DarkSide: New targeted ransomware demands million dollar ransoms
A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts. Starting around August 10th, 2020, the new ransomware operation began performing targeted attacks against numerous companies. In a "press release" issued by the threat actors, they claim to be former affiliates who had made millions of dollars working with other ransomware operations. After not finding a "product" that suited their needs. READ MORE...
No hacking needed: Someone duped Experian into handing over data in breach affecting 24 million South Africans
For fraudsters looking to swindle big corporations, sometimes it's just a matter of asking. Earlier this week, the South African division of credit reporting giant Experian revealed that someone posing as a client had tricked the firm into coughing up personal information on an untold amount of South African consumers. The South African Banking Risk Information Centre (SABRIC), an association of banks focused on combating crime, put a number on the breach: up to 24 million people. READ MORE...
WordPress WooCommerce stores under attack, patch now
Hackers are actively targeting and trying to exploit SQL injection, authorization issues, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities in the Discount Rules for WooCommerce WordPress plugin with more than 30,000 installations. Discount Rules for WooCommerce is a plugin that makes it simple to manage product pricing and discount campaigns on WooCommerce online stores. We have seen an influx of attacks against this vulnerability. READ MORE...
Iranian hackers attack exposed RDP servers to deploy Dharma ransomware
Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity. The new group is deploying Dharma ransomware. Based on forensic artifacts, this is a non-sophisticated, financially-motivated gang that is new to cybercrime. The threat actor is not greedy. Their demand is between 1-5 Bitcoin (currently $11,700 - $59,000), which is on the lower range of ransom demand. READ MORE...
Freepik data breach: Hackers stole 8.3M records via SQL injection
Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website. Freepik is the company behind Freepik (one of the largest online graphic resources sites in the world) and Flaticon (an icon database platform) totaling 18 million monthly unique users, 50 million monthly views, and 100 million monthly downloads. READ MORE...
'Just tell me how to fix my computer:' a crash course on malware detection
Malware. You've heard the term before, and you know it's bad for your computer-like a computer virus. Which begs the question: Do the terms "malware" and "computer virus" mean the same thing? How do you know if your computer is infected with malware? Is "malware detection" just a fancy phrase for antivirus? For that matter, are anti-malware and antivirus programs the same? And let's not forget about Apple and Android users, who are probably wondering if they need cybersecurity software at all. READ MORE...
'Next-Gen' Supply Chain Attacks Surge 430%
Attackers are increasingly seeding open source projects with compromised components. As commercial and enterprise software developers become more disciplined about keeping their open source software components updated to reduce the risk of software supply chain attacks, the bad guys are getting craftier: Researchers warn that they're over-running open source projects to turn them into malware distribution channels. It used to be that attackers simply preyed on existing vulnerabilities. READ MORE...
Malicious iOS SDK breaches user privacy for millions
Researchers discovered a malicious functionality within the iOS MintegralAdSDK (aka SourMint), distributed by Chinese company Mintegral. According to Snyk, SourMint actively performed ad fraud on hundreds of iOS apps and brought with it major privacy concerns to hundreds of millions of consumers. On the surface, the MintegralAdSDK posed as a legitimate advertising SDK for iOS app developers, but its malicious code appeared to commit ad attribution fraud. READ MORE...
Protect your organization in the age of Magecart
The continuing wave of attacks by cybercriminal groups known under the umbrella term Magecart perfectly illustrates just how unprepared many e-commerce operations are from a security point of view. It all really boils down to timing. If the e-commerce world was able to detect such Magecart attacks in a matter of seconds (rather than weeks or months), then we could see an end to Magecart stealing all of the cybercrime headlines. READ MORE...
Researchers Sound Alarm Over Malicious AWS Community AMIs
Malicious Community Amazon Machine Images are a ripe target for hackers, say researchers. Researchers are sounding the alarm over what they say is a growing threat vector tied to Amazon Web Services and its marketplace of pre-configured virtual servers. The danger, according to researchers with Mitiga, is that threat actors can easily build malware-laced Community Amazon Machine Images (AMI) and make them available to unsuspecting AWS customers. READ MORE...
Dark web market Empire down for days from DDoS attack
The popular dark web site Empire Market has been down for at least 48 hours, with some users suspecting an exit scam and others blaming a prolonged distributed denial-of-service (DDoS) attack. Over the weekend, multiple reports emerged on Twitter and Reddit from users complaining about not being to load the Empire Market website. Empire Market features numerous illicit goods including illegal drugs, chemicals, counterfeit items, jewelry, and credit card numbers while offering payment methods. READ MORE...
This plane flies itself-we went for a ride
The conditions are not ideal for our landing. A hard wind is blowing over the low hills east of San Francisco, and at just the wrong angle-straight across the runway where we're set to touch down. But as we ease into our final approach, our two-winged shadow clipping the suburban homes below, the veteran pilot sitting beside me makes a gentle suggestion. "I like to do it hands up. Like a roller coaster," he says. He removes his hands from the wheel of our aircraft. READ MORE...
