Tag: Industry News – HOTforSecurity

VPN services are available to iOS users, but they don’t seem to work as intended due to a bug in iOS that doesn’t allow all network connections to route through the VPN service as soon as it starts. ProtonVPN found…

Read more →

Cyber criminals hit a new low this month, proving once again that they’ll go to any lengths to extort their victims. This time around, it’s not just about ruining your reputation and disclosing a ‘dirty little secret’ to your friends…

Read more →

A notorious ransomware gang claims to have successfully compromised the infrastructure… of a company selling cyberinsurance. The Maze ransomware group says it has encrypted data belonging to Chubb, which claims to be one of the world’s largest insurance companies, and…

Read more →

Scammers continue to piggyback on the COVID-19 Coronavirus scare with new tricks, this time targeting U.S. Army service members with phone calls requesting their personal information and promising a testing kit to check if they’re infected, according to the Military…

Read more →

The Federal Bureau of Investigation (FBI) took down the DEER.IO website, a known cybercrime platform based in Russia, along with Kirill Victorovich Firsov, its alleged administrator. When you hear of personal information stolen in data breaches and sold on the…

Read more →

According to the UK’s National Fraud Intelligence Bureau (NFBI), criminals were quick to latch on to news of the novel Coronavirus outbreak, swindling £970,000 out of the pockets of UK citizens since February. The most recent alert shows an additional…

Read more →

General Electric (GE) has revealed that a data breach at Canon Business Process Services (Canon), one of the company’s service providers, exposed details about GE employees, former employees, and other beneficiaries. Just because the world seems to have stopped to…

Read more →

The practice of social distancing has already influenced our shopping patterns, as more and more consumers turn to the usage of e-commerce to fulfill their everyday needs. A recent study by TransUnion shows digital commerce has spiked 23% since the…

Read more →

Hackers tried using a phishing campaign to steal login credentials of officials working for the World Health Organization (WHO) by setting up a fake website. Fortunately, their efforts were thwarted and no damage was done. One way to steal credentials…

Read more →

Criminals never cease to amaze us. If the recent outbreak wasn’t enough to fill your plate, picture yourself tricked into becoming a money mule for scammers feeding off the Covid-19 scare. Many people have had their lives turned upside down…

Read more →

Personal information of more than 500 million Weibo users has been found for sale on the dark web, as reported by ZDNet and Chinese media. The bad actor claiming to have breached the famous Chinese social network last year posted…

Read more →

A medical research company scheduled to test a potential vaccine for the Covid-19 Coronavirus has been hit with ransomware by Maze Team, the very hacking group that, just last week pledged to stop interfering with entities combating the Coronavirus pandemic.…

Read more →

The public is being warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic. The messages, which have been seen spread across social networking sites and…

Read more →

A zero-day Adobe Type Manager Library exploit is now wielded in limited, targeted attacks against Windows users, technically allowing for remote code execution. The good news is that Microsoft knows about the problem, but the bad news is that a…

Read more →

An email seemingly from the General Director of the World Health Organization, Dr. Tedros Adhanom Ghebreyesus, contains a new HawkEye malware variant, designed to steal valuable information from infected computers. The attackers are using the current Coronavirus epidemic to attract…

Read more →

The FBI has warned that scammers are using email scams to capitalize on the coronavirus scare, including messages purporting to be from national authorities like the Centers for Disease Control and Prevention. “Scammers are leveraging the COVID-19 pandemic to steal…

Read more →

An email seemingly from the General Director of the World Health Organization, Dr. Tedros Adhanom Ghebreyesus, contains a new HawkEye malware variant, designed to steal valuable information from infected computers. The attackers are using the current Coronavirus epidemic to attract…

Read more →

The FBI has warned that scammers are using email scams to capitalize on the coronavirus scare, including messages purporting to be from national authorities like the Centers for Disease Control and Prevention. “Scammers are leveraging the COVID-19 pandemic to steal…

Read more →

TrueFire, a leading online guitar-tutoring platform, has suffered a “Magecart-style” security incident that may have exposed customers’ personal identifiable information and credit card numbers. The facts The data breach was discovered on January 10, when the company noticed that an…

Read more →

Perhaps they want to avoid provoking the white-hot rage of an already wounded public. Or maybe they’ve realized their victims can’t pay. Or, just possibly, some black hats do have a smidgen of ethics. At least in grim times like…

