Cyber Bites

A walkie talkie toy and two karaoke devices have been found to be potentially hackable, consumer group Which? has claimed. The toys' Bluetooth connections were tested by Which? and cyber-security firm NCC Group. They found a nearby stranger could potentially talk to children via them. Vtech, which made the walkie talkie, said new connections could not be made if a parent's device had already been paired with the toy. Source: BBC

A ransomware attack has spread from a Colorado MSP (managed IT services provider) through remote access software more than 100 dentistry practices, KrebsOnSecurity reports. The ransomware attack apparently hit Complete Technology Solutions of Englewood, Colorado, though the MSP has not commented about the situation, and MSSP Alert has not independently confirmed the report. The attack apparently involved remote access software that did not have two-factor authentication (2FA) activated. Black Talon Security of Katonah, New York has been assisting some of the dental...

Phishing scams that infect a computer and potentially allow hackers to invade bank and other accounts are highly preventable, but it takes eternal vigilance. NEW YORK – The e-mail looked legitimate, so Danielle Radin clicked on the link it contained, expecting to have her products included in a holiday gift guide. “I instantly regretted it,” says Radin, owner of Mantra Magnets, a website that sells wellness products. “It took me to some random website that looked...

Anyone with a little money can buy access to Moscow's surveillance system of tens of thousands of cameras along and check footage stored over the previous five days. Sellers on forums and messenger groups that trade illegal data also provide facial recognition lookup services. Source: Bleeping Computer

Scammers are masquerading as The Elder Scrolls Online developers and sending Playstation private messages that state your account will be banned if you do not provide your login credentials. If you are a user of online games, especially shooters and MMORPGs, you are likely familiar with users commonly being banned from games for cheating or even suspected cheating. There have also been many cases where users are banned for no reason that they know of...

Researchers discovered a new kind of “Fileless Malware” distributed by the infamous Lazarus APT Hackers Group.  According to a security researcher from K7 Labs, the hacking group was spreading malware targeting MacOS users, to create fake cryptocurrency trading applications. Source: CISO Mag

Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says. The US State Department in collaboration with the US Department of Justice and the FBI Thursday announced an unprecedented $5 million reward for information leading to the arrest or conviction of a Russian hacker allegedly responsible for stealing tens of millions of dollars from banks and consumers over...

In a lawsuit filed today, Facebook alleges that a Chinese company used malware to compromise user accounts to run deceptive ads on the social media platform. The end goal of compromising Facebook accounts was distribution of deceptive ads for counterfeit goods and diet pills. Source: Bleeping Computer

A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area.  This could not come at a worse time for the Theatre as they were getting ready to begin their first scheduled performance of Charles Dickens' "A Christmas Carol" on December 4th. Source: Bleeping Computer

Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst’s account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported the error to the company and received his (or her) own bug bounty reward of $20,000 for doing so – but not...