The Emotet malware has started using a spam template that pretends to be an extortion demand from a “Hacker” who states that they hacked the recipient’s computer and stole their data. Emotet is spread through spam emails that commonly use…
Tag: IT SECURITY GURU
Betting firms get access to info on 28M minors in U.K. gov’t education database
Betting firms have used information from a U.K. government-run educational database containing the records of 28 million children to bump up the number of youth who gamble online. The companies gained access to Learning Records Service database – which falls…
600 Computers Removed After Florida Library Cyberattack
600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9. “The county’s technology staff were immediately notified and coordinated…
Is SMS Two-Factor Authentication Secure?
With 2FA and MFA being adopted across the board, cybercriminals have devised a way to circumvent this security measure with a simple technique. By leveraging the easy security questions that mobile providers ask users when they wish to swap operator…
Nest Video New Extortion Scam Looks Like a Spy Game
A new sextortion scam that breaks the typical mold has been detected at the beginning of the year. Fraudsters preying on the insecurity of connected devices used footage from Nest cameras, and led victims through a convoluted path of email…
Synagogue in New Jersey Suffers Sodinokibi Ransomware Attack
Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network. In an email seen by BleepingComputer, Temple Har Shalom informed their congregation that they discovered the…
More firms at risk of VPN exploit similar to the Travelex attack
Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Source: SC Magazine…
615,000+ robo-debts raised since data-matching project’s inception
Services Australia has provided updated statistics on Centrelink’s Online Compliance Intervention (OCI) — robo-debt — program, confirming that from 1 July 2016 through 31 August 2019 there had been 1,159,662 assessments initiated. Services Australia and its predecessor, the Department of…
ADP Users attacked with Phishing Scam Ahead of Tax Season
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links. Cybercriminals eager to jump-start tax season have launched a phishing campaign targeting some ADP users, telling them their W-2 forms are ready and prompting…
CVE-2020-0601, Are You Vulnerable?
What is it? A man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 – when an authenticated attacker is on the target system, they can use a spoofed code-signing certificate to sign malicious executables making the file appear as if…
Clop Ransomware is also a CryptoMix Variant
When Clop was discovered by Jakub Kroustek in February 2019, all indicators showed that it was a new CryptoMix with the .CLOP, or in some circumstances .CIOP, extension tagged onto encrypted files. Since this discovery, the ransomware operators behind Clop have steadily…
BSOD caused by new Windows Malware Disguised as WAV
Security researchers from Guardicore revealed a sophisticated malware attack that managed to compromise some 800 devices belonging to a medium-sized company in the medical tech industry. In a technical analysis of the attack, Guardicore explains that the malware infection was disguised as…
WeLeakInfo seized by FBI, website that sold data breached access
US authorities have seized this week the domain of WeLeakInfo.com, an online service that for the past three years has been selling access to data hacked from other websites. The website provided access to people’s cleartext passwords, allowing hackers to purchase…
WordPress Plugin Bugs allows Hackers Wipe or Takeover Your Site
Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in the database. Source: Bleeping Computer The post…
Phishing Emails Used to Target the United Nations
The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations. In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway to the United Nations (UN).…
Petition to revoke of export license of Israeli spyware firm NSO
Amnesty International said Tuesday it will petition the courts to revoke the export license of NSO Group, an Israeli firm that makes phone spyware that the rights group says is being used to violate civil rights around the world. A…
Victims infected by Ako Ransomware spam
It has been discovered that the network-targeting Ako ransomware is being distributed through malicious spam attachments that pretend to be a requested agreement. Last week we reported on the Ako Ransomware and how it was targeting companies with the intent to encrypt their…
Iran will Deploy Wiper Malware in Response to U.S. Military Strike
Amidst rising tensions after the United States killed Qassem Soleimani, the chief of Iran’s Quds Force, in a drone strike in Baghdad last week, security experts and U.S. government officials warn that Iran may retaliate with cyberattacks. Iran-based attack groups…
Customer account information in P&N Bank data breach
On Wednesday, a security researcher going under the Twitter handle @vrNicknack pinged Troy Hunt, the operator of the Have I Been Pwned? search engine, with a notice he had received from the bank. P&N Bank, a division of Police & Nurses Limited and operating…
Trump launches new attack on Apple over privacy
US President Donald Trump has launched a fresh attack on Apple. He tweeted that the company was refusing to unlock iPhones “used by killers, drug dealers and other violent criminal elements”. On Monday US Attorney General William Barr accused Apple…
Emotet Malware Phishing Attack Targets United Nations
Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations. Yesterday, the Emotet trojan roared back to life after a 3-week vacation with strong spam campaigns that targeted…
NSA reveals key flaw in Microsoft’s Windows 10 code
The US National Security Agency (NSA) has discovered a major flaw in Windows 10 that could have been used by hackers to create malicious software that looked legitimate. Microsoft has issued a patch and said it had seen no evidence…
Grindr, OkCupid, and Tinder have breached GDPR regulations
Dating apps Grindr, OkCupid, and Tinder are allegedly spreading user information like sexual preferences, behavioural data, and precise location to advertising companies in ways that may violate privacy laws, according to a study conducted by the Norwegian Consumer Council (NCC).…
Phishing Attack ‘Fancy Bear’ Targets Ukrainian Oil Firm
