Entercom Communications, one of the largest radio station owners in the U.S. has been dealing with a cyber attack that looks very much like a ransomware incident. The issue occurred over the past weekend and affects all offices the company has across the country. Entercom's national network has over 235 radio stations broadcasting news, sports, and music to more than 170 million people each month.
Cobalt Dickens (a.k.a. Silent Librarian) is now actively targeting 380 universities, bent on stealing credentials and moving deeper into school networks. Indicating a campaign of massive scale, at least 20 new phishing domains targeting more than 60 universities in Australia, Canada, Hong Kong, Switzerland, the United Kingdom and the United States have cropped up, bent on lifting credentials from students heading back to school.
Hackers linked to North Korea have been targeting entities in the United States using evasion techniques that involve an uncommon file format, U.S.-based business compromise intelligence startup Prevailion reported on Wednesday. The activities of the cyber-espionage group, tracked as Kimsuky and Smoke Screen, were brought to light in 2013, after it had launched highly targeted attacks against entities in South Korea and China.
A member of a sophisticated international hacking group that authorities say targeted businesses in 47 states to steal credit and debit card records pleaded guilty to hacking and wire fraud charges in Seattle. Fedir Hladyr, a 34-year-old Ukrainian, also agreed to pay $2.5 million in restitution as part of his plea Wednesday in U.S. District Court. He could face up to 25 years in prison.
The attack traffic recorded by F-Secure's global network of honeypots tripled from the last six months of 2018 to the first six months of 2019. In H2 2018, the network recorded 813 million attacks. In H1 2019, that figure leapt to 2.98 billion attacks. Some of this increase will be down to a few additional honeypots added to the network, and improvements to their telnet and SMB plugins.; but "given the continuing spread in infected IoT devices, the prevalence of Eternal Blue, and increasing numbers of DDoS attacks, that attack traffic is also simply on the increase."
The charity organization UNICEF inadvertently leaked the personal details of thousands of people who use its online learning portal Agora by way of an errant email sent to 20,000 inboxes. The email was accidentally sent on August 26 by UNICEF and included the names, email addresses, gender and professional information of 8,253 users of Agora, according to a published report. The Agora program offers learning solutions to UNICEF’s staff, partners and supporters.
Another unprotected Elasticsearch database has been discovered by researchers, this time exposing personally identifiable information (PII) linked to 198 million car buying records. The privacy snafu was discovered back in August by Jeremiah Fowler, researcher at SecurityDiscovery. The non-password protected database contained a massive 413GB of data on potential car buyers, including names, email addresses, phone numbers, home addresses and more stored in plain text.