The FBI arrested a former employee of a U.S. technology company for allegedly breaching and stealing confidential data from his employer and then extorting the company for nearly $2 million. The defendant, Nickolas Sharp, after allegedly stealing sensitive information posed as a whistleblower to plant misleading news about the company's breach, according to an indictment released Wednesday. The articles caused the company's share price to drop, causing it to lose market value. READ MORE...
The Los Angeles branch of Planned Parenthood was hit by a data breach involving about 400,000 patients, but there is no indication that the information was used "for fraudulent purposes," the group said. A hacker installed computer malware between Oct. 9 and Oct. 17 and "exfiltrated" files containing patient names and possibly addresses, insurance and medical information, including procedures they may have undergone, Planned Parenthood Los Angeles warned Tuesday. READ MORE...
Mozilla has addressed a critical memory corruption vulnerability affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. NSS can be used to develop security-enabled client and server apps with support for SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and various other security standards. READ MORE...
eCommerce servers are being targeted with remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions. The threat received the name NginRAT, a combination of the application it targets and the remote access capabilities it provides and is being used in server-side attacks to steal payment card data from online stores. READ MORE...
A Russian national who founded and led a bulletproof hosting organization was sentenced to 60 months in prison in the United States. The man, Aleksandr Grichishkin, 34, admitted in court earlier this year to being the leader of an organization that rented infrastructure - including domains, IP addresses, and servers - to cybercriminals. The service was used for the distribution of malware, the creation of botnets, and the theft of banking credentials. READ MORE...
Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people. The front-runners in terms of the number of vulnerabilities are the TP-Link Archer AX6000, having 32 flaws, and the Synology RT-2600ac, which has 30 security bugs. READ MORE...
Air-gapping is used to protect the most sensitive of networks. In the first half of 2020 alone, four previously unknown malicious frameworks designed to breach air-gapped networks emerged, bringing the total, by our count, to 17. ESET Research decided to revisit each framework known to date and to put them in perspective, side by side. In our white paper, linked below, we describe how malware frameworks targeting air-gapped networks operate, and we provide a side-by-side comparison of their most important TTPs. READ MORE...