnish therapy firm declares bankruptcy Highly sensitive notes from therapy sessions were published online in an attempt to blackmail patients Hackers bragged about the poor state of firm’s security Vastaamo, the…

Read more →

Read the original article: CISA Warns of Incoming Valentine’s Day Romance Scams The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the upcoming Valentine’s Day, telling people to watch out for romance scams. If there’s money…

Read more →

Read the original article: Eight People Accused of SIM-Swapping Attacks on US Celebs Arrested Following Joint UK- US Operation An investigation led by NCA Cyber Crime with the help of the US Secret Service, Homeland Security Investigations, the FBI and…

Read more →

Read the original article: FBI Issues Private Industry Notification in Light of Florida Water Plant Hack The US Federal Bureau of Investigation has issued a private industry notification after a cyberattack that targeted a water plant in the state of…

Read more →

Read the original article: Cyberpunk 2077 Developer Hit with Ransomware; Hackers Stole Data but Company Won’t Budge CD Projekt Red, a game developer and publisher based in Poland, has announced that hackers used ransomware to compromise a few of its…

Read more →

Read the original article: COMB: Over 3.2 Billion Unique Email and Password Combinations Leaked on Underground Forum The largest combo of stolen credentials to date, containing more than 3.2 billion user login combinations, was posted on a cybercrime forum last…

Read more →

Read the original article: Most Zoombombing Attacks Are Inside Jobs, Researchers Show A new study from researchers at Binghamton University and Boston University shows that most zoombombing incidents are “inside jobs.” With videoconferencing surging during the pandemic, hacking online meetings…

Read more →

Read the original article: Hackers publish patient data stolen from two US hospital chains Ransomware gang Conti blamed for attack on Florida-based Leon Medical Center Malware delivered via a poisoned document mistakenly opened by staff member The Florida-based Leon Medical…

Read more →

Read the original article: Attacker Tries to Poison Water Supply near Tampa, Florida US law enforcement agencies are investigating a cyberattack that targeted the water plant of Oldsmar, a small town outside Tampa, Florida. Local officials say the town’s water…

Read more →

Read the original article: Together for a Better Internet: Let’s Make a Safer Internet Day, Every Day Since the dawn of the Internet, the digital world has continued to evolve, offering users unlimited access to information, entertainment and ways of…

Read more →

Read the original article: Spotify Hit with a Credential Stuffing Attack with Data from Another Breach A security researcher has discovered that Spotify has fallen victim to a credential stuffing attack that used data from more than 100,000 accounts. Unlike…

Read more →

Read the original article: Spotify Hit with a Credential Studding Attack with Data from Another Breach A security researcher has discovered that Spotify has fallen victim to a credential stuffing attack that used data from more than 100,000 accounts. Unlike…

Read more →

Read the original article: US Democrat Bill Seeks to Enforce Privacy and Security Rights for Health Information As organizations deploy new tools to fight the spread of COVID-19 – including contact tracing apps, digital monitoring, home tests and vaccine appointment…

Read more →

Read the original article: Medical Researcher to Serve 30 Months in Federal Prison for Conspiring to Sell Trade Secrets to China A former medical researcher at the Ohio-based Nationwide Children’s Hospital was sentenced to 30 months in federal prison after…

Read more →

Read the original article: US Democrats Draft Bill to Enforce Privacy and Security Rights for Health Information As organizations deploy new tools to fight the spread of COVID-19 – including contact tracing apps, digital monitoring, home tests and vaccine appointment…

Read more →

Read the original article: Fake WhatsApp app may have been built to spy on iPhone users – what you need to know Fake WhatsApp appears to have been used in targeted attacks Users reminded to always be wary of where…

Read more →

Read the original article: Google Says a Quarter of Detected 0-day Exploits Could Have Been Avoided with Better Patches Google revealed that 25% of the 0-days detected in 2020 are related to publicly disclosed vulnerabilities, which have been already patched.…

