Cyber Bites

Exclusive Scotiabank leaked online a trove of its internal source code, as well as some of its private login keys to backend systems, The Register can reveal. Over the past 24 hours, the Canadian financial giant has torn down GitHub repositories, inadvertently left open to the public, that contained this sensitive information, after The Register raised the alarm. These repositories featured, among other things, software blueprints and access keys for a foreign exchange rate system, mobile application code, and login...

Cyber security threat researchers at multiple companies have reported that the prolific Emotet email trojan-turned-botnet has re-emerged as an active threat to inboxes after an apparent summer hiatus lasting three-and-a-half months. One of the most widely distributed and dangerous email attacks of the past few years, the resurgence began early on the morning of Monday 16 September, hitting targets across Europe and the US, with the latest attack introducing Spanish and Italian language variants for the first...

When Teemu Airamo moved into his company's new Manhattan office in shared workspace provider WeWork, he had one overriding priority: to run a security scan on the building's Wi-Fi network. After all, he shared a space with more than 200 companies also co-working in the Financial District hub and didn't want anyone snooping around.  Source: CNET

A couple of Android apps found in Google Play included functionality that stealthy recording audio without user consent. The apps posed as selfie camera filters and had been installed over 1.5 million times. The main activity of the two apps was not spying on users but aggressively pushing adware that covered the entire screen of the Android device. Source: Bleeping Computer

On the heels of its acquisition by Chegg, developer education site Thinkful said an authorized third party had breached its systems. “We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users,” company Vice President of Operations Erin Rosenblatt told users in an email. “As soon as we discovered this unauthorized access, we promptly changed the...

A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner, researchers have reported. The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out their online booking functionality is through a library module called “viewedHotels,” which saves viewed hotel information in visitors’ browser cookies. Source: SC...

Attackers can exploit a critical security vulnerability in Harbor cloud native registry for container images to obtain admin privileges on a vulnerable hosting system. Harbor is open source and can integrate with Docker Hub and various image registries like Docker Registry and Google Container Registry, to add security, identity, and management features. Source: Bleeping Computer

The Consumer Financial Protection Bureau (CFPB) has been probing of Bank of America (BoA) for allegedly opening customer credit card accounts with authorization a la Wells Fargo. The BoA investigation emerged after the bureau posted documents to its site showing the back and forth regarding turning over emails and other records with the bank’s attorneys, one of whom acknowledged a “vanishingly small” number of “potentially unauthorized credit card accounts.” Source: SC Magazine

A new landing page for a Microsoft account phishing scam has been discovered that utilizes the SmtpJS service to send stolen credentials via email to the attacker. There is nothing special about the appearance of the Microsoft account phishing page shown below that was discovered by MalwareHunterTeam. It's your standard Microsoft login template that will ask you for your Microsoft credentials and then tell you that the submitted credentials are incorrect. Source: Bleeping Computer

Customers of commercial food service wholesaler Restaurant Depot received phishing emails asking for payment of an (attached) outstanding invoice or else the company would deduct the balance from their accounts. Some of those recipients began tweeting to the company’s customer service department with one noting that he “finally got through to tell them. They’re aware. It’s pretty big, the breach.” Source: SC Magazine