After discovering a cache of 17 million emails exposed on an unsecured database, researchers with vpnMentor began to hunt for its owner — but to their surprise, they found that the database belonged not to a company, but to a sophisticated criminal network. Cybercriminals had been both collecting emails — and creating their own — as part of a major fraud scheme targeting Groupon, Ticketmaster and other major online vendors. Utilizing stolen credit cards, cybercriminals opened millions of fake accounts and used them to buy tickets on various ticket vendor sites, and then resell them to others online.
Toyota Boshoku, a seating and interiors supplier for Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account controlled by scammers. In a statement published on its global website, Toyota Boshoku Corporation said that its European subsidiary was duped into transferring approximately four billion yen (over US $37 million) out of the business and into a bank account controlled by criminals on 14 August.
A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. While Ryuk Ransomware encrypts a victim's files and then demands a ransom, it is not known for actually stealing files from an infected computer. A new infection discovered today by MalwareHunterTeam, does exactly that by searching for sensitive files and uploading them to a FTP site under the attacker's control.
A hacking group with ties to North Korea has been targeting U.S. entities with malicious documents as it works to hide its tracks better, according to research from Maryland-based cybersecurity firm Prevailion. The group has started placing its malware in obscure file formats, namely Kodak FlashPix (FPX) files, to evade antivirus detection products, according to Danny Adamitis, Prevailion’s director of intelligence analysis. The FPX files are embedded in Microsoft Word documents that are sent to victims, which are then launched via macro commands.
Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being used for targeted surveillance of mobile phone users. The vulnerability and its associated attacks have been named Simjacker as it involves the hijacking of SIM cards and threatens mobile phone users across the globe.
Over half of UK businesses aren’t compliant with the GDPR more than 15 months after its introduction, despite many reporting data security incidents to the ICO, according to new research from Egress. The security vendor polled 250 “GDPR decision-makers” from companies of all sizes and sectors to compile its new report, GDPR compliance: where are we now?
The Wikimedia Foundation has received a $2.5m donation to boost its cybersecurity efforts following a major DDoS attack that left Wikipedia unavailable across much of the world last weekend. The non-profit relies on charitable donations and volunteers to keep the online encyclopedia and other “free knowledge” projects running. So it was relieved at the major cash injection, which came from Craigslist founder-turned-philanthropist Craig Newmark.