Tag: IT SECURITY GURU

The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data. Emotet is spread through spam emails that commonly use…

Read more →

Betting firms have used information from a U.K. government-run educational database containing the records of 28 million children to bump up the number of youth who gamble online. The companies gained access to Learning Records Service database – which falls…

Read more →

600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January  9. “The county’s technology staff were immediately notified and coordinated…

Read more →

With 2FA and MFA being adopted across the board, cybercriminals have devised a way to circumvent this security measure with a simple technique. By leveraging the easy security questions that mobile providers ask users when they wish to swap operator…

Read more →

A new sextortion scam that breaks the typical mold has been detected at the beginning of the year. Fraudsters preying on the insecurity of connected devices used footage from Nest cameras, and led victims through a convoluted path of email…

Read more →

Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network. In an email seen by BleepingComputer, Temple Har Shalom informed their congregation that they discovered the…

Read more →

Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Source: SC Magazine…

Read more →

Services Australia has provided updated statistics on Centrelink’s Online Compliance Intervention (OCI) — robo-debt — program, confirming that from 1 July 2016 through 31 August 2019 there had been 1,159,662 assessments initiated. Services Australia and its predecessor, the Department of…

Read more →

Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links. Cybercriminals eager to jump-start tax season have launched a phishing campaign targeting some ADP users, telling them their W-2 forms are ready and prompting…

Read more →

What is it? A man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 – when an authenticated attacker is on the target system, they can use a spoofed code-signing certificate to sign malicious executables making the file appear as if…

Read more →

When Clop was discovered by Jakub Kroustek in February 2019, all indicators showed that it was a new CryptoMix with the .CLOP, or in some circumstances .CIOP, extension tagged onto encrypted files. Since this discovery, the ransomware operators behind Clop have steadily…

Read more →

Security researchers from Guardicore revealed a sophisticated malware attack that managed to compromise some 800 devices belonging to a medium-sized company in the medical tech industry. In a technical analysis of the attack, Guardicore explains that the malware infection was disguised as…

Read more →

US authorities have seized this week the domain of WeLeakInfo.com, an online service that for the past three years has been selling access to data hacked from other websites. The website provided access to people’s cleartext passwords, allowing hackers to purchase…

Read more →

Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in the database. Source: Bleeping Computer The post…

Read more →

The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations. In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway to the United Nations (UN).…

Read more →

Amnesty International said Tuesday it will petition the courts to revoke the export license of NSO Group, an Israeli firm that makes phone spyware that the rights group says is being used to violate civil rights around the world. A…

Read more →

It has been discovered that the network-targeting Ako ransomware is being distributed through malicious spam attachments that pretend to be a requested agreement. Last week we reported on the Ako Ransomware and how it was targeting companies with the intent to encrypt their…

Read more →

Amidst rising tensions after the United States killed Qassem Soleimani, the chief of Iran’s Quds Force, in a drone strike in Baghdad last week, security experts and U.S. government officials warn that Iran may retaliate with cyberattacks. Iran-based attack groups…

Read more →

On Wednesday, a security researcher going under the Twitter handle @vrNicknack pinged Troy Hunt, the operator of the Have I Been Pwned? search engine, with a notice he had received from the bank.  P&N Bank, a division of Police & Nurses Limited and operating…

Read more →

US President Donald Trump has launched a fresh attack on Apple. He tweeted that the company was refusing to unlock iPhones “used by killers, drug dealers and other violent criminal elements”. On Monday US Attorney General William Barr accused Apple…

Read more →

Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations. Yesterday, the Emotet trojan roared back to life after a 3-week vacation with strong spam campaigns that targeted…

Read more →

The US National Security Agency (NSA) has discovered a major flaw in Windows 10 that could have been used by hackers to create malicious software that looked legitimate. Microsoft has issued a patch and said it had seen no evidence…

Read more →

Dating apps Grindr, OkCupid, and Tinder are allegedly spreading user information like sexual preferences, behavioural data, and precise location to advertising companies in ways that may violate privacy laws, according to a study conducted by the Norwegian Consumer Council (NCC).…

