Cyber Bites

Microsoft just announced the launch of an Xbox bug bounty program to allow gamers and security researchers to report security vulnerabilities found in the Xbox Live network and services. Qualified Xbox Bounty Program submissions are eligible for bounty payouts ranging from $500 to $20,000 for a remote code execution submitted via a high-quality report with clear and concise proof of concepts (POCs). Source: Bleeping Computer

Facebook has agreed to set aside $550 million to settle a class-action lawsuit brought by users who allege the social media company violated the Illinois Biometric Information Privacy Act (BIPA), attorneys for the plaintiffs announced on Wednesday. San Francisco Federal District Court Judge James Donato must still approve the settlement, which the lawyers claim is the largest cash settlement ever for a privacy-related lawsuit. Source: SC Magazine

A Ryuk ransomware attack against U.S. Department of Defense contractor Electronic Warfare Associates (EWA) has reportedly affected the electronics company’s web server, making several of its websites in accessible. The attack took place last week and impacted the websites for the EWA Government Systems Inc., a subsidiary that sells electronic warfare products; EWA Technologies Inc, a division that offers JTAG (Joint Test Action Group) products; Simplicikey, am EWA division that manufacturers a remote control electronic...

The TrickBot Trojan has switched to a new Windows 10 UAC bypass to execute itself with elevated privileges without showing a User Account Control prompt. Windows uses a security mechanism called User Account Control (UAC) that will display a prompt every time a program is run with administrative privileges. When these prompts are shown, they will ask logged in user if they wish to allow the program to makes changes, and if the program is suspicious...

A new service called 'I Got Phished' has launched that will alert domain and security administrators when an employee in their organization falls for a phishing attack. Phishing attacks are a common vector for a variety of other attacks such as BEC scams, network intrusions, and even ransomware attacks. Source: Bleeping Computer

Cybercriminals have attempted to sell customer payment card data likely pilfered from a Wawa POS breach discovered in December. The Pennsylvania-based convenience store and gas station operator said in a release that it had asked its payment card processor, payment card brands and card issuers to tick up their fraud monitoring in light of the latest revelations. Source: SC Magazine

Being nominated for a Grammy doesn’t not raise your Q-rating; it also, apparently, increases the likelihood that cybercriminals will appropriate your name or song tracks to trick targets into opening malicious files. Researchers at Kaspersky looked at 14 musical artists who were nominated this year for a major Grammy award and determined that in 2019 there was a 39 percent year-over-year jump in attempts to download or execute malicious files disguised as content related to these 14...

Cornerstone Payment Systems, which processes payments for pro-life groups, churches, ministries and other organizations with a similar Christian bent, left a database unprotected, exposing 6.7 million records from 2013 until the present. Source: SC Magazine

A different phone scam is doing the rounds and is now targeting a cache of information, rather than just cash. Dilshad Burman with a Canadian newcomer who was conned into parting with her Social Insurance Number. Source: City News

CheckPoint last year found a now patched flaw in Zoom Meeting that allowed researchers to predict meeting ID numbers enabling them to enter private conversations. The vulnerability was found last year and patched by Zoon Video Communications in July 2019, but the company has only just now reported on the issue. Source: SC Magazine