Read more →

Perhaps they want to avoid provoking the white-hot rage of an already wounded public. Or maybe they’ve realized their victims can’t pay. Or, just possibly, some black hats do have a smidgen of ethics. At least in grim times like…

Read more →

The infamous Maze Team has struck again, this time infecting an urgent walk-in care center in Texas with its system-crippling ransomware. Sticking to its traditional modus operandi, the hacking group is threatening to leak the caregiving unit’s patients’ data if…

Read more →

Police across Europe have been ramping up operations against two new SIM swapping operations, resulting in the arrest of 26 individuals accused of stealing more than $3 million from unsuspecting victims. In January, investigators from the Spanish National Police, together…

Read more →

A new phishing scam is capitalizing on the COVID-19 pandemic, seeking to steal credentials of healthcare workers with the promise of a “coronavirus awareness” seminar. An email purporting to come from the organization’s IT department urges employees to access a…

Read more →

A cyberattack his the second-biggest hospital in Czech Republic in the midst of the Coronavirus outbreak last Friday. The incident was confirmed by the Czech National Office for Cyber and Information Security (NÚKIB), which is working alongside police and hospital…

Read more →

A division of GCHQ (Britain’s equivalent to the NSA) has warned the public to be on their guard against cybercriminals exploiting the Coronavirus outbreak. The National Cyber Security Centre (NCSC) has described on its blog how criminals have spread malware…

Read more →

The infamous ransomware operatives known as the Maze Team have issued a “press release” condemning IT administrators who tried to use bribery to cover up their failure to protect their employers from hackers. In an interesting twist, ransomware operators have…

Read more →

The Champaign Urbana Public Health District (CHUPD) in Illinois, which serves hundreds of thousands of Americans, has had its official website taken down by ransomware operatives. CHUPD serves 210,000 people, including the University of Illinois, with advice and information on…

Read more →

The latest Firefox version fixes quite a few problems, but one of the more interesting fixes was for a vulnerability that affected people using AirPods connected to an iPhone, which is not something you’d expect to find in a browser…

Read more →

The U.S. Federal Bureau of Investigation this week offers some radical tips for private Internet users and businesses alike. Chief among them: disable autofill and remembering passwords. It’s not entirely clear whether the FBI’s tips are meant to ensure online…

Read more →

An investigation has revealed that Sensor Tower, a tech platform that allows developers to gather usage data, has been collecting information about millions of users from apps such as VPNs and ad-blockers. According to a BuzzFeed News investigation, Sensor Tower…

Read more →

Launched in 2012, the Whisper app declared itself to be a place where anyone could post their private thoughts and extreme confessions anonymously. In its promotional material it describes itself as “the largest online platform where people share real thoughts…

Read more →

Facebook’s bug bounty program has yielded a hefty paycheck to a researcher from India who discovered a serious security flaw in the platform. In December, last year, Amol Baikar was tinkering with the “Login with Facebook” feature when he discovered…

Read more →

Hackers are weaponizing the COVID-2019 coronavirus disease, trying to trick people into downloading malware so attackers can steal valuable information from victims’ computers. Malware deployed through infected emails and files is nothing new. Still, hackers need a hook to capture…

Read more →

More than one billion Android devices are at risk of being hacked or infected by malware, because they are no longer supported by security updates and built-in protection. That’s the conclusion of an investigation by Which?, which found that at-risk…

Read more →

J.Crew suffered a credential stuffing attack that may have compromised the personal data of customers, the U.S. clothing retailer disclosed earlier this week. Fraudulent activity was apparently noticed last spring, but the firm did not reveal the number of compromised…

Read more →

Virgin Media admitted it left an unsecured database online containing personal data for about 900,000 customers, including their phone numbers, names, and physical addresses. When people hear about data breaches, they usually imagine hackers gaining access to secure systems, but…

Read more →

An apparent ransomware attack hit the Four Queens Hotel and Casino and Binion’s Casino in Los Angeles, crippling their ability to trade in anything other than cash and affecting some of the slot machines. A strange sight greeted customers of…

Read more →

T-Mobile has begun notifying customers of a security breach that might affect an undetermined number of them, possibly revealing their names and addresses, phone numbers, account numbers, rate plans and features, and billing information. Wireless carriers are a prime target…

Read more →

U.K. supermarket giant Tesco has recently warned its loyalty program members of a security incident that may have affected over 600,000 Clubcard holders. “We are aware of some fraudulent activity around the redemption of a small proportion of our customer’s…

