Cyber Bites

Catch Hospitality Group has disclosed that point-of-sale systems (POS) at NYC hotspots Catch NYC, Catch Rooftop, and Catch Steak were infected with malware that allowed attackers to steal credit card information from customers. According to Catches 'payment card incident' notice, the POS malware was active at Catch NYC and Catch Rooftop between March 19, 2019 and October 17, 2019. For Catch Steak, which opened for business on September 18th, the malware was active between September 17, 2019...

As part of our ongoing series to educate users about some of the more silly phishing scams out there, we bring a new one that states Excel is blocked unless you login and verify your details. As people get more educated about phishing scams and how to spot them, we continue to see scammers create outlandish campaigns in order to bait people into entering their login credentials. Source: Bleeping Computer

Wireless communications company T-Mobile has disclosed a data breach incident that impacts certain customers with pre-paid service accounts. “Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities,” stated a notification that the Germany-based company posted online. Source: SC Magazine

Google is raising its "reward" for uncovering security flaws in some of its Android smartphones from $200,000 to a maximum of $1.5m. The new top "prize" is payable to those who spot bugs in the Titan M security chip in Google's Pixel smartphones, as well as meeting specific criteria. Google said it had paid out more than $4m to security researchers since 2015. Source: BBC

Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous. An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet. Source: Threat Post

Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million. An expansion of Google's Android Security Rewards (ASR) program includes a new top prize of $1 million, a massive increase from the previous top prize of $200,000, Google reported today. Researchers could earn even more for exploits found in Android developer preview versions. Source: Dark Reading

T-Mobile said today in a data breach notification that the account information of an undisclosed number of customers using the company's prepaid services was accessed by an unauthorized third-party. "Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account," the breach notification says. Source: Bleeping Computer

After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made. Source: Bleeping Computer

European hotel booking platform provider Gekko Group mistakenly stored over 1 terabyte of information on a publicly configured server, exposing troves of data related to its hotel B2B clients, as well as travel agents and their customers. Source: SC Magazine

Cyber-attack on a hospital in Rouen last week caused "very long delays in care", reports the AFP news agency. Medical staff at the French city's University Hospital Centre (CHU) were forced to abandon PCs as ransomware had made them unusable, a spokesman said. Instead, staff returned to the "old-fashioned method of paper and pencil", said head of communications Remi Heym. Source: BBC