600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9. "The county’s technology staff were immediately notified and coordinated recovery efforts with library staff," an official statement says. Source: Bleeping Computer
Read moreUS children's apparel maker and online retailer Hanna Andersson disclosed that its online purchasing platform was hacked and malicious code was deployed to steal customers' payment info for almost two months. In this type of attack dubbed Magecart, threat actors are hacking into vulnerable e-commerce platforms used by online stores and inject malicious JavaScript-based scripts into checkout pages. Source: Bleeping Computer
Read more
The Emotet malware has started using a spam template that pretends to be an extortion demand from a "Hacker" who states that they hacked the recipient's computer and stole their data. Emotet is spread through spam emails that commonly use templates based around a particular theme such as shipping information, voice mails, scanned documents, reports, and invoices. Source: Bleeping Computer
Read more
Services Australia has provided updated statistics on Centrelink's Online Compliance Intervention (OCI) -- robo-debt -- program, confirming that from 1 July 2016 through 31 August 2019 there had been 1,159,662 assessments initiated. Services Australia and its predecessor, the Department of Human Services, over this period raised a total of 617,018 debts. One assessment can however lead to multiple debts if the recipient has been the beneficiary of different types of income support payments, the department...
Read more
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links. Cybercriminals eager to jump-start tax season have launched a phishing campaign targeting some ADP users, telling them their W-2 forms are ready and prompting them to click a malicious link. Source: Dark Reading
Read more
Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Source: SC Magazine
Read more
A new sextortion scam that breaks the typical mold has been detected at the beginning of the year. Fraudsters preying on the insecurity of connected devices used footage from Nest cameras, and led victims through a convoluted path of email accounts and web sites before making their ransom price known. Compared to a typical sextortion campaign, the fraudsters put in some effort to convince the victim that they’re dealing with skilled hackers by having them...
Read more
Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network. In an email seen by BleepingComputer, Temple Har Shalom informed their congregation that they discovered the ransomware attack on January 9th after staff had trouble connecting to the Internet. Source: Bleeping Computer
Read more
Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in the database. Source: Bleeping Computer
Read more
US authorities have seized this week the domain of WeLeakInfo.com, an online service that for the past three years has been selling access to data hacked from other websites. The website provided access to people's cleartext passwords, allowing hackers to purchase a subscription on the site and gain access to billions of user credentials. Source: ZD Net
Read more