Cyber Bites

Subway UK has revealed that their marketing campaign's system was hacked, which resulted in malware-ridden phishing emails being sent to customers on Friday. As of Friday morning, Subway's customers in the UK began to received emails from 'Subcard' about a Subway order that they had supposedly placed. The email included links to documents which claimed to contain the order confirmation details. Once the emails had been analysed it was discovered that they were in fact...

Microsoft has revealed that a well-organized threat campaign is distributing malware across web browsers, including Edge, Chrome, and Firefox. The attacks can result in users having malicious extensions added to their browser, malicious ads injected into search results, and users having their credentials stolen in the worst cases of the attack. In order to avoid any of these issues that can be caused as a result of these attacks, Microsoft recommends that users should re-install...

It has been speculated that Russian hackers have been monitoring internal email traffic of U.S. Treasury and Commerce departments. Those who are involved in the matter are fearing that this specific hack is only a small part of a much larger attack. The hack has led a National Security Council meeting on Saturday to discuss the matter, and how it should be handled. The Commerce Department confirmed the breach and have asked for the Cybersecurity...

Ledger wallet users have been targetted by a phishing scam which used a fake data breach notification in order to steal cryptocurrency. The wallets were secured using a 24-word recovery phrase and support 12, 18, or 24-word recovery phrases used by other wallets. If someone knows the recovery phrase then they are able to access the funds inside the wallet. Therefore, the phrase must be kept private and offline. Ledger suffered a data breach in...

Valve, a game developer, has recently fixed 4 critical bugs in its Stream game platform. If these flaws were exploited, they could have allowed users to attack their opponent remotely, crashing their opponent's game client. The Stream service has over 25 million users, acting as a platform for popular games such as Counter Strike: Global Offensive, Dota2 and Half Life. On Thursday the vulnerabilities were discovered in the network library of Stream, also know as...

Glassdoor, a platform for posting anonymous company reviews and job hunting, has recently fixed a critical issue that could have been exploited by bad actors to take over accounts.  The bug bounty researcher "Tabahi (https://twitter.com/_tabahi) "  discovered the vulnerability and described it as a site-wide cross-site request forgery (CSRF) bug with an estimated severity score of 9 - 10. A token, gdToken, was in use on the Glassdoors website to prevent CSRF from occurring on...

Netgain, the cloud hosting and IT services provider has been forced to take a number of their data centres offline following a ransomware attack in November. Netgain is a technology company that provides hosting and cloud IT solutions, such as desktop-as-a-service environments and managed IT services, to companies in accounting and healthcare sectors. In a series of emails sent to customers, Netgain stated that they had fallen victim to a ransomware attack on November 24th,...

The Israeli cybersecurity firm Cybereason has recently announced that it has uncovered an active effort to control the computers and steal data belonging to Facebook, Google Docs, Dropbox, and Simplenote users. Cybereason has attributed the campaign to the Arab group 'Molerats', who also go by the name ‘The Gaza Cybergang,’ who have been operating in the Middle East since 2012. According to the cybersecurity firm, “this latest campaign leverages two previously unidentified backdoors dubbed SharpStage...

The online fraud prevention company, Bolster, has reported that in November they saw an increase in new websites related to gift card fraud, with a rate of more than 220 fraud cases per day. The research team noted that Target's balance checking page has been one of the most impersonated this holiday season. Some of the spoofing attempts are more credible than others. One fraudster even imitating Target's services to such an extent that most...

FireEye has been the go-to for protection against sophisticated attackers for government agencies and companies around the world for years. However, the cybersecurity firm has recently fallen victim to what they protect against, as FireEye have recently reported that they have been hacked by what are thought to be Russian intelligence agencies exacting revenge. On Tuesday FireEye revealed that their systems had been infiltrated by “a nation with top-tier offensive capabilities.” The firm said that...