• Stolen Data Prices on Dark Web Slug Due to Changing Data Breach Trends
    It now costs less than $10 for full credit details on a consumer and $50 for access to a US bank account. Over 78 percent of the illicit trade of stolen cards can be attributed to only a dozen of Dark Web markets.Read More
  • Newly Discovered ‘Cutlet Maker’ Malware Used in Series of Jackpotting Attacks on ATMs in Germany
    ‘Cutlet Maker’ was used by attackers to steal around $1.5 million from ATMs in Germany. A total of 10 different jackpotting incident involving the malware had taken place between February and November 2017.Read More
  • A Quick Look At NEI 08-09, The Cybersecurity Backbone For Nuclear Power Industry
    The NEI 08-09 is a Cyber Security plan to protect the public from radiological sabotage in the event of a cyberattack on nuclear plants. It outlines a defensive architecture and various security controls.Read More
  • STOP, Dharma, Phobos, and GlobeImposter 2.0 Ransomware Spread Further In Q2 And Q3 2019
    STOP ransomware accounted for 56 percent of all ransomware samples detected between April and September 2019. The Dharma ransomware variant that appends the .cezar extension to encrypted files grabbed 12 percent of all ransomware samples detected.Read More
  • The Butterfly Effect: How Compromise Of Few NPM Package Maintainers Can Lead To Security Chaos?
    The lack of maintenance causes many packages to depend on vulnerable code and the study revealed that up to 40% of all packages depend on code with at least one publicly known vulnerability. Highly popular packages directly or indirectly influence many other packages (often more than 100,000), thereby increasing the risk of malware injection attacks.Read More
  • US Cyber Command’s ‘Hack The Proxy’ Program Uncovers Over 30 Vulnerabilities
    Out of the 31 vulnerabilities discovered, 9 were “high severity” vulnerabilities and 1 was found to be a “critical” vulnerability. The top bug bounty hunter, who is based in the US, earned a total of $16,000.Read More
  • Australia Introduces New Telco Regulations To Combat Phone Scams
    The Australian government has introduced new telco regulations to fight against phone scams. An action plan to prevent telephone scams is expected to be released in November.Read More
  • New Click Fraud Scam Uses Fake Checkra1n iOS Jailbreak
    Scammers are taking advantage of this new jailbreak tool and are hosting fake checkrain[.]com website that claims to give iPhone users the ability to jailbreak their phones. However, this fake website urges users to download a malicious profile which allows the scammer to conduct click fraud.Read More
  • 'Sextortion botnet spreads 30,000 emails an hour’
    Image copyright Check Point Image caption A portion of one typical email sent by the botnet A botnet is a network of computers taken over by hackers using malicious software typically spread via infected web pages or email attachments. Security company Check Point said this latest sextortion attack used the Phorpiex botnet, active for more than a decade. Spreading an email campaign across a botnet in this way would reduce the risk of the emails being flagged as spam - though it’s not clear how many were able to reach people’s inboxes. “The criminals are getting smart enough to use a larger botnet and sending fewer emails per machine,” said Mr Henderson, who was not involved in Check Point’s research but has observed the same botnet in operation. A typical email sent by the botnet - with the subject line: “Save Yourself” - will say: “My malware gave me full access to all your accounts (see password above), full control over your computer and it was possible to spy on you over your webcam.”Read More
  • Scammers Using Hacked Servers, Bogus Links to Target LinkedIn Users
    Digital fraudsters are using compromised servers and bogus links in an ongoing effort to target LinkedIn members with scams. The scam began when a Sophos employee received what it appeared to be an unexceptional email from someone they know in real life and with whom they keep in touch on LinkedIn. The suspicious LinkedIn message received by the Sophos team member. This action landed the user on a page whose URL ended with “/office365,” which would suggest it was a phishing landing site page at one time. Curious, the Sophos team decided to append related text to “www.businessinsight.” They found a number of subdomains that all redirected to different “dating portals” using the same PHP redirection script as the one they uncovered on the U.S. entertainer’s website. Nevertheless, the redirection script provided the crooks with a general-purpose mechanism for running a range of different spamming, phishing and scamming campaigns at the same time, with the target site determined by the URL that the crooks used each time.Read More
  • Cryptojacking worm uses Docker to infect over 2,000 systems to secretly mine Monero
    The worm propagation Unit 42 said it discovered the worm late last month after the same malicious image in question appeared across several unsecured Docker hosts discovered via Shodan, a search engine used to identify systems that are connected to the internet. Once remotedly deployed and installed, the contaminated container image — which also comprises of a program to contact other hosts — connects to a remote command-and-control server to periodically query for vulnerable hosts and select a target at random to spread the worm. “We have a growing concern attackers will continue to exploit these issues in unpatched instances to spread their footprint by escaping containers and gaining persistence on the container hosts and more can definitely be done to secure them,” Chen told TNW.Read More
  • Phishing Email Spoofing Telstra Uses ‘$500 Gift Card Reward’ To Trick Users
    MailGuard has detected a new phishing email scam purporting to be from Telstra. Using a display name of ‘Telstra’ with a domain to match, the email originates from a single forged email address. The email’s body incorporates the Telstra logo and branding and advises the recipient that they need to claim their gift card reward before ‘18/10/2019’. A ‘claim link’ is provided for recipients to click on to access their gift card. Unsuspecting recipients who click on the link to claim their award are redirected to a second URL which simulates a Telstra login page. Beware of a scam email containing a fake Telstra bill that’s doing the rounds.Read More
