Month: October 2020

Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed “Operation Earth Kitsune” by Trend Micro, the campaign involves the use of SLUB (for SLack and githUB) malware and two
The Information Commissioner’s Office (ICO) has fined hotel chain Marriott International £18.4m over a data breach that exposed the information of millions of guests worldwide.  The UK’s independent body set up to uphold information rights imposed the financial penalty on Marriott for “failing to keep millions of customers’ personal data secure.” In November 2018, Marriott reported a data breach that
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting “dozens of known vulnerabilities” to target widely-used content management systems (CMS). The “KashmirBlack” campaign, which is believed to have started around November 2019, aims for popular CMS platforms such as WordPress, Joomla!, PrestaShop, Magneto, Drupal, Vbulletin, OsCommerence, OpenCart, and
United States Assistant Attorney General Beth Williams has called for people to come together to protect children from being exploited.  Speaking yesterday at a Columbia Law School virtual event, Williams said: “Addressing the problem of online child exploitation requires that all of civil society work collaboratively—including law enforcement, non-governmental organizations, private industry, and individual citizens.”
A view of the Q3 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to have gone “back
The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an “imminent” increase in ransomware and other cyberattacks against hospitals and healthcare providers. “Malicious cyber actors are targeting the [Healthcare and Public Health] Sector with TrickBot malware, often leading to ransomware
An urban regeneration project is seeking to train a “digital army” of young people to protect the United Kingdom’s businesses and organizations from cyber-attackers.  The HALO project is seeking to recruit people aged 16-24 under its #RockStars program and train them “in the latest digital and cyber skills and techniques” from a new site in Kilmarnock,
by Paul Ducklin Do you look after any sort of social media content? If so, especially if it’s business related, you’ve probably received your fair share of copyright infringement complaints. No matter how scrupulous you are about correctly licensing and attributing your content, you may be the victim of a scurillous or over-zealous complainant. For
Schools have admitted to creating gaps in their security by rapidly transitioning to remote education in an attempt to slow the spread of COVID-19. The admission was announced today by cybersecurity company Netwrix, as one of several additional findings from its “2020 Cyber Threats Report“ that examined how the coronavirus pandemic and remote learning initiatives have changed the IT
Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. “Links shared in chats may contain private information intended only for the
The US Space and Rocket Center and the Federal Bureau of Investigation have entered into a joint agreement in support of US Cyber Camp. The camp is the newest of four STEM (science, technology, engineering, and mathematics) camp programs to be launched by the Rocket Center, a museum in Alabama that showcases the rockets, achievements, and
A federal judge has approved a multi-million-dollar settlement to resolve claims made by financial institutions against Equifax following a data breach three years ago.  Between May and June 2017, cyber-criminals gained access to around 150 million records of Atlanta-based credit monitoring service Equifax by exploiting an unpatched Apache Struts vulnerability.  The breach impacted roughly 56% of America’s population and
The former systems administrator of an American department store has been arrested after allegedly hacking into his ex-employer’s private network to give his former colleagues paid holidays.  New Yorker Hector Navarro is accused of creating a “superuser” account that allowed him to access a computer system of Century 21 after he resigned from his position at the company. Navarro
Scammers even run their own dark-web “travel agencies”, misusing stolen loyalty points and credit card numbers The hospitality, travel, and retail industries, which have been hit particularly hard by the COVID-19 pandemic, have also been increasingly targeted by cybercriminals seeking to profit from the dire situation, a report has found. “During the lockdowns in Q1
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting
A malicious hacker has been blamed for a series of lewd messages that emanated from the social media account of a US military base on Wednesday. Followers of Fort Bragg’s official Twitter account were surprised by the sexual content of a number of tweets that began to appear at around 4:30pm ET.  The tweets were
by Anthony Merry October is Cybersecurity Awareness Month.We asked Anthony Merry, senior director, Product Management at Sophos, for his top mobile privacy tips. If you’ve updated your Apple phone or your Android to the latest version – iOS 14 and Android 11 respectively – you may have noticed that they come with enhanced privacy controls.
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users’ data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed “GravityRAT” — now masquerades as legitimate Android and macOS apps to
Customers of an Oregon retailer have become victims of fraud after their financial information was exposed in a sustained data breach. Data belonging to thousands of customers of Made in Oregon was compromised in a breach that lasted six months. Made in Oregon is a regional vendor with five stores in the Portland area. According to the gift retailer,