After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia. Using the website or mobile app, users can register an account to browser available budget hotels and book a reservation. At the end of September 2020, RedDoorz disclosed that they suffered a data breach. READ MORE...
Aggressive scammers are impersonating the U.S. Internal Revenue Service (IRS) in e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments. The phishing emails target users of Microsoft's Office 365 platform and have so far reached an estimated number of up to 70,000 mail inboxes according to researchers at email security company Abnormal Security. READ MORE...
It's bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. On the evening of Monday, Nov. 9, an ad campaign apparently taken out by the Ragnar Locker Team began appearing on Facebook. The ad was designed to turn the screws to the Italian beverage vendor Campari Group. READ MORE...
Microsoft is investigating a recently discovered issue that causes deleted emails to reappear in the mail inbox of Outlook.com accounts. The exact cause behind these Outlook.com undeletable emails but the company says that it's working on a fix to be deployed when a resolution is available. Until a solution is available, Microsoft does provide a workaround to get rid of any messages that keep coming back after being removed. READ MORE...
Zscaler says attacks involving the use of SSL/TLS encryption jumped 260% in the first nine months of 2020 compared to the same period last year. The fact that attackers hide malware inside encrypted traffic is not news any longer. What might be surprising, however, is just how much the practice has recently spiked due in part to the shift to remote work in the COVID-19 pandemic. Researchers from Zscaler analyzed attack data gathered from customers of the company's cloud security platform between January and September this year. READ MORE...
As we've warned before, phishing via SMS, or smishing for short, is still popular with cybercriminals. Sure, old-fashioned text messages have fallen out of favour for personal communications, superseded round the world by instant messaging apps such as WhatsApp, WeChat, Instagram, Telegram and Signal. But for brief, one-off business communications such as "Your home delivery will arrive at 11:30 today" or "Your one-time login code is 217828", SMS is still a popular and useful messaging system. READ MORE...
An international team of security researchers is presenting new side-channel attacks (CVE-2020-8694 and CVE-2020-8695), which use fluctuations in software power consumption to access sensitive data on Intel CPUs. Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys. Because power measurements by malware were previously very inaccurate, such attacks required physical access to the target device. READ MORE...
COVID-19 changed the rules of the game virtually overnight. The news has covered the broader impacts of the pandemic, particularly the hit to our healthcare, the drops in our economy, and the changes in education. But when a massive portion of our workforce was sent home, and companies moved operations online, no one thought about how vulnerable to cyberattacks those companies had now become. The attack surface had changed, giving malicious actors new inroads that no one had previously watched out for. READ MORE...
A vulnerability identified recently by researchers at storage giant Western Digital in the Replay Protected Memory Block (RPMB) protocol impacts the products of several other major companies, including Google, Intel and MediaTek. Replay attacks typically allow a hacker to conduct various types of activities on behalf of a legitimate user by intercepting data and replaying it at a later time. Such attacks can be useful for hijacking accounts or conducting financial fraud. READ MORE...