  • New SDBot Remote Access Trojan Used in TA505 Malspam Campaigns
    Proofpoint says that this malicious behavior follows a pattern first observed in 2018 when the researches found that numerous bad actors began ramping up their distribution of "downloaders, backdoors, information stealers, remote access Trojans (RATs), and more" after slowly abandoning ransomware as a primary payload in attacks. "The downloader collects basic system information and sends it via an HTTP POST request to a hardcoded command and control (C&C) server." Malspam campaigns directed at new targets In early September, Proofpoint observed tens of thousands of phishing emails part of a new TA505 campaign delivering Microsoft Excel attachments to English and Greek-speaking targets from financial institutions in "Greece (a new country target for TA505), Singapore, United Arab Emirates, Georgia, Sweden, Lithuania, and a few other countries." This is also the time when Proofpoint's research team also started observing the TA505 actors actively using their new Get2 malware as the initial downloader in their attacks.Read More
  • WordPress 5.2.4 Patches Six Vulnerabilities
    WordPress 5.2.4, which WordPress developers released this week, patches six vulnerabilities, including cross-site scripting (XSS), unauthorized access, server-side request forgery (SSRF), and cache poisoning issues. The latest update, which WordPress developers have described as a short-cycle security release, addresses vulnerabilities impacting WordPress 5.2.3 and earlier. Evan Ricafort informed WordPress developers that the Customizer component, which allows users to make modifications to the WordPress theme, is affected by a stored XSS flaw. “A PoC could be created for each issue with more research, or the original vulnerability researchers themselves may release them in the future, once enough WordPress users have updated to version 5.2.4.” The previous WordPress update, version 5.2.3, released in early September, patched several XSS vulnerabilities. WordPress websites are often targeted by hackers, and while some attacks have involved vulnerabilities in WordPress itself, a majority have exploited plugin vulnerabilities.Read More
  • Montgomery County Public Schools forces password reset after Naviance hacked
    The cover email, from Luana Zimmerman of college career service Naviance began: Due to a recent data security incident in Naviance that affected one of our high schools, MCPS is requiring all MCPS students who use Naviance (6th –12th grade) to reset their password. MCPS is resetting Naviance passwords for all MCPS students to ensure that student information stays safe, in an abundance of caution. As of 4:30pm, today, October 14, any student attempting to log into Naviance, whether at home or at school, will be prompted to change their password. Naviance’s notice, below, explains that on October 3, it suffered a brute force attack that impacted 1,343 Naviance student accounts and one parent/guardian account at Wheaton High School. The brute force attack occurred over a two-hour period in the evening, and “The unauthorized user attempted many username and password combinations,eventually gaining access to 1,344 accounts.” Naviance does not explain why a brute force attack didn’t trigger a lockout or other defensive measures.Read More
  • Whirlpool Exposed Database with 28 Million Records from Connected Home Appliances
    Upon closer investigation, I came to conclusion that data was part of Whirlpool cloud infrastructure and database was used to collect the information from IoT connected home appliances, such as: customer email SAID number (smart appliance ID) – unique number used to sync a smart device with your appliance model name and number different attributes of the scanned appliance etc. I have immediately notified Whirlpool security team on the incident and within next 24 hours both database and service instance were pulled offline. Upon internal investigation which took several days, company provided me with the following statement: Our company was recently made aware of a potential security concern with respect to one of its databases.  The database was immediately taken offline and secured. While I cannot verify or deny the number of emails compromised in this incident, I was still worried by the fact that smart appliances are scanned on a regular basis to gather emails and other attributions.Read More
  • How the Army must (re)envision integrating cyber tools
    Commanders are now recognizing that cyber has to be integrated with traditional ground operations, which means they will need to be able to understand and visualize that environment in order to plan operations and maneuver within it alongside physical troops. The Army, in fact, is expected to release a request for information for a program called Cyber Situational Understanding, a command post tool that will help commanders envision the cyber environment. In looking at how to support the Army in this effort, Valentino said his company has been focused on understanding how to incorporate cyber situational awareness and understanding into mission command at the tactical level. “Data is going to be sometimes more important than ammunition and fuel, and other times it’s going to enable those other things.” Franz, who was the former director of operations at U.S. Cyber Command, also explained that Accenture is in the beginning stages of intellectual thought on how to conduct mission command in a digital environment.Read More
  • Domain Typosquatters Target the 2020 Presidential Election
    In a new report by cybersecurity firm Digital Shadows, researchers have analyzed over 550 typosquats for the 34 candidates and election-related domains and put them into one of the three categories; misconfigured or illegitimate sites, non-malicious, or redirects. "Altogether, we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research," Digital Shadows explained in their report. "Not every single one was something interesting; most of the time the typosquatted domain was simply parked and not hosting content. Examples of misconfigured or illegitimate typosquats  (Source: Digital Shadows) Non-malicious typosquat domains are ones that are designed hurt the brand of the political candidate or party. Malicious redirects  (Source: Digital Shadows) Of these different types of typosquats, 68% are redirects that bring visitors to sites promoting malicious browser extensions or other unwanted content.Read More