Read more →

Read the original article: ‘Baron Samedit’ Sudo Vulnerability Also Affects macOS; No Patch Available Yet Security researchers identified a new Sudo vulnerability affecting Linux systems a few days ago and dubbed it ‘Baron Samedi.’ Another researcher found that the same…

Read more →

Read the original article: Cyberpunk 2077 Exploit Allows Malicious Actors to Gain Control of Gamers PCs CD Projekt Red (CDPR), the developers of Cyberpunk 2077, is warning PC gamers against downloading mods and custom saves due to a vulnerability that…

Read more →

Read the original article: Zoom Settles with FTC over Allegations of Deceptive Security Practices The US Federal Trade Commission this week gave final approval to a settlement with Zoom Video Communications over allegations it misled consumers about the level of…

Read more →

Read the original article: Hackers behind Wolf & Associates Breach Sentenced to 33 Years in Prison Two San Diego residents pleaded guilty last week to hacking a computer network to steal client identities and collect more than $2 million in…

Read more →

Read the original article: FTC Warns US Citizens of ‘Instant Cash Payments’ Scammers Impersonating the Agency The US Federal Trade Commission (FTC) has released information on scammers impersonating the agency, warning the public that the criminals operate a spoofed website…

Read more →

Read the original article: USCellular Notifies Customers of Data Breach after Employees Unknowingly Download Malware USCellular, a Chicago-based mobile network operator, has revealed a data breach incident affecting an undisclosed number of customers. The company believes the incident occurred on…

Read more →

Read the original article: Patch Your iGear Now – iOS 14.4 Fixes ’Actively Exploited‘ Security Flaws iDevice users this week were greeted with a new software update containing enhancements and bug fixes – including patches for three apparently nasty security…

Read more →

Read the original article: North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities Fully-patched Windows 10 computers using the Chrome browser are being infected by visiting bogus security researcher website. Hackers would take weeks or months to gain…

Read more →

Read the original article: Two Dutch Public Health Workers Arrested for Selling Coronavirus Patient Information Dutch police have arrested two Public Health Department (GGD) workers for allegedly stealing information on COVID-19 patients and offering to sell it online to various…

Read more →

Read the original article: Cybercriminals Impersonate UK’s National Health Service to Spread COVID-19 Vaccination Phishing Emails Fraudsters impersonating UK’s National Health Service (NHS) are actively exploiting the COVID-19 vaccination campaign to dupe citizens into providing their personal information through various…

Read more →

Read the original article: World’s Largest Crane Maker Suffers Global Cyber Attack, Operations at a Halt PALFINGER AG, the giant manufacturer of lifting systems, has posted a statement on its home page confirming it is currently under attack by hackers.…

Read more →

Read the original article: Hacker Releases Dating Site Data Belonging to 2+ Million Users Dating site MeetMindful has discovered that “a well-known hacker” has leaked the details of more than 2 million users registered its web site. An unnamed security…

Read more →

Read the original article: 2 Million User Records from Adult Streaming Website MyFreeCams.com Sold in Underground Forum A data broker who allegedly hacked adult chat and web-streaming website MyFreeCams.com has sold nearly 2 million user records on a dark web…

Read more →

Read the original article: England’s Department of Education Sends Malware-Infected Laptops to Disadvantaged Kids England’s Department for Education has learned that laptops given out by the government to support disadvantaged children during the lockdown contain malware. The government has so…

Read more →

Read the original article: Hundreds of thousands of cryptocurrency investors put at risk after BuyUCoin security breach Data from Indian cryptocurrency BuyUCoin has been leaked online Notorious hacking group appears to have accessed unsecured MongoDB database Another day, and another…

Read more →

Read the original article: Texas Security Technician Who Hacked Security Cams to Watch Couples Having Sex Faces 5 Years Behind Bars A former ADT employee entrusted with maintaining home security cameras has pleaded guilty to hacking into video feeds to…

