A Pennsylvania-based convenience store chain will pay $8 million to several states over a 2019 data breach that involved some 34 million payment cards, authorities announced Tuesday. The Pennsylvania attorney general's office said Wawa Inc. did not take reasonable security measures to prevent hackers from installing malware that is thought to have collected card numbers, customer names and other data. READ MORE...
Cybersecurity hardware company, SonicWall, recently released a public security notice about a critical SQL injection flaw affecting its GMS (Global Management System) and Analytics On-Prem products. The flaw, which is tracked as CVE-2022-22280, is given a 9.4 critical rating. With the high capability of damage, this vulnerability has low attack complexity, meaning that anyone with little know-how of SQL injection can pull this off. READ MORE...
Reverse-engineering the latest ransomware executables from the group behind LockBit shows that the developers have added capabilities from other popular attack tools and are actively working to improve LockBit's anti-analysis capabilities, according to researchers. This significant evolution, seen in the recently debuted LockBit 3.0 (aka LockBit Black), is likely meant to offset better defenses, a greater scrutiny by researchers and investigators, and competition from other gangs. READ MORE...
A new malware is hijacking high-profile Meta Facebook Business and advertising platform accounts through a phishing campaign that targets LinkedIn accounts. The malware, dubbed Ducktail, uses browser cookies from authenticated user sessions to take over accounts and steal data, researchers said. Researchers from WithSecure, formerly F-Secure, discovered the ongoing campaign, which appears to be the work of financially driven Vietnamese threat actors, they wrote in a report published Tuesday. READ MORE...
It's been seven years since the online cheating site AshleyMadison[.]com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many Ashley Madison users. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of Ashley Madison mentions across Russian cybercrime forums and far-right websites in the months leading up to the hack revealed some previously unreported details that may deserve further scrutiny. READ MORE...
Researchers have unpacked a major cybersecurity find-a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced. The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer READ MORE...
The Infrastructure Investment and Jobs Act, as passed by Congress last November, authorizes $7.5 billion to help meet US President Joe Biden's goal of installing 500,000 stations by 2030. Biden aims to have EVs represent half of all new vehicles being sold in the US by 2030. But as the number of stations increases, the number of vulnerabilities does as well. For the past several years, hackers have been busy aiming their attacks at electrical system vulnerabilities. READ MORE...
Threat actors have figured out how to use the existing functionality and infrastructure of popular messaging apps such as Telegram and Discord to host, launch, and execute a variety of malware, as shown by ongoing, dangerous campaigns. From bots that enable games and content sharing, to robust content delivery networks (CDNs) ideal for hosting malicious files, these platforms are helping fuel a surge of new attacks, according to the security research team at Intel 471. READ MORE...