Rumours have been spreading online for a couple of days that over 500,000 Activision accounts may have been hacked, and passwords stolen. Some in the video gaming community claim to have seen "solid proof," and advised players of games like Call of Duty to change their passwords immediately. But there has been no confirmation of a security breach from the gaming giant itself. In fact, it has now issued a statement explicitly denying that any account compromise has taken place. READ MORE...
Amazon drivers - all gig workers who don't work for the company - are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are: The phones in trees seem to serve as master devices that dispatch routes to multiple nearby drivers in on the plot, according to drivers who have observed the process. They believe an unidentified person or entity is acting as an intermediary between Amazon and the drivers and charging drivers to secure more routes. READ MORE...
Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China. Luxottica is the world's largest eyewear company that employs over 80,000 people and generated 9.4 billion in revenue for 2019. The company portfolio of eyeglasses brands contains well-known brands, including Ray-Ban, Oakley, Oliver Peoples, Ferrari, Michael Kors, Bulgari, Armani, Prada, Chanel, and Coach. READ MORE...
A United Kingdom national who was a member of 'The Dark Overlord' hacking group was sentenced to five years in federal prison, the United States Department of Justice announced this week. The man, Nathan Wyatt, 39, was extradited to the United States in December 2019. On Monday, he pleaded guilty to participating in activities associated with The Dark Overlord, a threat group that hacked US and UK companies to steal data and hold it for ransom. READ MORE...
When it comes to endpoint security, a handful of threats make up the bulk of the most serious attack tools and tactics. In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, instead of files being stored on the hard drive. READ MORE...
- Ransomware attack detected and blocked at ArbiterSports - But not before sensitive data was exfiltrated - Questions raised about how securely firm was storing passwords and social security numbers. The details of approximately 540,000 sports referees, league officials and game officials have been stolen by hackers after an attack on ArbiterSports, a company owned by the National Collegiate Athletic Association (NCAA) to provide match scheduling and training software and services. READ MORE...
Data exposed included search terms, location coordinates, and device information - but no personal data. An unsecured database has exposed sensitive data for users of Microsoft's Bing search engine mobile application - including their location coordinates, search terms in clear text and more. While no personal information, like names, were exposed, researchers with Wizcase argued that enough data was available that it would be possible to link these search queries and locations to user identities. READ MORE...
German prosecutors last week opened a homicide investigation into a deadly ransomware incident on a university hospital, according to multiple German media reports. If confirmed, it would be the first documented case of a death stemming, directly or indirectly, from a cyberattack, analysts say. Christoph Hebbecker, a cybercrime prosecutor in the German city of Cologne, said Friday that his office had opened an investigation into the ransomware attack as a "negligent homicide," the Germany news agency DPA reported. READ MORE...
Hacker-powered bug hunting platform HackerOne on Tuesday announced that it paid more than $44.75 million in bounty rewards over the past 12 months, with the total payouts to date surpassing $107 million. Based in San Francisco, the company started paying hackers in October 2013, and has received reports for over 181,000 valid vulnerabilities to date. Last year alone, the platform says 37,259 vulnerability reports were resolved. HackerOne says it currently has more than 830,000 registered vulnerability hunters. READ MORE...
Microsoft has detailed the steps involved in the processing of vulnerability reports, so that reporting researchers know what to expect when submitting information on a bug. The first thing researches need to do, the company says, is to ensure that the issue they have identified indeed qualifies as a security vulnerability, and only then to head over to Microsoft's Researcher Portal to submit a report. The portal, the tech company notes, delivers a secure and guided way for security researchers to share all of the necessary details. READ MORE...