Read more →

Read the original article: Belgian Hospital Reroutes Critical Patients after Cyberattack On Sunday evening, the CHwapi hospital in Belgium suffered a cyberattack that prompted the facility to redirect emergency patients to other hospitals and delay surgical procedures. As reported by…

Read more →

Read the original article: Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack SEPA was hit by ransomware attack on Christmas Eve Corporate plans and contracts published after organisation refused to give in to ransom demand…

Read more →

Read the original article: New Phishing Attack Impersonates PayPal with Threats of ’Flagged‘ Profiles Security researchers identified a phishing attack impersonating PayPal that allowed criminals to access people’s credentials, their PayPal account, and then their finances. Credentials for access to…

Read more →

Read the original article: NSA Offers Sysadmins Guidance on Eliminating Obsolete TLS Configurations The US National Security Agency (NSA) has released a security advisory warning network administrators and security analysts that “new attacks against Transport Layer Security (TLS) and the…

Read more →

Read the original article: Obsolete Adult Social Media App Exposes Lewd Photos of Users Researchers have recently stumbled upon an unsecure database belonging to Fleek, an X-rated social media app Fleek that ceased operations in 2019. The app was apparently…

Read more →

Read the original article: OpenWRT Reveals Forum Data Breach; Users Advised to Reset Passwords OpenWRT open-source project says someone used an administrator’s credentials to breach their forum and stole a list of list user names, email addresses, and various other…

Read more →

Read the original article: AnyVan Confirms Data Breach Weeks after Customer Records Are Put Up For Sale on Hacking Forum AnyVan, a provider of delivery, transport and removal services in Europe, said it has fallen victim to a data breach…

Read more →

Read the original article: Fraudsters Take to Dating Apps Spreading Investment Scams, Interpol Warns The online dating scene has become the best way for fraudsters to lure individuals into placing their hard-earned cash in phony investment apps, The International Criminal…

Read more →

Read the original article: Cybercriminals Use Vishing to Steal Remote Employee Credentials, the FBI Warns Cybercriminals use various social engineering attacks to impersonate trusted organizations and steal employee login credentials and sensitive corporate information, the Federal Bureau of Investigation (FBI)…

Read more →

Read the original article: Scottish environmental agency still struggling after Christmas Eve ransomware attack Cybercriminals struck in early hours of Christmas Eve Organisation says that no public funds will be used to pay ransom The Scottish Environment Protection Agency (SEPA)…

Read more →

Read the original article: Organizations Should Establish ‘Blame-Free Employee Reporting’ of Suspicious Activity, CISA Says The Cybersecurity & Infrastructure Security Agency (CISA) has warned businesses that rely on cloud services to look out for phishing campaigns and other threats that…

Read more →

Read the original article: Notorious Underground Credit Card Marketplace ‘Joker’s Stash’ is Shutting Down Joker’s Stash, one of the world’s largest underground marketplaces peddling stolen credit cards, will reportedly shut down operations next month, according to researchers. The decision to…

Read more →

Read the original article: FTC Orders Popular Women’s Fertility-Predictor App to Stop Misleading Users about Health Info Shared with Data Analytics Providers Flo Health, Inc., the developer of a popular period and fertility-tracking app, has reached a settlement with the…

Read more →

Read the original article: Australian Police Email Mistakenly Identifies Gun Owners The Queensland Police Service has mistakenly sent an email that revealed information on about 500 gun owners, which could have been used to determine their location or real names.…

Read more →

Read the original article: Dutch Energy Supplier Blames Cyber Intrusion on Data Breaches Suffered by Other Companies Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords amid a recent data breach.…

Read more →

Read the original article: Banking Organizations May Face New Breach Notification Requirements from US Regulatory Bodies US regulators have released a Notice of Proposed Rulemaking (NPRM) that would oblige banking organizations and bank service providers in the country to adhere…

