Cyber Bites

Ring said that four employees were fired because for inappropriate access to customers’ connected video feeds. Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. The disclosure comes in a recent letter to senators (in response to a November inquiry into the company’s data policies) from Amazon-owned Ring as it attempts to defend the privacy of its platform, which has been plagued by...

Given that it’s the beginning of a new year, it’s important to remember to be careful what you click on. A school district in Texas learned this the hard way when it lost approximately $2.3 million due to a phishing email scam. The Manor Independent School District, which is located about 20 minutes away from the state capital, Austin, reported that it had been hit with a phishing scam on Friday. According to CNN, the scam involved three...

Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless. Budget Android smartphones offered through a US government initiative for low-income Americans come with preinstalled, unremovable Chinese malware, researchers report. These low-cost smartphones are sold by Assurance Wireless, a federal Lifeline Assistance program under Virgin Mobile. Lifeline, supported by the federal Universal Service Fund, is a government program launched in 1985 to provide discounted phone service to low-income...

Multiple European websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase. Two MageCart groups were competing for the credit card data on Perricone MD websites in the U.K., Italy, and Germany, but current evidence shows that only one exfiltrated the details successfully. Source: Bleeping Computer

The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads an official advisory posted by Mozilla, citing the two elements as StoreElementHole and FallibleStoreElmenet. “We are aware of targeted attacks in the wild abusing this flaw.” Source: SC Magazine

An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019. Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO. Source: ZD Net

Paul Krugman, the Nobel Prize-winning economist and columnist for the New York Times, took to Twitter Wednesday to share some alarming news. "Well, I'm on the phone with my computer security service, and as I understand it someone compromised my IP address and is using it to download child pornography," Krugman said in a since-deleted tweet. The tweet drew baffled responses from Twitter users, many of whom pointed out that an IP address isn't a device or...

The attack, still under investigation, hit early in the morning of Jan. 7. On the opening day of the huge Consumer Electronics Show (CES), officials in Las Vegas were busy assessing the damage from a cyberattack that hit the city. Officials there reportedly said preliminary analysis indicated that no sensitive data was compromised in the attack, which began around 4:30 a.m. local time Tuesday, Jan. 7. Source: Dark Reading

The Pittsburgh Unified School District is still recovering from a ransomware attack that took place over the holiday recess, but its superintendent says school is open for business. Janet Schulze, Superintendent, Pittsburg (Pa.) Unified School District, told district members in a statement that students are welcomed back while the district’s IT department struggles to recover from a ransomware attack, but noted the kids may be getting an unexpected history lesson. Source: SC Magazine

Add yet another malicious encryption program to the expanding ranks of ransomware programs that target large enterprise networks in hopes of scoring big financial payoffs. The latest such threat is called Snake, a ransomware program written in the Go programming language, with an unusually high level of obfuscation. It was discovered by researchers at MalwareHunterTeam; analyzed by Vitali Kremez, head of SentinelLabs at SentinelOne; and reported by BleepingComputer. Source: SC Magazine