Read more →

A certificate authority named Let’s Encrypt found a bug in code used to generate certificates and was forced to revoke millions of certificates, leaving websites very little time for renewal. When a user visits a site that has an invalid…

Read more →

The UK’s Information Commissioner’s Office (ICO) has fined Cathay Pacific for “a number of basic security inadequacies” which resulted in hackers stealing the data of 9.4 million people worldwide – including 111,578 from the UK. In October 2018, the Hong…

Read more →

The UK’s domestic counter-intelligence and security agency, MI5, and Sir Andrew Parker, the general director, are pressing companies that provide end-to-end encryption for their messaging apps to offer law enforcement a way to read messages, when a warrant is available.…

Read more →

Ryuk, Dharma, Bitpaymer, SamSam and other prominent ransomware strains have generated hundreds of millions of dollars for their authors, according to calculations by the FBI. Does that mean the GandCrab gang, which doesn’t even make the FBI’s list, was lying…

Read more →

NVIDIA released a security update for its drivers, fixing several issues that could lead to denial of service, escalation of privileges, or information disclosure. The update covers multiple vulnerabilities affecting both the display driver and the Virtual GPU Manager (VGPU).…

Read more →

Almost a year after getting infected with ransomware, the City of Cartersville in the U.S. State of Georgia this week admitted to paying ransomware operators $380,000 to unlock its systems. Cartersville reportedly got infected in early May last year when…

Read more →

Mozilla is turning on DNS over HTTPS by default for users in the United States and is making it available for users throughout the rest of the world if they choose it. The goal is to make it more difficult…

Read more →

Barbara Corcoran, one of the business moguls who head up the judging team on US TV’s “Shark Tank” investment show, has lost nearly $400,000 to an email scammer. According to media reports, a scammer – posing as Corcoran’s executive assistant –…

Read more →

A ransomware attack against the police department in Stuart, Florida last year had an unexpected consequence; the police officers had to drop several cases after losing important evidence. When a ransomware attack hits an institution or company, expectations are roughly…

Read more →

Someone stole the client list of a somewhat obscure company called Clearview AI. While that might not seem like much, the company was recently in the news for all the wrong reasons – it claims that it scrapes the Internet…

Read more →

Security researchers have followed the evolution of a piece of infostealer malware named Raccoon, as it’s being developed and enhanced to work in as many scenarios as possible, including email clients, Internet browsers, and more. Infostealers are a type of…

Read more →

Researchers have discovered a new SMS phishing campaign targeting mobile numbers in the United States aiming to steal online banking credentials and install the Emotet malware wherever possible. SMS phishing campaigns, also known as smishing, follows a straightforward recipe. Victims…

Read more →

The Defense Information Systems Agency (DISA), which handles IT and telecommunications support for the White House and U.S. military troops, has disclosed a data breach that may have affected 200,000 people between May and July 2019. According to a letter…

Read more →

Google has removed more than 600 apps from the Play Store and banned them from the Google AdMob and Google Ad Manager advertising platforms for violating policies on disruptive ads. The massive Google Play Store marketplace holds lots of interesting…

Read more →

A couple of German software developers discovered an oversight in McDonalds’ promotion systems that allowed them to get as many hamburgers as they wanted, without paying anything. While software vulnerabilities or loopholes are sometimes used for nefarious purposes, that’s not…

Read more →

Hackers have installed ransomware on systems of a natural gas compression facility in the United States, affecting the operational technology (OT) network, including human-machine interfaces (HMIs), data historians, and polling servers. The Cybersecurity and Infrastructure Security Agency (CISA) offered details…

Read more →

The Twitter account of FC Barcelona has been hacked by the OurMine group, who had time enough to post sensitive information, seemingly taken from private messages. After OurMine took control of the account, they said private messages on the platform…

Read more →

Dozens of Israeli soldiers were tricked by Hamas into installing malware on their phones and computers via an old ruse: messages from young women looking for companionship. Investing in security solutions is always a good idea, but what’s the point…

Read more →

18 days after the Australian transportation firm Toll was crippled by ransomware, the company is still suffering problems, and the attack continues to impact its customers. It shows that the cost of ransomware is often much higher than the ransom…

Read more →

A complex and robust password is the first step towards a safer online presence, but some people straight up ignore this simple rule and choose the worst possible password. The weakest passwords, at least, are remarkably consistent from year to…