Read more →

The oil & gas company is at the heart of the ongoing US presidential impeachment case. Burisma Holdings, a Ukrainian oil & gas company, has been hit with a phishing campaign that began in early November 2019 and is ongoing,…

Read more →

DevOps culture makes things happen faster. Faster delivery, faster testing, faster release. On one hand, it adds control over what is going on in the infrastructure. You can recover faster. You can redeploy your compromised app components. You can roll…

Read more →

The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. A new tactic started by the Maze Ransomware and now used by Sodinokibi ​​​​​​is to steal files from…

Read more →

Five major US wireless carriers – AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams, a danger apparently looming large especially over prepaid accounts, a study by Princeton University researchers has found. SIM swapping attacks, also known…

Read more →

A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. Aging reports (aka schedule of accounts receivable) are collections of…

Read more →

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on,…

Read more →

The attack may have compromised donors’ payment information. A website gathering donations for the victims of the wildfires in Australia has been hit by a credential-skimming attack, placing the payment information of donors at risk. The attack, identified as the…

Read more →

A word that has become synonymous with suspicious, illegal or unscrupulous online activity, it is hard to avoid bots being mentioned in one capacity or another in 2020. Now accounting for 50% of online traffic, bots and the legality of…

Read more →

Bapco, the national oil company of the Persian Gulf island nation of Bahrain, was reportedly targeted in a Dec. 29 disk wiper attack that officials believe originated from Iran-backed hackers. Iran is historically associated with past disk wiper campaigns against…

Read more →

Ring said that four employees were fired because for inappropriate access to customers’ connected video feeds. Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. The disclosure…

Read more →

Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious…

Read more →

Albany International Airport’s staff announced that the New York airport’s administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas. Airport operations were not impacted by the ransomware attack and customers’ financial or personal information…

Read more →

Given that it’s the beginning of a new year, it’s important to remember to be careful what you click on. A school district in Texas learned this the hard way when it lost approximately $2.3 million due to a phishing email…

Read more →

The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array…

Read more →

Multiple European websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase. Two MageCart groups were competing for the credit card data on Perricone MD websites in…

Read more →

Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless. Budget Android smartphones offered through a US government initiative for low-income Americans come with preinstalled, unremovable Chinese malware, researchers report. These low-cost smartphones…

Read more →

Paul Krugman, the Nobel Prize-winning economist and columnist for the New York Times, took to Twitter Wednesday to share some alarming news. “Well, I’m on the phone with my computer security service, and as I understand it someone compromised my…

Read more →

An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn’t go according to plan following a ransomware incident that took place at the start of October 2019. Employees…

Read more →

Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain’s national oil company, ZDNet has learned from multiple sources. The incident took place on December 29. The attack did not have the long-lasting effect…

Read more →

Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android (CVE-2019-2215) to install the app aimed at spying on users. The existence of CVE-2019-2215 was discovered in late 2019 when…

Read more →

Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming…

Read more →

The attack, still under investigation, hit early in the morning of Jan. 7. On the opening day of the huge Consumer Electronics Show (CES), officials in Las Vegas were busy assessing the damage from a cyberattack that hit the city.…

Read more →

The Pittsburgh Unified School District is still recovering from a ransomware attack that took place over the holiday recess, but its superintendent says school is open for business. Janet Schulze, Superintendent, Pittsburg (Pa.) Unified School District, told district members in…

Read more →

An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials. With the rising escalations between the United States and…

Read more →

The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health. Alomere Health is a community-owned and non-profit general medical and surgical hospital with 127 beds that has been twice named…

Read more →

Police are investigating hackers holding Travelex’s computers for ransom, forcing the company’s staff to resort to using pen and paper to record transactions. The firm initially said it had discovered the attack on New Year’s Day and immediately took its systems down,…

