Cyber Bites

DHS urges Govt departments to lock down their domain name settings.

Researchers have discovered a sophisticated cryptomining program that uses loadable kernel modules (LKMs) to help infiltrate Linux machines, and hides its malicious activity by displaying fake network traffic stats. Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access to any user account in the system, according to Trend Micro threat analysts Augusto Remillano II and Jakub Urbanec in a company blog post today. Source: SC Magazine

Read more
DHS urges Govt departments to lock down their domain name settings.

NAB customers have once again been targeting in an email phishing scam capable of emptying their accounts. The scam uses the display name "National Australia Bank" and informs recipients their account has been "restricted" due to "irregular activity".  Victims are told to click on a provided link to "restore" their account - doing so will redirect them to a NAB-branded phishing page. Source: 9 NEWS

Read more
DHS urges Govt departments to lock down their domain name settings.

Attention German HR departments: You may want to cross off a certain “Eva Richter” from your list of employment candidates. Especially because her so-called résumé actually infects recipients with the destructive Ordinypt Wiper malware, according to a new report. The fake résumé phishing campaign began on Sept. 11 and is specifically aimed at German-speaking employers, Bleeping Computer reported this past weekend. The campaign sends an email that appears to be a job application, replete with photo and résumé of...

Read more
DHS urges Govt departments to lock down their domain name settings.

The Guardian's SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique "codenames" for sources who submitted information using the service. In addition, this phishing page promoted an Android app that allowed attackers to perform a variety of malicious activity on a victim's device. SecureDrop is a service that media organizations can install on the Tor network in order to allow whistleblowers or sources to submit anonymous information to journalists.  For...

Read more
DHS urges Govt departments to lock down their domain name settings.

An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens. Researchers have discovered a misconfigured database containing 18GB of information, including 20.8 million personal records. Most of the individuals affected are in Ecuador, which to put the leak into context, has a population of only 16.6 million; 6.7 million are children. The difference between the number of records and Ecuador's population can be attributed...

Read more
DHS urges Govt departments to lock down their domain name settings.

A new spam campaign is underway that pretends to be a job application from "Eva Richter" who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim's files by installing the Ordinypt Wiper. Ordinypt is a destructive malware commonly targeted at German people that pretends to be ransomware that encrypts your files and then demands victim's pay a ransom to get their files back....

Read more
DHS urges Govt departments to lock down their domain name settings.

Dealer Leads, LLC, a digital marketing company for car dealerships, was discovered last month to have exposed an Elastic database that contained 198 million records on prospective automotive buyers. Publicly accessible information included the plain-text names, email addresses, phone numbers, home addresses and IP addresses of visitors to numerous websites affiliated with Dealer Leads, cybersecurity news and consulting firm Security Discovery reported today in a blog post. Source: SC Magazine

Read more
DHS urges Govt departments to lock down their domain name settings.

Fraudsters are exploiting new online security checks to obtain sensitive information from victims. It comes just days after Action Fraud warned of more 'sextortion scams' doing the rounds in the UK, with over 600 reports last week alone. These scams involve criminals claiming to have gained access to a victim's device following the viewing of pornographic material, relying on the premise of a surveillance hack to threaten the individual. The new scam however is less overt and...

Read more
DHS urges Govt departments to lock down their domain name settings.

Apple's very latest version of iOS appears to have the same sort of lock-screen bypass that plagued previous versions of the iThing firmware. Researcher Jose Rodriguez told The Register that back in July he discovered how the then-beta-now-gold version of iOS 13 could be fooled into showing an iPhone's address book without ever having to unlock the screen. Source: The Register

Read more
DHS urges Govt departments to lock down their domain name settings.

UK police have arrested a suspected hacker for stealing unreleased music from recording artists and trying to sell the looted files for cryptocurrency. The 19-year-old suspect allegedly targeted "award-winning international superstars" by breaking into their websites and cloud-based accounts to access recorded music, the City of London Police said in a Friday statement. Source: PCMAG

Read more
Page 1 of 57 1 2 57