A collection of approximately 400,000 payment card records, mainly from South Korea and the United States, has emerged on the dark web this month, Group-IB reports. Uploaded on a popular darknet cardshop on April 9, this collection represents the largest sale of South Korean records on underground markets this year, the cyber-security company warns. It also shows the growing popularity of APAC-issued card dumps among cyber-criminals. READ MORE...
Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system. Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were logging into victims' accounts and abusing the payment cards connected to the accounts to buy digital goods on Nintendo's online stores, such as V-Bucks, in-game currency used in Fortnite. READ MORE...
Polish security services on Thursday suggested the Russian government could be behind a cyberattack against an elite Polish military academy and an ensuing effort to undermine U.S.-Polish relations. Stanislaw Zaryn, a spokesman for the Minister-Special Services Coordinator, which oversees Polish security agencies, announced that hackers had breached the website of Poland's War Studies University. READ MORE...
The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks aimed at water facilities. According to an alert published by Israel's National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities. READ MORE...
After looking at how Microsoft Teams handles image resources, security researchers found a way to take over accounts by sending recipients a regular GIF. The method could have been used for the desktop and web versions of Teams to get access to multiple accounts at once and steal conversations and threads. Controlling a subdomain under teams[.]microsoft[.]com was the main condition for the attack, and the researchers had two to choose from. READ MORE...
ESET managed to sinkhole several command and control servers of a botnet that propagates via infected USB devices, thus disrupting its activities. Referred to as VictoryGate and active since at least May 2019, the botnet impacted devices in Latin America the most, especially Peru, where more than 90% of the compromised devices are located. ESET's security researchers were able to estimate the botnet's size at over 35,000 devices. READ MORE...
The US National Security Agency (NSA) and its Australian counterpart the Australian Signals Directorate (ASD) have published a set of guidelines to help companies avoid a common kind of attack: web shell exploits. A web shell is a malicious program, often written in a scripting language like PHP or Java Server Pages, that gives an attacker remote access to a system and lets them execute functions on a victim's web server. READ MORE...