Read more →

The International Olympic Committee and FC Barcelona are the latest victims of a spree of Twitter account hijacks orchestrated by the notorious OurMine gang. But rather than abuse their access to the high profile accounts (@Olympics has six million followers,…

Read more →

Thieves managed to trick the Puerto Rico government into making $2.6 million worth of payments to the wrong recipient in an elaborate phishing scheme. Tricking local government officials into making payments to bogus accounts is not as uncommon as you…

Read more →

Google is fighting an uphill battle when it comes to dangerous apps that try to work their way into the Android ecosystem, and the company prevented 790,000 dangerous apps from being published on the Play Store in 2019 alone. The…

Read more →

Bitdefender this week has detected a new phishing campaign targeting iPhone owners with a range of scams aiming to defraud unsuspecting victims. First things first. If you receive the email pictured below, steer clear! Don’t open if it’s marked as…

Read more →

The personal data of almost 6.5 million Israeli voters was leaked online after Likud, the country’s governing party, uploaded the information to the highly vulnerable Elector application. Prior to the elections, all parties receive information about the voters, on the…

Read more →

The Internet Crime Report recently released by the FBI’s Internet Crime Complaint Center (IC3) sheds light on Internet-related crimes. The data analyzed covers a year’s worth of cybercrime complaints from consumers and businesses. At an average of 1,300 entries per…

Read more →

A Chinese spokesperson has strongly denied that his government was behind the hack of Equifax in 2017, which saw the personal data of hundreds of millions of individuals stolen – including the names, birth dates and social security numbers for…

Read more →

Google is set to make significant changes to the Google Chrome browser that would eventually lead to entirely blocking the download of files from HTTP (unencrypted) sources, starting with Chrome 83. The new measure announced by Google refers to “mixed…

Read more →

A new PayPal phishing campaign is taking a novel but direct approach to fraud by asking users, in good grammar, to provide Social Security and PIN numbers, passport and driver’s license data, and even upload photos of official documents to…

Read more →

Is the Internet becoming safer or more dangerous? This question is posed by the Safer Internet Day 2020 (SID) event, which calls attention to a subject that should raise more significant concern than it does, especially when it comes to…

Read more →

Facebook’s Twitter and Instagram accounts were hacked via a third-party service, and the hackers quickly published a post on both accounts before the intrusion was discovered. The message posted by the hackers simply read “Well, even Facebook is hackable but…

Read more →

An intruder illegally accessed an employee email account at San Diego, California-based preschool education provider Enrichment Systems, Inc (EES) and may have viewed sensitive personal information of parents and students, the firm said in a press release last week. The…

Read more →

A ransomware attack has crippled the operations of Australian transportation firm Toll, affecting more than 1,000 servers were affected, according to inside sources cited by itnews. After the attack on January 31, the company immediately began to disconnect parts of…

Read more →

Hackers who unleashed DDoS attacks (Distributed Denial of Service) attacks on a state-level voter registration and voter information website in the US used a technique called Pseudo Random Subdomain Attack (PRSD,) which is a form of attack that uses DNS…

Read more →

Security researchers at Check Point have published details of vulnerabilities they have found in Philips Hue smart bulbs that could be exploited by hackers to compromise networks remotely. The researchers were able to hijack control the IoT bulbs and install…

Read more →

The University of Maastricht in Holland has ended up paying a $220,000 ransom to a group of Russian hackers after an unwary employee fell for a phishing scam. The university was attacked with ransomware on Christmas Eve, 2019, a month…

Read more →

YouTube says it is making changes to its platform in advance of the 2020 United States elections in an effort to curb the spread of false information about candidates or the election process. Checking content uploaded to YouTube for such…

Read more →

The Federal Communications Commission found that one or more wireless carriers in the United States sold location data regarding its consumers to third parties, in apparent violation of federal law. After a 2018 investigation by the New York Times unveiled…

Read more →

Attackers likely sponsored by a nation state used an extensive network of Twitter accounts to match phone numbers to usernames by abusing an existing API and going well beyond its intended use, the social network has said. A Twitter feature…

Read more →

Security researchers say they have uncovered a phishing campaign, likely organized by the Iran-backed APT34 group, that sought to infect Westat employees with malware. U.S. companies and institutions are the usual targets of APT34, and hackers are always looking to…

