Cyber Bites

Political parties and election systems will be heavily targeted in the months leading up to the 2020 general elections, some security experts say. A recently detected Iranian cyberattack targeting a US presidential campaign may well be a harbinger of what's in store for political parties and election systems in the run-up to next year's general elections. Source: Dark Reading

Hackers may have absconded with tens of thousands of online shoppers' credit card information in an attack on cloud infrastructure company, Volusion. According to ZDNet, multiple cyber security firms have confirmed the hack on Volusion, a software company that claims to provide infrastructure for more than 30,000 merchants. Among the affected parties are the Sesame Street Live online store which sells various merchandise from the popular kids show and the official website for the late painting...

A new Mimecast report finds a significant uptick in BEC attacks, malware attachments, and spam landing in target inboxes. Business email compromise (BEC) ramped up 269% from last quarter to this quarter, according to Mimecast's latest Email Security Risk Assessment (ESRA). This quarter showed a massive spike in emails containing dangerous file types, malware attachments, and spam in target inboxes. Source: Dark Reading

Twitter says that some of its users' phone numbers and email addresses provided for account security like two-factor authentication may have been used accidentally for ad targeting. "We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system," says the company. Source: Bleeping Computer

In this article we take a look at a phishing campaign that pretends to be an Amazon AWS suspension notice for unpaid bills that looks good enough to trick many users. A billing notice from a vendor, especially one like Amazon, that states that your account has been suspended for unpaid bills, may confuse a user enough to click on the email link. Attackers are capitalizing on this confusion by sending emails that pretend to...

The operators behind the RobbinHood ransomware have changed their language in the ransom note, at least in one variant of the malware, to take from victims all hope of decrypting the files for free and to make them pay for the recovery. Boastful and arrogant in their message, the cybercriminals point to past incidents involving their ransomware, which ended with victims paying much more than the ransom demand. Source: Bleeping Computer

Reyes Daniel Ruiz, a former Yahoo! software engineer, has pleaded guilty to using his access privileges at the company to hack users’ accounts so that he could download private images and videos mostly belonging to young women. A 10-year veteran of Yahoo!, Ruiz admitted to accessing around 6,000 accounts and storing the pilfered files at home. He then used these Yahoo! accounts as a stepping stone to compromise victims’ iCloud, Facebook, Gmail, DropBox, and other online...

Primary health organization (PHO) Tū Ora Compass Health from New Zealand disclosed a security breach that led to the exposure of medical and personally identifiable information (PII) of roughly 1 million people. PHOs are non-governmental organizations (NGOs) designed to provide support to the provision of fundamental primary health care services, mostly via general practices, to enrolled people. Source: Bleeping Computer

Several members-only dark web forums are reportedly auctioning what appears to be a stolen government database featuring the personal information of 92 million Brazilian citizens. The 16GB SQL database contains such information as name, birth date, mother’s name, gender and tax details including taxpayer IDs, according to BleepingComputer, which credits the discovery to a researcher with the Twitter user name Breach Radar. Source: SC Magazine

Instagram has added a new feature to its app to help users work out if an email was sent by the Facebook company or if it’s an attempted phishing scam. Now, if you receive an email claiming to be from Instagram, you can check if it’s genuine by heading over to the “Emails from Instagram” option in the app’s Security settings, which lists every email the service has sent you over the last 14 days....