Threat actors are extorting an Israeli insurance company by demanding almost $1 million in bitcoin to stop leaking the company's stolen data. On Monday, a cybercrime group calling themselves 'BlackShadow' tweeted that they hacked into the Israeli Shirbit insurance company and stole files during the attack. "A huge cyberattack has been taken place by Black Shadow team. There has been a massive attack on the network infrastructure of Shirbit Company, which is in israel economic sphere." READ MORE...
Passengers on Vancouver's transit system were unable to use their credit and debit cards for ticket payments after the service was badly hit by a ransomware attack. TransLink, the public transport operator in Vancouver, Canada, first indicated its IT systems were suffering problems on 1 December, when it said it was "investigating an issue." That "issue" turned out to be the Egregor ransomware, which hijacked TransLink's printers and spewed out a ransom note. READ MORE...
US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned. Sears Holding Corp originally owned both Kmart and Sears, but after the company filed for bankruptcy in 2018, it was purchased by Transform Holdco LLC (Transformco) in 2019. While Kmart has been a household name in the USA, its number has dwindled over the past two years to only 34 stores remaining. Kmart Windows domain hit with ransomware. READ MORE...
Newly discovered web skimming malware is capable of hiding in plain sight to inject payment card skimmer scripts into compromised online stores. The malware's creators use malicious payloads concealed as social media buttons that mimic high profile platforms such as Facebook, Twitter, and Instagram. Credit card skimmers are JavaScript-based scripts injected by Magecart cybercrime groups in the checkout pages of compromised e-commerce sites. READ MORE...
Verizon is struggling to fix a glitch that has been leaking customers' addresses, phone numbers, account numbers, and other personal information through a chat system that helps prospective subscribers figure out if Fios services are available in their location. The personal details appear when people click on a link to chat with a Verizon representative. When the chat window opens, it contains transcripts of conversations that other customers, either prospective or current, have had. READ MORE...
A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released. The Google Play Core Library allows Android developers to deliver updates to their applications at runtime, via the Google API, without requiring interaction from the user. The library can be used to download additional language resources, manage the manner in which feature modules and asset packs are delivered, trigger in-app updates, and more. READ MORE...
Earlier this year, Apple patched a severe security loophole in an iOS feature that could have allowed attackers to remotely gain complete control over any iPhone within Wi-Fi range. However, details about the flaw, which was fixed months ago, were sparse until now. In a blog post of no fewer than 30,000 words, Google Project Zero researcher Ian Beer described how, over a six-month period, he created a radio-proximity exploit that would grant him total control over an iPhone in his vicinity. READ MORE...