Read more →

In a disconcerting security warning, Google is saying videos stored in some users’ Google Photos archive were incorrectly sent to other users who requested a download of their files. The message, originally highlighted on Twitter by one Jon Oberheide, begins…

Read more →

Google is sending out an appalling security warning saying that videos stored in some users’ Google Photos archive were incorrectly sent to other users who requested a download of their files. The message, originally highlighted on Twitter by one Jon…

Read more →

A 21-year-old Californiana man has pleaded guilty to hacking into into the servers of Nintendo and stealing confidential information about the (then upcoming) Nintendo Switch video game console. The case dates back to 2016 when Ryan S Hernandez, who was…

Read more →

Emotet operators are looking to pray on people’s fears to spread malware through malicious emails. In this case, they are using the real health crisis of the coronavirus outbreak in China. Using people’s fears to spread malware is not new,…

Read more →

Dark web marketplace moderator Bryan Connor Herrell pleaded guilty in the United States to conspiring to engage in a racketeer-influenced corrupt organization. While the infamous Silk Road made a lot more headlines, another dark web market place had many more…

Read more →

It turns out that the final day of Windows 7 was not actually the last, as Microsoft messed up an update. Now, a new patch is required to fix a problem introduced by mistake. The official end of life for…

Read more →

Protonmail is the second encrypted email provider in the last week to find itself blocked from its Russian users, after authorities in the country said bomb threats had been spammed out claiming that bombs had been planted in public places.…

Read more →

2020 is off to a good start in the United States, with rising consumer awareness about privacy matters, according to new research published on National Data Privacy Day. After America’s Health Insurance Plans (AHIP) showed in a recent study that…

Read more →

Researchers at the Department of Computer Science of the University of Texas at San Antonio (UTSA) have recently exposed vulnerabilities in the micromobility ecosystem that may compromise the security, safety and privacy of users of battery-powered electric scooters. According to…

Read more →

Mozilla’s security team has been busy the past two weeks, removing add-ons caught stealing user data and executing malicious code. In a crusade to “make browsing smarter, safer, and faster,” the Firefox administrators decommissioned around 200 extensions and add-ons that…

Read more →

Aleksei Burkov, 29, pleaded guilty in the United States to money laundering, device fraud and other crimes after he was caught running an illegal website, called Cardplanet, that sold stolen credit card data. Burkov had been on the run since…

Read more →

A water supplier in Greenville, North Carolina has suffered a targeted cyber-attack that affected online payments for half a million a people. The outage is expected to last at least two more days as experts investigate the hack. Greenville Water,…

Read more →

In a welcome mentality shift, Americans are starting to put their privacy first and convenience second when it comes to their health data, according to a study by America’s Health Insurance Plans (AHIP). Most surveys asking people about their experience…

Read more →

A recent public service announcement from the FBI warns job seekers of risks they may face when seeking jobs online. When you are in search of honest work, you should not be paying for hiring fees, certifications or training materials.…

Read more →

Vivin, a cryptomining malware that likes munching on Monero, is one of the many examples of such software roaming the dark corners of the Internet. Security researchers have been tracking it for the last couple of years, and it shows…

Read more →

Security researchers found a total of 250 million Microsoft customer records spread on five unsecured servers that could have been accessed by anyone using just a web browser. Microsoft has since secured the servers. Unsecured Elasticsearch servers seem to be…

Read more →

The research team from Cisco Talos has spotted four exploitable vulnerabilities in AMD ATIDXX64.DLL driver that can affect VMware Workstation running on Windows, according to recent Talos Vulnerability reports. The security issues, tracked as CVE-2019-5124, CVE-2019-5146, CVE-2019-5147 and CVE-2019-5183, were…

Read more →

Samy Bensaci, an 18-year-old living in Montreal, Canada, has been charged in connection with the theft of over $50 million worth of cryptocurrency in a SIM-swapping scam. A SIM swap attack (also sometimes called a Port Out scam) is one…

Read more →

Game developer Ubisoft has sued the owners of SNG.ONE, an alleged DDoS (distributed denial-of-service) website, claiming that they are behind recent attacks against Tom Clancy’s Rainbow Six Siege servers. Tom Clancy’s Rainbow Six Siege is a multiplayer game developed and…

Read more →

Lawmakers in the US State of Maryland are debating a new bill that would make it illegal to own and distribute ransomware, and stiffens punishment for ransomware operators. If the bill passes, Maryland would be the third state, after Michigan…

Read more →