Vietnamese hackers began targeting Chinese government officials at the heart of the coronavirus outbreak in the early days of 2020, when the threat of pandemic had barely registered elsewhere in the world, according to findings by cybersecurity firm FireEye Inc. The attacks were going on as early as January 6 and continued through April, said Ben Read, a senior manager for cyber-espionage in the firm’s threat intelligence unit. The campaign of spearphishing and malware fit...
Read moreDetails
Hackers taking part in HackerOne's first ever virtual live hacking event donated $5K in bug bounties to the World Health Organization's COVID-19 Solidarity Fund. The generous gesture was part of HackerOne's Hack for Good initiative, which invites hackers to hand over what they earn from companies by discovering bugs in their products and systems to charitable causes. HackerOne's 13-day virtual hacking event attracted 50 hackers from 13 countries. The event had been scheduled to take...
Read moreDetails
Attackers are sending convincing emails that ultimately steal victims’ Skype credentials. Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can be checked by clicking a “Review” button. Source: Threatpost
Read moreDetails
UK hardware store Robert Dyas has revealed that card-skimming malware on the chain's e-commerce website has led to the theft of customer financial data. For 23 days, starting on March 7 and ending March 30, a card skimmer was operational on the Robert Dyas' website, according to an email sent to customers and obtained by The Register. Robert Dyas provides DIY and home improvement products, gardening tools, and electricals. Customers that ordered these types of...
Read moreDetails
In a statement today, Apple said it "thoroughly investigated" a recent report about hackers exploiting three iOS vulnerabilities but "found no evidence they were used against customers." Apple's statement comes after on Wednesday, cyber-security firm ZecOps published a report detailing three iOS vulnerabilities that impacted the Apple Mail client. Source: ZD Net
Read moreDetails
Banner Health Inc.'s $8.9 million deal to end claims tied to a 2016 data breach gained final approval from a federal judge in Arizona. The settlement, approved by Judge Susan Bolton of the U.S. District Court for the District of Arizona April 21, will pay up to $500 to each class member and up to $2.9 million to plaintiffs’ attorneys. The breach exposed personal information of the hospital operator’s 2.9 million patients and beneficiaries, including...
Read moreDetails
Cyber security professionals working for the World Health Organisation (WHO) have "never been busier", according to its CIO, as top officials are being targeted by constant phishing campaigns. The organisation has had to increase its security resources while it deals with the outbreak of COVID-19, the WHO's chief information officer (CIO), Bernardo Mariano, told Bloomberg. This is because cyber attacks on the organisation have significantly increased since mid-March when the coronavirus moved up to pandemic...
Read moreDetails
More than 80 coronavirus-related phishing and scam websites have been taken down just one day after the UK's National Cyber Security Centre asked for the public to report suspicious emails. On Tuesday, the NCSC, in collaboration with the government and the City of London Police launched the 'Suspicious Email Reporting Service' urging people to alert the authorities about potential cyberattacks and scams – whether they're related to coronavirus or something else. Now, just 24 hours...
Read moreDetails
Millions of records belonging to users of a fitness technology app were exposed online for almost a month due to a misconfigured database, including a swathe of personal details. Approximately 40GB worth of information belonging to users of Kinomap, a service that creates immersive workout videos for people on rowing and cycling machines as well as treadmills, was discovered by security researchers in March. Source: IT Pro
Read moreDetails
Hackers are turning their attention to streaming services in an ongoing bid to capitalize on the current COVID-19 pandemic and increase their own profits, according to Mimecast. The email security vendor revealed that it had detected the registration of over 700 suspicious domains designed to impersonate the Netflix brand in under a week. The recently launched Disney+ service is also coming under increasing scrutiny from black hats, it claimed. The reason is simple: COVID-19-related government...
Read moreDetails