Cyber Bites

 The operators of the Nemty ransomware have announced this week they were shutting down their public Ransomware-as-a-Service operation and opting to go private in order to focus and put more resources on targeted attacks. For those unfamiliar with this malware operation, Nemty is a classic RaaS (Ransomware-as-a-Service). It launched in the summer of 2019 and has been heavily advertised on underground Russian-speaking hacking forums. Source: ZD Net

The Portugese multinational energy giant Energias de Portugal (EDP) is the latest company to fall victim to the RagnarLocker ransomware and the attackers are now asking for a $10.9m ransom to unlock its files. According to BleepingComputer and MalwareHunterTeam, the attackers claim to have stolen over 10TB of sensitive company files which they are threatening to leak if their ransom demands are not met. Source: Techradar

Tech company Wappalyzer has disclosed a security incident this week after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000. "If you receive this e-mail it's because we get the full database of Wappalyzer, and your e-mail is on the database," the hacker, going by the name of CyberMath, wrote in an email sent to Wappalyzer customers this week. Source: ZD Net

Slack users have been warned to take extra care when using the online collaboration service after researchers uncovered worrying security risks. According to an AT&T AlienLabs report, incoming 'webhooks', which are used to connect from third-party apps to post messages on Slack, can be hijacked to carry out phishing attacks. A compromised webhook not only allows unauthorized users to send messages to all the Slack channels, but it can also alter channel posting permissions. Source:...

In its Q1 2020 Top-Clicked Phishing Report, security firm KnowBe4 revealed that phishing email attacks related to COVID-19 increased by 600% in the first quarter of the year. According to the firm, 45 percent of all phishing attacks asked Internet users to either check or type in their passwords on malicious domains that spoofed legitimate ones. The second most popular phishing attacks used COVID-19-related themes to create urgency and anxiety among recipients worldwide. The rest...

The Australian Federal Police (AFP) has admitted to using a facial recognition tool, despite not having an appropriate legislative framework in place, to help counter child exploitation. In response to questions taken on notice by deputy commissioner Karl Kent, the AFP said while it did not adopt the facial recognition platform Clearview AI as an enterprise product and had not entered into any formal procurement arrangements with the company, it did use a trial version....

Microsoft has released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era truly got underway. It’s a doozie, with the tech giant disclosing 113 vulnerabilities. Out of these, 19 are rated as critical, and 94 are rated as important. Crucially, four of the vulnerabilities are being exploited in the wild; and two of them were previously publicly disclosed. Source: Threatpost

  SCUF data breach has taken place, exposing 1.1 million customer records including some credit card data. The breach was discovered by Comparitech, a pro-consumer website that is comprised of more than 30 researchers covering a variety of topics. One of these topics, naturally, is data breaches and this most recent one involving SCUF looks a bit rough. Thankfully, it's certainly not as bad as it could have been. Source: Techraptor

  Adobe released security patches for vulnerabilities in its ColdFusion, After Effects and Digital Editions applications. If exploited, the flaws could enable attackers to view sensitive data, gain escalated privileges, and launch denial-of-service attacks. Each of the bugs were rated important-severity, based on CVSS rankings, marking an extremely low-volume month for Adobe bug fixes. Overall Adobe patched flaws tied to five CVEs as part of its regularly scheduled security updates, Tuesday. That number pales in...

San Francisco International Airport (SFO) has warned that a breach against two of its websites may have allowed attackers to harvest visiting users’ Windows login credentials. Malicious code was planted last month on two sites – SFOConnect.com and SFOConstruction.com – as the result of a cyber-attack by unidentified (or at least unnamed) assailants, the airport admitted late last week. “The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” a...