The oil & gas company is at the heart of the ongoing US presidential impeachment case. Burisma Holdings, a Ukrainian oil & gas company, has been hit with a phishing campaign that began in early November 2019 and is ongoing,…
The effects of DevOps on enterprise security
DevOps culture makes things happen faster. Faster delivery, faster testing, faster release. On one hand, it adds control over what is going on in the infrastructure. You can recover faster. You can redeploy your compromised app components. You can roll…
Non-Paying Victim’s Data leaked by Nemty Ransomware
The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. A new tactic started by the Maze Ransomware and now used by Sodinokibi is to steal files from…
SIM swapping attacks from 5 major US wireless carriers
Five major US wireless carriers – AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams, a danger apparently looming large especially over prepaid accounts, a study by Princeton University researchers has found. SIM swapping attacks, also known…
New Targets Found from BEC Scammers Using Phishing
A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. Aging reports (aka schedule of accounts receivable) are collections of…
Wake-on-Lan used by Ryuk Ransomware To Encrypt Offline Devices
The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on,…
Magecart Attacks Website Collecting Australian Fire Donations
The attack may have compromised donors’ payment information. A website gathering donations for the victims of the wildfires in Australia has been hit by a credential-skimming attack, placing the payment information of donors at risk. The attack, identified as the…
Inside the murky world of bots
A word that has become synonymous with suspicious, illegal or unscrupulous online activity, it is hard to avoid bots being mentioned in one capacity or another in 2020. Now accounting for 50% of online traffic, bots and the legality of…
‘Dustman’ disk wiper attacks Bahraini oil company
Bapco, the national oil company of the Persian Gulf island nation of Bahrain, was reportedly targeted in a Dec. 29 disk wiper attack that officials believe originated from Iran-backed hackers. Iran is historically associated with past disk wiper campaigns against…
Ring Employees Caught Spying on Customers
Ring said that four employees were fired because for inappropriate access to customers’ connected video feeds. Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. The disclosure…
Credit Card Skimming Attack Targets Australia Bushfire Donors
Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors. This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious…
New York Airport Systems attacked by Sodinokibi Ransomware
Albany International Airport’s staff announced that the New York airport’s administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas. Airport operations were not impacted by the ransomware attack and customers’ financial or personal information…
School in Texas Lost $2.3 Million in a Phishing Scam
Given that it’s the beginning of a new year, it’s important to remember to be careful what you click on. A school district in Texas learned this the hard way when it lost approximately $2.3 million due to a phishing email…
Exploited zero-day flaw patched by Mozilla
The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array…
European Skin Care Sites attacked by Card-Stealing Scripts
Multiple European websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase. Two MageCart groups were competing for the credit card data on Perricone MD websites in…
US Government-Funded Phones found with Chinese Malware Preinstalled
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless. Budget Android smartphones offered through a US government initiative for low-income Americans come with preinstalled, unremovable Chinese malware, researchers report. These low-cost smartphones…
Nobel laureate Paul Krugman fell for a phishing scam
Paul Krugman, the Nobel Prize-winning economist and columnist for the New York Times, took to Twitter Wednesday to share some alarming news. “Well, I’m on the phone with my computer security service, and as I understand it someone compromised my…
300 without jobs because Company shuts down of ransomware
An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn’t go according to plan following a ransomware incident that took place at the start of October 2019. Employees…
National oil company hit by new Iranian data wiper
Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain’s national oil company, ZDNet has learned from multiple sources. The incident took place on December 29. The attack did not have the long-lasting effect…
Google Play has exploited Android bug which delivers spyware
Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android (CVE-2019-2215) to install the app aimed at spying on users. The existence of CVE-2019-2215 was discovered in late 2019 when…
Ransomware manages to find its way into enterprise networks
Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming…
CES Suffers Cyberattack on First Day in Las Vegas
The attack, still under investigation, hit early in the morning of Jan. 7. On the opening day of the huge Consumer Electronics Show (CES), officials in Las Vegas were busy assessing the damage from a cyberattack that hit the city.…
Pittsburgh Unified School District hit by ransomware
The Pittsburgh Unified School District is still recovering from a ransomware attack that took place over the holiday recess, but its superintendent says school is open for business. Janet Schulze, Superintendent, Pittsburg (Pa.) Unified School District, told district members in…
Iran Cyberattack Scare exploited by Microsoft Phishing Scam
An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials. With the rising escalations between the United States and…
Minnesota Hospital Breach Exposes Medical Info of Roughly 50K
The personal and medical information of 49,351 patients was exposed following a security incident involving two employees’ email accounts as disclosed by Minnesota-based Alomere Health. Alomere Health is a community-owned and non-profit general medical and surgical hospital with 127 beds that has been twice named…
Travelex suffers ransomware attack and results to pen and paper
Police are investigating hackers holding Travelex’s computers for ransom, forcing the company’s staff to resort to using pen and paper to record transactions. The firm initially said it had discovered the attack on New Year’s Day and immediately took its systems down,…
