A ransomware attack has hit Oman United Insurance Company SAOG, one of the largest insurers in Oman, but operations apparently remain unaffected. Finance is one of the sectors most targeted by hackers, including banks, fintech firms, or insurance companies. One…
Tag: Industry News – HOTforSecurity
Sextortion scam leverages Nest video footage to fool victims into believing they are being spied upon everywhere
A bizarre sextortion scam is attempting to trick victims that not only has their smartphone been hacked to spy upon their private lives, but also every other device they have encountered which contains a built-in camera. As Ionut Ilascu at…
JhoneRat targets Middle Eastern countries with advanced anti-detection techniques
Researchers have uncovered a new Windows-based remote access tool (RAT) named JhoneRat targeting Arabic-speaking countries including Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain and Lebanon. This new Trojan is quite sophisticated as the…
December cyber attack costs New Orleans $7 million, so far
A ransomware attack targeting the city of New Orleans has inflicted $7 million in losses so far, with more to be incurred in coming months, Mayor Latoya Cantrell said in a recent update. At 5 a.m. on December 13, New…
Microsoft reports Zero-Day Internet Explorer vulnerability exploited in the wild
A Microsoft security advisory published last Friday warns users of a zero-day vulnerability affecting Internet Explorer 9, 10 and 11 when running on Windows 7 (recently discontinued), 8.1, 10, Server 2008, Server 2012, Server 2016, and Server 2019. The vulnerability,…
Trial Involving Israeli Spyware Maker NSO Group to Move Forward in Open Court
A trial centering on accusations that tools designed by the infamous spyware maker NSO Group were used to spy on a Canadian-born Saudi dissident is moving forward and it’s happening in an open forum. The man, Omar Abdulaziz, might be…
FBI seizes WeLeakInfo.com website for allegedly selling sensitive data breach info
The FBI, in cooperation with law enforcement from the UK, Netherlands, Germany and Ireland, seized the WeLeakInfo.com web site for allegedly selling personal information from data breaches. Crafted as a typical search engine, WeLeakInfo.com let users sniff through more than…
Fleeceware – 25 Play Store apps that empty your pockets
Last September, security researchers reported a number of app publishers that practice a shady business model, charging excessive amounts for apps if the user does not cancel the “subscription” before a free trial ends. Although Google Play decommissioned the reported…
Five Major US Wireless Carriers Are Vulnerable to SIM Swapping
Most wireless carriers in the United States are vulnerable to SIM swapping attacks and lack proper procedures to fend off hackers and other bad actors, Princeton researchers have found. SIM swapping became a popular attack method during the Bitcoin boom…
Google Plans to End Support for Third-Party Cookies and Website Tracking in Two Years
Google plans to end support for third-party cooking in a bid to improve user privacy while still keeping publishers happy. It will take a couple of years to make third-party cookies and cross-website tracking obsolete, but the first steps have…
Facebook gives users more control over their security and privacy with new Login feature
Facebook this week launched a new login feature aimed at giving users more transparency about the data it shares with third parties, as well as to offer users more control over how their information is used and shared. “Login Notifications,”…
iPhones now work as physical security keys for Google services
As multi-factor authentication becomes ubiquitous across all digital services, Google is adding a new safety net for security-conscientious iPhone owners. Apple customers can now use their shiny smartphones as security keys to access Google services securely. The latest update to…
Emotet strikes again, targeting 600 United Nations personnel
The Emotet Trojan, identified by security teams in 2014, started out as banking malware meant to steal sensitive data. Initially focused on the financial sectors, the malware later morphed, adding spamming and malware delivery services. Emotet’s latest phishing campaign targets…
Microsoft Patch Tuesday busts ‘NSACrypt’ vulnerability in Windows OS
The Cybersecurity Advisory of the National Security Agency (NSA) has recently uncovered a critical Windows CryptoAPI Spoofing Vulnerability in Windows 10 operating systems. Dubbed NSACrypt, the security flaw found in the Crypt32.dll module enables remote code execution and affects the…
Peekaboo Moments app left baby videos, photos, and 800,000 users’ email addresses exposed on the internet
The developer of a smartphone app has carelessly left a database accessible to anybody with an internet connection, leaving exposed a database of millions of records containing baby videos and photos, as well as the email addresses of users. Information…
Windows 7 Reaches End of Life
Windows 7, Windows Server 2008, and Windows Server 2008 R2 have reached their end of life, as Microsoft has stopped delivering all updates for the aging operating systems. Microsoft has been warning users about the impending end of life for…
$2.3 million Texas phishing incident underscores importance of employee cyber-training
The Manor Independent School District in Texas is investigating a cyber incident that inflicted a loss of $2.3 million because of an employee opening an email and failing to notice anything “phishy.” A tweet sent January 10 by Manor ISD…
Albany Airport Pays Ransom after Sodinokibi Ransomware Attack
The Albany International Airport in New York state succumbed to a Sodinokibi ransomware attack, and the authorities chose to pay a ransom to the criminals to restore functionality to the vital systems. The Sodinokibi attack on Christmas Day infected a…
