News

Crew and Concierge is an international recruitment agency specialising in securing staff for ultra-high-net-worth clients’ yachts operating around the world. The server, which was discovered during a Verdict investigation, consisted of over 90,000 files, all of which appeared to relate to individuals on Crew and Concierge’s books. It was left exposed on a misconfigured unsecured Amazon Web Services (AWS) S3 bucket and appears to have been online and available for anyone to access without a...

The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification (PIN) released today. "The FBI received reporting indicating a state-level voter registration and voter information website received anomalous Domain Name System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD) attack," according to the FBI PIN seen by BleepingComputer. Source: Bleeping Computer

Attackers are abusing the Bitbucket code hosting service to store seven types of malware threats used in an ongoing campaign that has already claimed more than 500,000 business computers across the world. Systems falling victim to this attack would get infected with multiple payloads that steal data, mine for cryptocurrency, and culminate with delivering STOP ransomware. Source: Bleeping Computer

Cybercriminals capitalize on fears of a global health emergency with phishing emails claiming to offer advice for protecting against coronavirus. As people grow concerned about the Wuhan coronavirus, now classified as a global emergency by the World Health Organization, cybercriminals are preying on their fear with phishing emails claiming to have advice on protective safety measures. Emails have been seen in the US and UK. Source: Dark Reading

The DoppelPaymer Ransomware is the latest family threatening to sell or publish a victim's stolen files if they do not pay a ransom demand. A new tactic being used by ransomware operators that perform network-wide encryption is to steal a victim's files before encrypting any devices. They then threaten to publish or sell this data if the victim does not pay the ransom. Source: Bleeping Computer

The city of Racine, Wis., was hit with a ransomware attack January 31 that knocked most of its non-emergency computer services offline. The Wisconsin-city’s website, email system and online payment collection systems were still down as of February 3 and the city police are unable to processes fee payments or provide copies of police and accident reports, reported the Journal Times and the Racine Police Department’s Facebook page. Source: SC Magazine

Google has reached out to some users to apologise after a "technical issue" saw videos uploaded to another user's archives.  In an email, the search engine giant said the issue affected the Google "download your data" service -- called Google Takeout -- for Google Photos in November last year. "Between November 21, 2019, and November 25, 2019, our records show you requested a Google 'download your data' export, which included Google Photos content," the company...

A 21-year-old man has admitted hacking Nintendo servers and leaking details about unreleased products. Ryan Hernandez, from Palmdale in California, and an associate used a phishing technique to steal the credentials of a Nintendo employee in 2016, according to records. Phishing refers to obtaining sensitive information such as usernames and passwords by disguising yourself as a legitimate or trustworthy user. Source: Sky News

With Flash being discontinued by the end of the year, over 38,000 Flash games have been archived so that they are available for offline play and historical purposes.  In a coordinated announcement by Adobe, Google, Microsoft, Mozilla, and Apple, Adobe stated that by the end of 2020, Flash would no longer be distributed and all major browsers will remove support for it. Source: Bleeping Computer

A new study of stolen passwords reflects the consequences of password overload. The most common type of password is a name, and the most common name password is George, according to a new analysis of compromised credentials found in the Dark Web. Source: Dark Reading