Cyber Bites

A cyber attack on budget airline EasyJet has resulted in the exposure of the email addresses and flight details of nine million of its customers, and the credit card details of 2,208 of them says the airline. A cyber attack on budget airline EasyJet has resulted in the exposure of the email addresses and flight details of nine million of its customers, and the credit card details of 2,208 of them. The attack, described by...

The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers' payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October, last year. In this recent campaign, attackers are exploiting CVE-2017-7391, a vulnerability in MAGMI (Magento Mass Import), a plugin for...

 A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers. Edison Mail, a popular third-party email app, has warned thousands of iOS users that their emails may have been compromised after a security flaw exposed emails to complete strangers. Edison Mail, owned by Edison Software Inc., is in the top 100 productivity apps on the Apple app store, and touts itself as “lightning fast and...

The hacker group behind last week's REvil (Sodinokibi) ransomware attack on New York-based law firm Grubman Shire Meiselas & Sacks is now demanding $42 million and threatening to release controversial information on U.S. President Donald Trump. Last week, the hacker group infiltrated the law firm's network and stole personal data and contractual information belonging to celebrities like Elton John, Madonna, Nicki Minaj, Bruce Springsteen, Mariah Carey, and Jessica Simpson. The massive breach took place after...

ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection. A relatively new ransomware, ProLock, has paired up with the QakBot banking trojan to access victims’ networks. ProLock’s leveraging of QakBot gives it bolstered persistence, anti-detection and credential-dumping techniques. ProLock ransomware first emerged in March as a successor to another recent malware strain, PwndLocker, and has made its mark targeting financial, healthcare,...

The plague of enterprises leaving cloud storage holding private data unprotected is starting to show up in the security statistics and is one of the few attacks on the rise, according to the Verizon Data Breach Investigation Report for 2020. That reality is both good and bad, said Gabe Bassett, senior information security data scientist at Verizon Enterprise. The bad news is that misconfiguration errors still exist. The good news is that companies are reporting...

Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain. The first report of an attack came to light on Monday from the University of Edinburgh, which runs the ARCHER supercomputer. The organization reported "security...

Multiple actors in the ransomware business saw the new coronavirus pandemic as the perfect opportunity to focus on an already overburdened healthcare sector. ProLock is yet another threat to the list. The FBI‌ issued a flash alert at the beginning of the month to alert organizations of the new threat actor, saying that its targets in the US include entities in the following sectors: healthcare, government, financial, and retail. The FBI does not encourage giving...

Australian transport giant Toll Group has revealed the extent of data theft it has suffered after its second bout of ransomware this year, following a January infection. "Our ongoing investigations have established that the attacker has accessed at least one specific corporate server. This server contains information relating to some past and present Toll employees, and details of commercial agreements with some of our current and former enterprise customers," the company said on Tuesday. "The...

 The Romanian law enforcement authorities arrested four cybercriminals that were planning to launch ransomware attacks on health care organizations in Romania. Three hackers were arrested in Romania and the fourth one was arrested in the Republic of Moldova. The hackers were charged for committing crimes of illegal operations with computer devices and programs, illegal access to a computer system, alteration of computer data integrity, and computer forgery. According to the Romanian Directorate for Investigating Organized...