Read more →

Recent US military action in Baghdad could prompt retaliatory attacks against US organizations, it says. Concerns about an Iranian cyber response to the recent American military strike in Baghdad grew this week with the US Department of Homeland Security urging…

Read more →

Facebook is rolling out a new set of rules aimed at curbing the spread of manipulated media as the specter of highly convincing deepfake videos looms large over not only the US presidential elections. An announcement by the platform’s vice president of…

Read more →

By John Conwell, data scientist at DomainTools   The security industry is in constant flux. As attackers move the goal posts in order to further their own nefarious aims, the security industry scrambles to keep up. As we approach the beginning…

Read more →

The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran. An obscure US federal website was attacked and vandalized on January 4, resulting in the site being taken down…

Read more →

The communications app faces continued backlash after a New York Times report said it was used as a government spying tool. Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due…

Read more →

The Federal Trade Commission (FTC) finalized a settlement with a Utah-based tech company that got hacked and had the personal info of over a million clients stolen following a series of more than 20 undetected network intrusions. InfoTrax Systems, a…

Read more →

A U.S. government website was vandalized late Saturday by hackers who posted images of a bloodied President Donald Trump being punched in the face and pro-Iran messages. The defaced website was the Federal Depository Library Program (FDLP) website, which makes U.S. federal government…

Read more →

The Austrian State Department’s IT systems were under a ‘serious attack’ suspected to be carried out by a state-backed threat group according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI). “A coordination committee…

Read more →

An ongoing and “serious cyberattack” at Austria’s foreign ministry could be the work of nation-state actors, the country’s government said. The ministry has set up a “coordination committee” to respond to the attack, which started as the country’s Greens party…

Read more →

HappyHotel.jp is a website that operates similarly to Booking.com, but lets registered users search and book rooms in love hotels across Japan. In a message posted on its website, Almex, the company behind the service, said it detected unauthorized access to its servers…

Read more →

A London regimental association is on alert after email scammers posing as the group’s president tried to fool veterans into sending cash. The First Hussars Association, representing about 140 retired members of the London-based regiment, saw its members targeted by…

Read more →

Although it stressed there is no evidence of a specific credible threat to the U.S. after the killing Iranian General Qasem Soleimani, the Department of Homeland Security Saturday issued a National Terrorism Advisory System Bulletin warning of retaliation, including cyberattacks. Source: SC…

Read more →

Artificial intelligence programmers are developing bots that can identify digital bullying and sexual harassment. Known as “#MeTooBots” after the high-profile movement that arose after allegations against the Hollywood producer Harvey Weinstein, the bots can monitor and flag communications between colleagues and are…

Read more →

Tim Mackey, Principal Security Strategist for the Synopsys CyRC (Cybersecurity Research Centre): Politicians, be weary of digital assistants Cyber-attacks on 2020 candidates will become more brazen. While attacks on campaign websites have already occurred in past election cycles, targeted attacks…

Read more →

The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The…

Read more →

KnowBe4, the company that provides the world’s largest security awareness training and simulated phishing platform, today announced a massive year-over-year sales increase with another record-breaking quarter. In the fourth quarter of 2019, KnowBe4 reached 54% growth over Q4 2018, increasing…

Read more →

Sextortion scammers have started to utilize new tactics to bypass spam filters and secure email gateways so that their scam emails are delivered to their intended recipients. Sextortion scams are emails that pretend to be from an attacker who has…

Read more →

Active Network’s Blue Bear Software platform reported that unauthorized activity in its network earlier this year resulted in customer PII being exposed. The company reported the issue to the California Attorney General’s office stating it recently became aware that between Oct. 1,…

Read more →

One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The severity rating of the vulnerability was set to critical as…

Read more →

An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers. Wyze makes smart home cameras and connected devices like connected bulbs and plugs, which can be…

Read more →

It has been reported that Canadian banks are being impersonated in a phishing campaign targeting both individuals and businesses via a large-scale infrastructure shared with previous attacks going back to 2017 and pointing to the same attackers. The infrastructure behind these Canadian focused attacks includes hundreds of…

Read more →