Cookware and bakeware distribution giant Meyer Corporation has started informing employees of a cyberattack that resulted in the theft of some of their personal data. A subsidiary of Meyer Manufacturing Co. Ltd, the California-based company is the largest distributor of cookware in the United States, and the second largest in the world. Last week, Meyer started notifying employees that some of their data might have been compromised in a cyber incident that was discovered on October 25, 2021. READ MORE...
The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites. According to the announcement from law enforcement, the actors used the stolen information to empty their victims' bank accounts. Five individuals have been arrested for running a well set up phishing operation that relied on marketing and advertising services to increase visibility on search engines and social media platforms. READ MORE...
Over the weekend, hackers stole millions of dollars worth of non-fungible tokens (NFTs) belonging to 17 members of the OpenSea NFT marketplace. On Saturday, a small number of OpenSea users noticed their NFTs were missing. (NFTs are digital tokens on the blockchain that represent ownership over virtual assets, such as digital drawings or music.) "Panic erupted" wrote Molly White, who runs the blog Web3 is Going Great, because "many others feared the same could happen to them." READ MORE...
Neustar Security Services has released a report which details the ongoing rise in cyberattacks in 2021, with an unprecedented number of carpet bombing distributed denial of service (DDoS) attacks. Carpet bombing, in which a DDoS attack targets multiple IP addresses of an organization within a very short time, accounted for 44% of total attacks last year, but the disparity between the first and second half of 2021 was stark. READ MORE...
A new malware called Xenomorph distributed through Google Play Store has infected more than 50,000 Android devices to steal banking information. Still in early development stage, Xenomorph is targeting users of dozens of financial institutions in Spain, Portugal, Italy, and Belgium. Researchers at fraud and cybercrime prevention company ThreatFabric analyzing Xenomorph found code that is similar to Alien banking trojan. READ MORE...
A group of academic researchers has found a way to exploit a security flaw in the encryption algorithm used by the Hive ransomware to recover hijacked and encrypted data. In a research paper published last week, academics from the Kookmin University of Seoul documented how a vulnerability in Hive's encryption allowed them to recover the master key and restore data without having the attacker's RSA private key. READ MORE...
Malicious actors use influence operations, like spreading false information, to shape public opinion, undermine trust, amplify division, and create dissension. In response, the Cybersecurity & Infrastructure Security Agency (CISA) has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate the risks of information manipulation. READ MORE...
The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms. In its alert, the FBI's Internet Crime Complaint Center (IC3) warns that it has received an increasing number of reports that BEC scammers are using virtual meeting platforms (such as video conferencing systems) to instruct workers to transfer funds to fraudulent accounts. READ MORE...
An infosec startup says it has built an Apple Airtag clone that bypasses anti-stalking protection features while running on Apple's Find My protocol. Source code for the clones were published online by Berlin-based infosec startup Positive Security (not to be confused with US-sanctioned cybersecurity outfit Positive Technologies), which said its tags "successfully tracked an iPhone user... for over five days without triggering a tracking notification." READ MORE...