Cyber Bites

A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area.  This could not come at a worse time for the Theatre as they were getting ready to begin their first scheduled performance of Charles Dickens' "A Christmas Carol" on December 4th. Source: Bleeping Computer

Read more
HackerOne Cookie leak allows access to vulnerability reports

Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst’s account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported the error to the company and received his (or her) own bug bounty reward of $20,000 for doing so – but not...

Read more
CyrusOne attacked by evil ransomware

Data center provider CyrusOne was reportedly hit with a combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware. Details are scarce, but ZDNet reported the attack took place on December 4. A screenshot of the ransom note indicated all the files were locked and that the threat actors would allow one file to be decrypted for free as an act of good faith that a payment would result in all the files being unlocked. Source: SC Magazine

Read more
Holiday phishing scam surge aimed at small business

NEW YORK – The email looked legitimate, so Danielle Radin clicked on the link it contained, expecting to have her products included in a holiday gift guide. “I instantly regretted it,” says Radin, owner of Mantra Magnets, a website that sells wellness products. “It took me to some random website that looked like those pop-ups telling you that you’ve won the lottery.” Source: Japan Times

Read more

The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business. Researchers who discovered one of the largest Android banking botnets to date also found its attackers' chat log, which they have been watching for nearly a year to learn the inner workings of this cybercrime operation, how its illicit business is structured, and how members interact. Source: Dark Reading

Read more

Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday. A Magecart group has compromised the website of American gun manufacturer Smith & Wesson by injecting malicious code designed to lift customers' payment data at checkout. The incident was found by Sanguine Security's Willem de Groot, who was investigating payment skimmers impersonating Sanguine Security's anti-skimming service. He found attackers were registering malicious domains named after Sanguine and using his name as the registrant....

Read more
Page 3 of 85 1 2 3 4 85