US oil giant Halliburton on Thursday confirmed its computer systems were hit by a cyberattack that continues to affect operations at its Houston, Texas offices. Halliburton, considered the world's second largest oil service company, has engaged with external experts to investigate and mitigate the threat, according to a Reuters news report. Technical details on the breach remain scarce but the compromise has all the hallmarks of a typical ransomware attack. READ MORE...
A federal judge sentenced a 53-year-old Kansas man to more than 24 years in prison after the former bank CEO abused his trusted position to embezzle $47 million after falling for a cryptocurrency scam that he believed would make him wildly rich. In a press release, the US Attorney's Office said that Shan Hanes was driven by "greed" when directing bank employees to transfer millions in funds to a sketchy crypto wallet managed by still-unknown third parties behind the scheme. READ MORE...
Whenever you shop online and enter your payment details, you could be at risk of being a victim of fraud. Digital skimmers are snippets of code that have been injected into online stores and they can steal your credit card number, expiration date and CVV/CVC as you type it in. We recently detected a new malware campaign targeting a number of online stores running Magento, a popular e-commerce platform. READ MORE...
A Kentucky man has been sentenced to nearly seven years in prison after hacking into state registries to fake his own death, in hopes of avoiding about $116,000 in child support payments. In a press release, the US Attorney's Office wrote that Jesse Kipf, 39, was sentenced for charges including computer fraud and aggravated identity theft. On top of hacking state death registries in Arizona, Hawaii, and Vermont, Kipf also "hacked into private businesses." READ MORE...
SolarWinds on Wednesday announced a second hotfix for an exploited Web Help Desk vulnerability, which also removes hardcoded credentials introduced in the first hotfix. The enterprise software maker warns that the hardcoded credential blunder, which was assigned CVE-2024-28987, with a CVSS score of 9.1, could allow a "remote unauthenticated user to access internal functionality and modify data". READ MORE...
A dangerous new Android malware has surfaced that can clone contactless payment data from physical credit and debit cards and relay it to an attacker's Android device, enabling fraudulent transactions. Researchers from ESET, who are tracking the malware as NGate, described it this week as the first of its kind they've observed in the wild. NGate is actually based on NFCgate, a tool developed to capture, analyze, and alter near-field communication (NFC) traffic. READ MORE...
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. The credential-harvesting techniques has been observed by the Sophos X-Ops team during incident response engagements and marks an alarming change on the ransomware scene. The attack that Sophos researchers analyzed started with Qilin gaining access to a network using compromised credentials. READ MORE...
The Justice Department is suing the Georgia Institute of Technology and an affiliate company, claiming they failed to meet the cybersecurity standards required for obtaining Pentagon contracts. The U.S. government had earlier joined a whistleblower suit brought by current and former members of Georgia Tech's cybersecurity team and on Thursday the DOJ filed an additional motion to sue on behalf of the Defense Department, the Air Force and the Defense Advanced Research Projects Agency. READ MORE...
The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires on charges of money laundering related to cryptocurrency proceeds belonging to the North Korean Lazarus hackers. The San Isidro Specialized Fiscal Unit in Cybercrime Investigations (UFEIC) collaborated with blockchain analysis firm TRM Labs to identify and locate the individual despite him using a complex transactions network. READ MORE...