Cyber Bites

Kathmandu, an outdoor wear and equipment retailer, revealed that it suffered a data breach that disclosed its customers’ credit card and personal information. The New Zealand-based company stated that unknown intruders allegedly gained access to its online trading website for over a month between January 8, 2019, and February 12, 2019. Kathmandu stated the hackers may have captured customer personal information and payment details entered at the check-out points. The company clarified that all Kathmandu...

A Sydney man has been arrested after allegedly selling hundreds of thousands of compromised account details for subscription streaming services, including for Netflix, Hulu and music streaming service Spotify – raking in about $212,000 ($300,000 AUD) in profit in the process. The Australian Federal Police (AFP) were tipped off to the 21-year-old malefactor’s alleged activities by the FBI last May, as part of an investigation into a now-defunct account generator website called WickedGen.com. He was...

Hackers have used ransomware to encrypt files at a school, causing it to lose some students' GCSE coursework. The Sir John Colfox Academy in Bridport, Dorset, said a member of staff mistakenly opened an email containing a virus. The email claimed to be from a colleague at another Dorset school and infected the computer network. Coursework from one subject submitted by Year 11 students, which was saved on the school' system, has been lost. Source:...

A slew of Facebook-owned sites are experiencing a worldwide outage, leaving thousands of users unable to connect to social media for several hours. Facebook, Messenger, and Instagram have all been having issues since around noon (ET), in some cases resulting in a ‘total blackout.’ The three apps crashed primarily in major urban areas across the United States and Europe, along with parts of South America. WhatsApp - also owned by Facebook - has been hit by spotty service...

The March edition of Patch Tuesday includes fixes for 64 CVE-listed vulnerabilities, while Adobe addressed a pair of bugs in Photoshop and Digital Editions. Even SAP has got in on the game. DHCP flaws headline Patch Tuesday priorities. Of the 64 bugs squashed in Redmond's March update, researchers are pointing to five particular bugs as being especially noteworthy. First, there are the trio of CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726, all covering holes present in the DHCP server component for...

A new variant of an infamous banking Trojan malware with a history going back over ten years has emerged with new tactics to ensure it's harder to detect. The malware aims to hunt out financial information, usernames, passwords and other sensitive data. The Ursnif banking Trojan is one of the most popular forms of information-stealing malwaretargeting Windows PCs and it has existed in one form or another since at least 2007, when the its code first...

Many students of the Central Michigan University were hacked after they opened emails having the bright blue button which says "click here to read message", and then inevitably clicks them. The emails look like being sent by somebody already known to the student, as the subject line was already exchanged previously with that person. "One of the interesting things is that because the subject line is always different, it was hard to identify, but if...

The Swiss Federal Chancellery (SFC) on Tuesday said security researchers have found an fascinating flaw in the Swiss Post's e-voting system as part of an ongoing penetration test. Said flaw, if successfully exploited by miscreants, would prevent officials from detecting unauthorized changes to citizens' electronically-cast votes. Swiss authorities released the source code of their computer-based voting system and began a public audit of their blueprints on February 25, 2019, to identify vulnerabilities and fix them. The test is scheduled...

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. BleepingComputer was first notified about the Yatron RaaS by a security researcher who goes by the name A Shadow. Since then, the actor behind this ransomware has strangely been promoting the service...

The state now says more than 600,000 people might have been affected by a health care data breach. Michigan Attorney General Dana Nessel says the breach involving Wolverine Solutions Group impacted customers with several health systems. Those include Blue Cross Blue Shield of Michigan, McLaren Health Care and others. Wolverine Solutions Group says the ransomware got into patient’s information including names, social security numbers, medical information and other sensitive information. Source: 9 and 10 News