Read more →

Read the original article: Pfizer and BioNTech COVID-19 Documents Stolen in EMA Cyberattack The European Medicines Agency (EMA), responsible for overseeing and approving the development of COVID-19 vaccines, has acknowledged that cybercriminals stole COVID-19 vaccine data from developers Pfizer and…

Read more →

Read the original article: International Task Force Takes Down Largest Dark Web Market Europol has announced the shutdown of DarkMarket, the world’s largest illegal marketplace on the dark web, which housed more than 2,400 sellers and half a million users.…

Read more →

Read the original article: Korean Dating App Leaks 1 Million Private Photos Shared By Users CyberNews researchers have stumbled on an unsecured database leaking over 1 million NSFW photos shared by users of a Korean dating app. The database contained…

Read more →

Read the original article: Kosovo Hacker Faces Extended US Prison Stay After Allegedly Committing Crimes from His Cell A Kosovo hacker serving prison time in the US for aiding a terrorist organization is facing new charges just as the judge…

Read more →

Read the original article: Over 200 Million Facebook, Instagram and LinkedIn Profiles Exposed Through Unsecured Database Held by Chinese Startup Chinese social media management company Socialarks leaked personally identifiable information (PHI) of over 200 million Facebook, Instagram and LinkedIn users,…

Read more →

Read the original article: Ubiquiti users told to change their passwords following security breach Breach occurred at third-party cloud provider used by IoT device manufacturer Email addresses, names, and hashed and salted passwords exposed IoT device vendor Ubiquiti has told…

Read more →

Read the original article: Russian Threat Actor to Serve 12 Years in Prison for Breaching JPMorgan Chase Russian national Andrei Tyurin was sentenced to 12 years in federal prison for his role in “massive network intrusions” against US financial institutions…

Read more →

Read the original article: The Reserve Bank of New Zealand Breached via Third-Party Hosting Service The Reserve Bank of New Zealand has become the latest financial institution targeted by malicious actors. According to a statement released January 10, cybercriminals breached…

Read more →

Read the original article: Personal Information of Aurora Cannabis Employees Up for Sale on Hacking Forum A threat actor who breached the network of Canada-based Aurora Cannabis over Christmas is looking to cash in after posting a database of stolen…

Read more →

Read the original article: Adobe Flash Player Reaches End of Life but Will Continue to Challenge Cybersecurity The official end of Adobe Flash Player is finally here, but the unofficial truth is that it won’t disappear overnight from the Internet.…

Read more →

Read the original article: SolarWinds Hack Investigation Now Points to JetBrains as a Possible Weak Link in the Cyber Kill Chain, New York Times Reports JetBrains, a software company that builds tools for numerous partners worldwide, is now under investigation…

Read more →

Read the original article: Principal Who Stole Students’ Nudes Fined $3.6 Million As if serving nine years in federal prison wasn’t enough, an ex high-school principal accused of stealing students’ nude photos was ordered last week to pay $3.6 million…

Read more →

Read the original article: Threat Actor Posts Credit Card Info of 10,000 Amex Customers for Free on Hacking Forum A data broker is offering freebies on a hacking community forum. According to a security analyst, the threat actor posted the…

Read more →

Read the original article: Vodafone Subsidiary Issues Replacement SIMs for 2.5 Million Customers Amid Major Data Breach After initially downplaying a major security incident, Ho Mobile has acknowledged that it suffered a breach and is now rushing to cover customers…

Read more →

Read the original article: NCSC Releases Consumer Guide for Purchasing or Selling Second-Hand Devices The National Cyber Security Centre (NCSC) has issued its first guide for citizens buying or selling used internet-enabled devices to prevent criminals from accessing personal information…

Read more →

Read the original article: Trump Administration Prohibits Use of Eight Chinese Apps President Donald Trump has signed an executive order banning the use of eight Chinese apps said to threaten US national security and foreign policy. The order, which takes…

Read more →