Malicious npm package exfiltrating data from UNIX systems
A malicious JavaScript package was uploaded Dec. 30 2019 on the Node Package Manager (npm), the world’s largest software registry, containing over 800,000 code packages that developers use to write JavaScript applications. The package, identified as 1337qq-js, was spotted stealing sensitive…
Cable Haunt vulnerability affects millions of Broadcom cable modems
Cybercriminals can exploit a critical vulnerability in Broadcom chips, a hardware and software component in most of the world’s cable modems, to intercept private messages and redirect traffic, and change default DNS servers, MAC addresses of associated devices and serial…
Man who hacked National Lottery for just £5 is jailed for nine months
A 29-year-old British man has been jailed for nine months after admitting using hacking tools to break into UK National Lottery gambling accounts. Anwar Batson, of Notting Hill, West London, downloaded the readily-available Sentry MBA hacking tool to launch a…
Sodinokibi Hackers Now Use Stolen Data for Blackmail
Hackers using the Sodinokibi ransomware published stolen data to further extort their victims, marking a first for operations using this attack vector. Sodinokibi is usually identified in attacks against critical infrastructures, but that’s not a limit of the software. It’s…
Travelex still down two weeks after Sodinokibi ransomware infection
Travelex is still struggling to get back on its feet after it was infected with Sodinokibi ransomware on New Year’s Eve, but the foreign exchange firm says the hack compromised no customer data. Two weeks ago, Travelex learned it had…
U.S. Lawmakers Call on FCC to Step Up Fight on SIM Swapping
U.S. members of Congress have called on the Federal Communications Commission (FCC) to crack down on SIM swapping, a type of fraud blamed for more than $70 million in nationwide losses annually. The letter sent to the FCC advocates for consumer awareness…
British retailer fined half a million pounds for poor cybersecurity hygiene
Companies that fail to protect themselves online no longer need to fear only the bad guys lurking in the hidden corners of the internet. Increasingly, they need to worry about the good guys as well. The UK is one…
Bipartisan bill in U.S. Congress seeks to help parents control data collected on kids
A bill proposed in the US House of Representatives on Jan. 9 aims to give parents greater control over the data collected about their children by amending the Children’s Online Privacy Protection Act of 1998 (COPPA), which imposes requirements on…
Iran-Sponsored Hackers Might Be Probing U.S. Electric Sector
If the latest reports are to be believed, Iran-backed hackers are probing U.S. critical infrastructure by using password-spraying attacks, looking for weakness and human laziness. It’s no surprise that, following the conflict between the United States and Iran so far…
Unsecured Database with Personal Info on 56 Million U.S. Citizens Found Online
A vast database containing information scraped from the public domain on 56.25 million U.S. citizens has been found online, with no security and serving an IP address belonging to Chinese online retailer Alibaba. All data hosted on the server seems…
US Cybersecurity Agency Warns of Possible Iranian-Backed Cyberattacks
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning the cybersecurity community, companies and the public that it expects an increase in the near future in the number of incidents emanating from the current tensions between the Islamic Republic…
Pulse Secure VPN Server Exploit Opens the Way for Sodinokibi Ransomware; Travelex Falls Victim
An unpatched critical vulnerability in Pulse Secure VPN servers might have been used in the recent ransomware attack against London-based foreign exchange company Travelex. Hackers infected Travelex’s infrastructure with the Sodinokibi ransomware on New Year’s Eve, forcing the company to…
Scammer Easily Defrauds Town of Erie of $1.1 Million
A simple scam was used to rob the town of Erie, Colorado, of more than a million dollars, taking social engineering to another level. An unknown party completed and submitted an electronic form on Erie’s administration website with a simple…
Facebook declares war on ‘deepfakes’
Beleaguered social media platform Facebook is stepping up its game against media manipulation. Recognizing that deepfake content poses a real threat to society, Zuck’s social network swears to ban all such content from its platform, starting now. A blog post…
U.S. Federal Website Defaced with Anti-Trump Message
The little-known website for the Federal Depository Library Program greeted visitors with an unusual image over the weekend, that of a bloody Donald Trump being punched in the face. It was posted by hackers along with a pro-Iran warning message…
Austria Repels Foreign State-Sponsored Attempt to Hack Foreign Ministry
Austria’s Foreign Ministry fought off a cyberattack over the weekend that it says was likely directed by a foreign state. The ministry said the attack started on Jan. 4 and might continue for a few more days, it but revealed…
Ransomware-stricken firm tells laid-off employees to seek new jobs amid stymied recovery efforts
The Heritage Company, a telemarketing firm that laid off 300 employees just days before Christmas after a devastating cyber-attack, has now advised the former employees to look for new jobs as the company can’t seem to recover. Two months ago,…
Ryuk Ransomware Hits U.S. Coast Guard Facility
Ransomware has struck a facility belonging to the U.S. Coast Guard (USCG), affecting industrial control systems, security cameras, and much more, according to the USCG, which didn’t reveal the name or location of the affected base. The ransomware, identified as…