Warning of Potential Iranian Cyberattacks by DHS
Recent US military action in Baghdad could prompt retaliatory attacks against US organizations, it says. Concerns about an Iranian cyber response to the recent American military strike in Baghdad grew this week with the US Department of Homeland Security urging…
Deepfakes banned by Facebook but not all altered content
Facebook is rolling out a new set of rules aimed at curbing the spread of manipulated media as the specter of highly convincing deepfake videos looms large over not only the US presidential elections. An announcement by the platform’s vice president of…
2020 in cyber: The view from the security frontline
By John Conwell, data scientist at DomainTools The security industry is in constant flux. As attackers move the goal posts in order to further their own nefarious aims, the security industry scrambles to keep up. As we approach the beginning…
US Government Publishing Office Website attack
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran. An obscure US federal website was attacked and vandalized on January 4, resulting in the site being taken down…
ToTok has Returned to Google Play Despite Claims being a ‘Spy Tool’
The communications app faces continued backlash after a New York Times report said it was used as a government spying tool. Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due…
InfoTrax Breached 20+ Times
The Federal Trade Commission (FTC) finalized a settlement with a Utah-based tech company that got hacked and had the personal info of over a million clients stolen following a series of more than 20 undetected network intrusions. InfoTrax Systems, a…
Pro-Iran Messages sent by Hackers Deface U.S. Gov
A U.S. government website was vandalized late Saturday by hackers who posted images of a bloodied President Donald Trump being punched in the face and pro-Iran messages. The defaced website was the Federal Depository Library Program (FDLP) website, which makes U.S. federal government…
Austria Unprepared After Cyberattack on Foreign Ministry Says MP
The Austrian State Department’s IT systems were under a ‘serious attack’ suspected to be carried out by a state-backed threat group according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI). “A coordination committee…
Ongoing cyberattack State actors may be behind Austria’s foreign ministry
An ongoing and “serious cyberattack” at Austria’s foreign ministry could be the work of nation-state actors, the country’s government said. The ministry has set up a “coordination committee” to respond to the attack, which started as the country’s Greens party…
Japanese sex hotels search engine announces security breach
HappyHotel.jp is a website that operates similarly to Booking.com, but lets registered users search and book rooms in love hotels across Japan. In a message posted on its website, Almex, the company behind the service, said it detected unauthorized access to its servers…
Email scammers angle for cash by attacking London veterans group
A London regimental association is on alert after email scammers posing as the group’s president tried to fool veterans into sending cash. The First Hussars Association, representing about 140 retired members of the London-based regiment, saw its members targeted by…
Iran retaliation may include cyberattacks warns DHS
Although it stressed there is no evidence of a specific credible threat to the U.S. after the killing Iranian General Qasem Soleimani, the Department of Homeland Security Saturday issued a National Terrorism Advisory System Bulletin warning of retaliation, including cyberattacks. Source: SC…
AI developed in robots to detect harassment in emails
Artificial intelligence programmers are developing bots that can identify digital bullying and sexual harassment. Known as “#MeTooBots” after the high-profile movement that arose after allegations against the Hollywood producer Harvey Weinstein, the bots can monitor and flag communications between colleagues and are…
Cybersecurity Predictions for 2020: What Do Experts Think?
Tim Mackey, Principal Security Strategist for the Synopsys CyRC (Cybersecurity Research Centre): Politicians, be weary of digital assistants Cyber-attacks on 2020 candidates will become more brazen. While attacks on campaign websites have already occurred in past election cycles, targeted attacks…
Ransomware Attack on Maritime Facility Results in Coast Guard Warning
The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The…
Security Awareness Training Company KnowBe4 Enters 2020 with Record Growth
KnowBe4, the company that provides the world’s largest security awareness training and simulated phishing platform, today announced a massive year-over-year sales increase with another record-breaking quarter. In the fourth quarter of 2019, KnowBe4 reached 54% growth over Q4 2018, increasing…
Sextortion Email Scammers are Trying Out New Tactics to Circumnavigate Spam Filter
Sextortion scammers have started to utilize new tactics to bypass spam filters and secure email gateways so that their scam emails are delivered to their intended recipients. Sextortion scams are emails that pretend to be from an attacker who has…
Active Network, A School Software Vendor, Suffers Data Breach
Active Network’s Blue Bear Software platform reported that unauthorized activity in its network earlier this year resulted in customer PII being exposed. The company reported the issue to the California Attorney General’s office stating it recently became aware that between Oct. 1,…
Starbucks Devs Leave API Key in GitHub Public Repo
One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The severity rating of the vulnerability was set to critical as…
IoT Company Wyze Suffered a Leak of 2.4m Emails and Device Data
An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers. Wyze makes smart home cameras and connected devices like connected bulbs and plugs, which can be…
Hackers Impersonate Canadian Banks In Two-year Long Phishing Attack
It has been reported that Canadian banks are being impersonated in a phishing campaign targeting both individuals and businesses via a large-scale infrastructure shared with previous attacks going back to 2017 and pointing to the same attackers. The infrastructure behind these Canadian focused attacks includes hundreds of…