Joker's Stash, one of the most notorious web forums for stolen credit card data, has claimed a new scalp. Sellers on the site this week claimed to be offering 3 million payment card numbers used at Dickey's Barbecue Pit, a U.S. fast-food chain, researchers at intelligence firm Gemini Advisory said Thursday. More than 100 of the barbecue joint's locations were affected by the breach, and the data is being sold for a median price of $17 per card, according to the research. READ MORE...
This week, the Egregor ransomware game posted archives containing unencrypted files, stating that they were stolen from Ubisoft and Crytek in unrelated attacks. While it has not been confirmed if the attack against Ubisoft is legitimate, BleepingComputer has confirmed that Crytek suffered a ransomware attack. Crytek hit by confirmed ransomware attack. This week, sources told BleepingComputer that Crytek had suffered an attack at the hands of the Egregor ransomware operators. READ MORE...
Puerto Rico's firefighting department said Wednesday that its database was hacked by unknown people demanding $600,000 in an act of alleged extortion. The department's director, Alberto Cruz, said in a statement the situation has not affected its ability to respond to emergencies. Police said the department received an email notifying it that hackers had encrypted its servers and wouldn't release them until they got paid. The department contacted police and have not paid the money, officials said. READ MORE...
The former roommate of a woman accused of hacking Capital One banking company and at least 30 other organizations has been sentenced to four years in prison for illegally possessing firearms, according to federal prosecutors. Park Quan, 67, was sentenced Wednesday in U.S. District Court in Seattle after pleading guilty to being a felon in possession of guns, according to U.S. Attorney Brian Moran. Quan has been in custody since his arrest and plea in June. In imposing the four-year sentence. READ MORE...
Early stage venture investment in cybersecurity has apparently started to stabilize in the third quarter of 2020, according to Washington, D.C.-based cybersecurity venture capital firm and incubator DataTribe. A report published by DataTribe in March revealed that the number of early stage investments in cyber had declined in the first two months of 2020 compared to the same period of the previous year, but noted that the drop was likely not caused by the COVID-19 pandemic. READ MORE...
Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. Law enforcement estimations say that QQAAZZ laundered, or at least attempted to launder, tens of millions stolen from cybercrime victims starting with 2016. "QQAAZZ advertised its services as a 'global, complicit bank drops service' on Russian-speaking [...]" READ MORE...
Some 9,000 devices-mostly running Android, but also the Linux and Darwin operating Systems-have been corralled into the Interplanetary Storm, the name given to a botnet whose chief purpose is creating a for-profit proxy service, likely for anonymous Internet use. The finding is based on several pieces of evidence collected by researchers from security provider Bitdefender. The core piece of evidence is a series of six specialized nodes that are part of the management infrastructure. READ MORE...
A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs. When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. Tracked as CVE-2020-5135, the vulnerability impacts multiple versions of SonicOS ran by hundreds of thousands of active VPNs. Craig Young of Tripwire Vulnerability and Exposure Research Team (VERT) and Nikita Abramov of Positive Technologies have been credited with discovering and reporting the vulnerability. READ MORE...
Airline was saving domain admin creds and card details alike in plaintext. British Airways is to pay a £20m data protection fine after its 2018 Magecart hack - even though the Information Commissioner's Office discovered the airline had been saving credit card details in plain text since 2015. The fine, announced this morning by the UK's data watchdog, is almost exactly at the reduced £19.8m level that BA parent company the International Airlines Group had expected back in August. READ MORE...
The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and Public Safety. You might not have seen the press release (it was put out on Sunday, an unusual day for news releases in the West). READ MORE...