Cyber Bites

Notepad++ 7.6.5 has been released and is now being signed with a GPG signature so that users who download the program can verify its authenticity.In March, Notepad++ developer Don Ho stated that after a donated code signing certificate had expired, he had problems registering a new certificate under the "Notepad++" name as it does not exist as an organization or a company. Due to this process and exorbitant prices of code signing certificates, he stated...

An Israeli cyber watchdog said Monday it has uncovered a network of fake online accounts backing Prime Minister Benjamin Netanyahu and slandering opponents ahead of next week's general election.In a new report the Big Bots Protect, which describes itself as a campaigner against social media abuse, said posts used "lies, libel and rumormongering" to attack Netanyahu's challengers.It found over 130,000 tweets from "hundreds of fake or anonymous accounts" without names or profile pictures, which did...

There is a new malware called vxCrypter ransomware in the digital space, and it will encrypt your files along and ‘improve’ your PC’s performance.Vccrypter is based on an unfinished, old ransomware called vxLock that utilized Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman or RSA algorithm to encrypt files. Source: FOSSBYTES

Many Canadians were surprised this weekend when their phones were buzzed by an incoming spam text from an unexpected political source. The Conservative Party of Canada mass-texted millions of randomly generated phone numbers in Saskatchewan, Manitoba, Ontario and New Brunswick, telling recipients that gasoline prices were about to spike, and they should fill up. The texts were meant to drum up political opposition to the Trudeau government's carbon tax, which came into effect Monday in...

Kaspersky says the majority of attacks are not targeted at control systems, but they could still exploit vulnerabilities. Phishing emails with malicious attachments are the main attack vector for penetrating industrial enterprises, according to a report by Kaspersky, which says the type of attack has become “route for workstations in the industrial sphere.”The phishing emails are “carefully crafted”, and appear to be sent from real companies masked as business correspondence, including commercial offers, invitations to...

More than a few restaurant-goers in the US will want to check their bank statements. Earl Enterprises has confirmed that hackers used point-of-sale malware to scoop up credit and card data at some of its US restaurants between May 2018 and March 2019, including virtually all Buca di Beppo locations, a few Earl of Sandwich locations and Planet Hollywood's presences in Las Vegas, New York City and Orlando. It's a fairly large data breach -  KrebsOnSecurity discovered that a...

The UK has one of the world’s leading digital economies, making it more vulnerable to cyber-attacks from hostile countries, criminal gangs and individuals, which continue to increase and evolve as it becomes easier and cheaper to launch attacks. The Cabinet Office leads this work, through successive National Cyber Security Strategies published in 2011 and 2016; and separate National Cyber Security Programmes designed to help deliver each Strategy between 2011-2016 and currently between 2016-21. Source: Parliament

A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it.A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors. Source: ThreatPost

Toyota Motor Corp. has announced a new data breach involving the theft of customer details from its dealerships in Japan, its second data breach in five weeks. The new breach is believed to affect 3.1 million customers and involved the theft of data including customer names, addresses, birthdates, government identification numbers and employment information, but not credit card details. Source: SiliconAngle

Group-IB researchers uncovered the malware that casts a wide net and is complete with fully automated features designed to steal both fiat and crypto currency from user accounts by leveraging a device’s Accessibility Service mode to bypass security bank features. Gustuff has the potential to target users of more than 100 banking apps and is equipped with phishing pages to designed to trick Android users surfing the apps of major banks, including Bank of America,...