Category: Industry News – HOTforSecurity

A ransomware attack has hit Oman United Insurance Company SAOG, one of the largest insurers in Oman, but operations apparently remain unaffected. Finance is one of the sectors most targeted by hackers, including banks, fintech firms, or insurance companies. One…

Read more →

A bizarre sextortion scam is attempting to trick victims that not only has their smartphone been hacked to spy upon their private lives, but also every other device they have encountered which contains a built-in camera. As Ionut Ilascu at…

Read more →

Researchers have uncovered a new Windows-based remote access tool (RAT) named JhoneRat targeting Arabic-speaking countries including Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain and Lebanon. This new Trojan is quite sophisticated as the…

Read more →

A ransomware attack targeting the city of New Orleans has inflicted $7 million in losses so far, with more to be incurred in coming months, Mayor Latoya Cantrell said in a recent update. At 5 a.m. on December 13, New…

Read more →

A Microsoft security advisory published last Friday warns users of a zero-day vulnerability affecting Internet Explorer 9, 10 and 11 when running on Windows 7 (recently discontinued), 8.1, 10, Server 2008, Server 2012, Server 2016, and Server 2019.  The vulnerability,…

Read more →

A trial centering on accusations that tools designed by the infamous spyware maker NSO Group were used to spy on a Canadian-born Saudi dissident is moving forward and it’s happening in an open forum. The man, Omar Abdulaziz, might be…

Read more →

The FBI, in cooperation with law enforcement from the UK, Netherlands, Germany and Ireland, seized the WeLeakInfo.com web site for allegedly selling personal information from data breaches. Crafted as a typical search engine, WeLeakInfo.com let users sniff through more than…

Read more →

Last September, security researchers reported a number of app publishers that practice a shady business model, charging excessive amounts for apps if the user does not cancel the “subscription” before a free trial ends. Although Google Play decommissioned the reported…

Read more →

Most wireless carriers in the United States are vulnerable to SIM swapping attacks and lack proper procedures to fend off hackers and other bad actors, Princeton researchers have found. SIM swapping became a popular attack method during the Bitcoin boom…

Read more →

Google plans to end support for third-party cooking in a bid to improve user privacy while still keeping publishers happy. It will take a couple of years to make third-party cookies and cross-website tracking obsolete, but the first steps have…

Read more →

Facebook this week launched a new login feature aimed at giving users more transparency about the data it shares with third parties, as well as to offer users more control over how their information is used and shared. “Login Notifications,”…

Read more →

As multi-factor authentication becomes ubiquitous across all digital services, Google is adding a new safety net for security-conscientious iPhone owners. Apple customers can now use their shiny smartphones as security keys to access Google services securely. The latest update to…

Read more →

The Emotet Trojan, identified by security teams in 2014, started out as banking malware meant to steal sensitive data. Initially focused on the financial sectors, the malware later morphed, adding spamming and malware delivery services. Emotet’s latest phishing campaign targets…

Read more →

The Cybersecurity Advisory of the National Security Agency (NSA) has recently uncovered a critical Windows CryptoAPI Spoofing Vulnerability in Windows 10 operating systems. Dubbed NSACrypt, the security flaw found in the Crypt32.dll module enables remote code execution and affects the…

Read more →

The developer of a smartphone app has carelessly left a database accessible to anybody with an internet connection, leaving exposed a database of millions of records containing baby videos and photos, as well as the email addresses of users. Information…

Read more →

Windows 7, Windows Server 2008, and Windows Server 2008 R2 have reached their end of life, as Microsoft has stopped delivering all updates for the aging operating systems. Microsoft has been warning users about the impending end of life for…

Read more →

The Manor Independent School District in Texas is investigating a cyber incident that inflicted a loss of $2.3 million because of an employee opening an email and failing to notice anything “phishy.” A tweet sent January 10 by Manor ISD…

Read more →

The Albany International Airport in New York state succumbed to a Sodinokibi ransomware attack, and the authorities chose to pay a ransom to the criminals to restore functionality to the vital systems. The Sodinokibi attack on Christmas Day infected a…

