Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January. Oxfam Australia is a charity focused on alleviating poverty in Africa, Asia, and the middle east. The charity is part of a confederation of twenty individual charities operating under the Oxfam name. first to report that a threat actor was selling a stolen Oxfam Australia database containing 1.7 million user records. READ MORE...
Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program. Starting yesterday, Malaysia Airlines began emailing members of their Enrich rewards program to disclose that they were affected by a data breach. According to Malaysia Airlines, the breach occurred at a third-party IT service provider who notified the airline that member data was exposed between March 2010 and June 2019. READ MORE...
Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China. Microsoft has released patches for four critical vulnerabilities being used to target on-premises versions of Microsoft Exchange Server in "limited and targeted" attacks. It attributes the activity to a group called Hafnium, which officials believe is state-sponsored and operates out of China. READ MORE...
A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks. Hackers painted a bullseye on the backs of online financial institutions in 2020 as the pandemic shuttered local branch offices and forced customers online. Over the past 12 months, incidents of adware nearly tripled. And, overall in 2020 researchers saw a slight drop in the number of mobile cyberattacks, according to a report released Monday by Kaspersky. READ MORE...
The Gootloader malware loader, previously used for distributing the Gootkit malware family, has undergone what researchers call a "renaissance" when it comes to payload delivery. New research released this week paints Gootloader as an increasingly sophisticated loader framework, which has now expanded the number of payloads its delivers beyond Gootkit (and in some cases, the previously-distributed REvil ransomware), to include the Kronos trojan and the Cobalt Strike commodity malware. READ MORE...
The developer of the 16Shop phishing platform has added a new component that targets users of the popular Cash App mobile payment service. Deployment of the new 16Shop product started as soon as it became available, luring potential victims into providing sensitive details that would give fraudsters access to the account and the associated payment information. 16Shop is a complex phishing kit from a developer known as DevilScream. READ MORE...
SolarWinds, the federal contractor breached by suspected Russian hackers, acknowledged investigations and inquiries from the Securities and Exchange Commission, the Department of Justice and several state attorneys general, in a filing on Monday. The Texas-based company disclosed the investigations, which include inquiries related to the European Union's General Data Protection Regulation, in its annual report to investors Monday. READ MORE...
A Texas jury has ordered Intel to pay $2.18 billion in damages for infringing two patents. The lawsuit was filed by VLSI Technology LLC, a 4-year-old firm that Intel says has no products and no sources of revenue besides patent litigation. The patents at issue in the case previously belonged to NXP Semiconductors, a Dutch company that spun off from Philips in 2006. NXP acquired the patents when it bought Freescale Semiconductor (itself a spinoff of Motorola) in 2015. READ MORE...