IT Security Newsletter

IT Security Newsletter - 11/26/2019

Written by Cadre | Tue, Nov 26, 2019

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.

Facebook and Twitter warn some users’ private data was accessed via third-party app SDK

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts. According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.

Black Friday Shoppers Targeted By Scams and Fake Domains

Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware – including domain impersonation, social media giveaway scams, and a malicious Chrome extension. Black Friday and Cyber Monday-related scams are nothing new — but researchers warn that this year, they are seeing an uptick in scams using more sophisticated methods to lure users to hand over their payment data.

NYPD Fingerprint Database Taken Offline to Thwart Ransomware

The New York Police Department’s database of fingerprints was knocked offline over the weekend thanks to a ransomware scare, according to reports. The malware was introduced to the network via a contractor who was installing a digital display, according to an article in the New York Post. To do the install, the person (the company has not been identified) plugged a NUC mini-PC into the network, which turned out to be infected with the malware. The installer was questioned but not charged with any crime – suggesting that the incident was inadvertent.

New DeathRansom Ransomware Begins to Make a Name for Itself

A new ransomware called DeathRansom began with a rocky start, but has now resolved it's issues and has begun to infect victims and encrypt their data. When DeathRansom was first being distributed, it pretended to encrypt files, but researchers and users found that they could just remove the appended .wctc extension and the files would become usable again. Starting around November 20th, though, something changed.

Smash-and-grab car thieves use Bluetooth to target cars containing tech gadgets

For a long time it’s been regarded as one of the security industry’s urban myths, but now law enforcement agencies have confirmed that they are investigating whether thieves have been identifying which cars might be carrying high tech gadgets through the use of Bluetooth scanners. Lily Hay Newman, a staff writer at Wired, reports that a crime prevention specialist at the San Jose Police Department confirmed that thieves are using scanning apps to target vehicles containing laptops, smartphones, and tablets that are emitting Bluetooth signals.