Read more →

A malicious JavaScript package was uploaded Dec. 30 2019 on the Node Package Manager (npm), the world’s largest software registry, containing over 800,000 code packages that developers use to write JavaScript applications. The package, identified as 1337qq-js, was spotted stealing sensitive…

Read more →

Cybercriminals can exploit a critical vulnerability in Broadcom chips, a hardware and software component in most of the world’s cable modems, to intercept private messages and redirect traffic, and change default DNS servers, MAC addresses of associated devices and serial…

Read more →

A 29-year-old British man has been jailed for nine months after admitting using hacking tools to break into UK National Lottery gambling accounts. Anwar Batson, of Notting Hill, West London, downloaded the readily-available Sentry MBA hacking tool to launch a…

Read more →

Hackers using the Sodinokibi ransomware published stolen data to further extort their victims, marking a first for operations using this attack vector. Sodinokibi is usually identified in attacks against critical infrastructures, but that’s not a limit of the software. It’s…

Read more →

Travelex is still struggling to get back on its feet after it was infected with Sodinokibi ransomware on New Year’s Eve, but the foreign exchange firm says the hack compromised no customer data. Two weeks ago, Travelex learned it had…

Read more →

U.S. members of Congress have called on the Federal Communications Commission (FCC) to crack down on SIM swapping, a type of fraud blamed for more than $70 million in nationwide losses annually. The letter sent to the FCC advocates for consumer awareness…

Read more →

Companies that fail to protect themselves online no longer need to fear only the bad guys lurking in the hidden corners of the internet. Increasingly, they need to worry about the good guys as well.   The UK is one…

Read more →

A bill proposed in the US House of Representatives on Jan. 9 aims to give parents greater control over the data collected about their children by amending the Children’s Online Privacy Protection Act of 1998 (COPPA), which imposes requirements on…

Read more →

If the latest reports are to be believed, Iran-backed hackers are probing U.S. critical infrastructure by using password-spraying attacks, looking for weakness and human laziness. It’s no surprise that, following the conflict between the United States and Iran so far…

Read more →

A vast database containing information scraped from the public domain on 56.25 million U.S. citizens has been found online, with no security and serving an IP address belonging to Chinese online retailer Alibaba. All data hosted on the server seems…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning the cybersecurity community, companies and the public that it expects an increase in the near future in the number of incidents emanating from the current tensions between the Islamic Republic…

Read more →

An unpatched critical vulnerability in Pulse Secure VPN servers might have been used in the recent ransomware attack against London-based foreign exchange company Travelex. Hackers infected Travelex’s infrastructure with the Sodinokibi ransomware on New Year’s Eve, forcing the company to…

Read more →

A simple scam was used to rob the town of Erie, Colorado, of more than a million dollars, taking social engineering to another level. An unknown party completed and submitted an electronic form on Erie’s administration website with a simple…

Read more →

Beleaguered social media platform Facebook is stepping up its game against media manipulation. Recognizing that deepfake content poses a real threat to society, Zuck’s social network swears to ban all such content from its platform, starting now. A blog post…

Read more →

The little-known website for the Federal Depository Library Program greeted visitors with an unusual image over the weekend, that of a bloody Donald Trump being punched in the face. It was posted by hackers along with a pro-Iran warning message…

Read more →

Austria’s Foreign Ministry fought off a cyberattack over the weekend that it says was likely directed by a foreign state. The ministry said the attack started on Jan. 4 and might continue for a few more days, it but revealed…

Read more →

The Heritage Company, a telemarketing firm that laid off 300 employees just days before Christmas after a devastating cyber-attack, has now advised the former employees to look for new jobs as the company can’t seem to recover. Two months ago,…

Read more →

Ransomware has struck a facility belonging to the U.S. Coast Guard (USCG), affecting industrial control systems, security cameras, and much more, according to the USCG, which didn’t reveal the name or location of the affected base. The ransomware, identified as…

Read more →