Cyber Security

This is where news and updates on Cyber Security are published on a daily basis.

0 Comments
Credit-card skimming malware has been detected on the website of a mobile virtual network operator (MVNO).  According to new research published yesterday by Malwarebytes Labs, cyber-criminals have launched a successful attack against Boom! Mobile that is ongoing. Headquartered in Oklahoma, Boom! Mobile is a wireless provider that sells contract-free cell phone plans to its customers.  “Our crawlers recently
0 Comments
An advanced persistent threat (APT) espionage campaign that uses a rare form of malware has been observed attacking diplomats and members of NGOs.  The campaign, which relies on a firmware bootkit, was identified by researchers at Kaspersky who were operating UEFI/BIOS scanning technology. The previously unknown malware was identified in the Unified Extensible Firmware Interface (UEFI). UEFI firmware
0 Comments
Cybersecurity researchers have found critical security flaws in two popular industrial remote access systems that can be exploited to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. The flaws, discovered by Tel Aviv-based OTORIO, were identified in B&R Automation’s SiteManager and GateManager, and MB Connect Line’s
0 Comments
The United States Treasury has warned companies that they could be fined for paying or facilitating ransom payments to cyber-criminal gangs.  An advisory published yesterday by the Treasury’s Office of Foreign Assets Control (OFAC) stated: “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in
0 Comments
ESET researchers discover surprisingly many indicators of close cooperation among Latin American banking trojans’ authors ESET has published a white paper detailing its findings about interconnectivity of Latin American banking trojan families. The white paper was also published by Virus Bulletin. For a long time, Latin American banking trojans were looked upon as one group
0 Comments
A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that’s more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin, 32, of Moscow hacked into servers belonging to three American social media firms, including
0 Comments
Two men are to go before the US federal court after being charged with the unauthorized takeover of social media accounts belonging to American football and basketball stars. Trevontae Washington and Ronnie Magrehbi have each been charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer fraud
0 Comments
Threat researchers have spotted a new kind of cyber-attack that uses a variant of Mirai malware to target a port used by IoT devices. The attack, orchestrated by someone using the alias “Priority,” was detected by a team at Juniper Threat Labs. Priority appears to have been up to no good since September 10. Researchers noted that
0 Comments
A month teaching us that when everyone pitches in and does their part, then almost everyone is protected October is a month associated with many things, including stunning fall foliage displays and various global and national celebrations. In many parts of the world, people are thinking up costumes for the parties that will be happening
0 Comments
A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. “Compared to the versions documented in 2017, Android/SpyC23.A has extended spying functionality, including reading notifications from messaging
0 Comments
Microsoft resolves a service disruption that affected Office 365, Outlook.com, Teams and other cloud-based services Microsoft has fixed problems affecting its online authentication systems that left a portion of its userbase locked out of multiple cloud-based services unless they were logged in already. The issues, which occurred on Monday evening, have since been resolved and
0 Comments
The world’s second-biggest fashion retailer was today handed a monumental fine for violating the European Union’s General Data Protection Regulation (GDPR).  A German subsidiary of Hennes & Mauritz AB (H&M) was fined €35,258,707.95 by regulatory body the Hamburg Data Protection Authority (HmbBfDI) for excessive use of employee data. H&M employs around 126,000 people globally. The fine imposed
0 Comments
Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago. Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software
0 Comments
Researchers at an Israeli operational technology (OT) company have discovered multiple critical vulnerabilities in two popular industrial remote access software solutions. The flaws can be exploited to access industrial production floors, break into company networks, tamper with data, or steal highly sensitive trade secrets.  Researchers at Otorio discovered the vulnerabilities in remote access systems made by Austrian
0 Comments
Threat actors may spread false claims about compromised voting systems in order to undermine confidence in the electoral process The United States’  Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint announcement aimed at raising awareness about threats posed by disinformation campaigns that may target voters during the
0 Comments
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the Netlogon Remote Control Protocol
0 Comments
The owner of a Bitcoin exchange has become the seventeenth person to be convicted in the United States in connection with a transnational multi-million-dollar online auction fraud scheme that victimized over 900 Americans. Rossen Iossifov was found guilty yesterday by a federal jury in Frankfort, Kentucky, of one count of conspiracy to commit racketeering and one count
0 Comments
Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay
0 Comments
A health insurance company in Washington state has been slapped with the second-largest ever HIPAA violation penalty. The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85m penalty on Premera Blue Cross to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Premera Blue Cross is a
0 Comments
As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution to enable
0 Comments
A 13-year-old boy has been arrested in the United States after allegedly hacking into an Indiana school district’s computer system.  The unnamed teen was arrested after repeated cyber-attacks were launched against Valparaiso Community Schools.  School officials reported regular assaults on the district’s e-learning systems that disrupted instruction by causing students to become disconnected from their