News

Cybercriminals are exploiting fears over the outbreak of Coronavirus in China, sending out emails with malicious Word attachments purportedly providing updates on preventing infection but in actuality delivering the Emotet trojan. “Patients were reported about the new type of coronavirus-related pneumonia, mainly in Takeshi, China. Patients have been reported in Gifu Prefecture in Japan,Therefore, please =check the attached notice,Thank you for your infection prevention measures,” one email read. Source: SC Magazine

The airline’s hack, compromising the data of more than 1.2 million passengers, including Indian government officials, was first reported by TechCrunch, which learned of the incident through an unnamed security researcher, who referred to his actions as ethical hacking.The individual “brute-forced” into the system by using an easily guessed password, and upon alerting SpiceJet never received a response, prompting the leak to TechCrunch, which says it reviewed the impacted database’s contents and won’t reveal the hacker’s identity...

Three US law firms were hit with ransomware over the weekend and researchers estimate 50% of US organisations were attacked in the past year. The astonishing growth in cybercrime was revealed in the ‘State of the Phish‘ report from cybersecurity firm Proofpoint. The researchers analysed more than 9 million malicious email, spoke with 600 industry leaders and 3500 IT employees to come up with their estimate. They also ran 50 million phishing attack simulation emails....

The Japanese NEC electronics giant was the target of a cyberattack that resulted in unauthorized access to its internal network on Thursday according to information leaked to Japanese newspapers by sources close to the matter. The electronics and information technology giant is a major contractor for Japan's defense industry, engaged in various defense equipment projects with the Japan Self-Defense Forces (JGSDF or Jieitai), including but not limited to 3D radar, broadband multipurpose radio systems and may have leaked...

Microsoft just announced the launch of an Xbox bug bounty program to allow gamers and security researchers to report security vulnerabilities found in the Xbox Live network and services. Qualified Xbox Bounty Program submissions are eligible for bounty payouts ranging from $500 to $20,000 for a remote code execution submitted via a high-quality report with clear and concise proof of concepts (POCs). Source: Bleeping Computer

Facebook has agreed to set aside $550 million to settle a class-action lawsuit brought by users who allege the social media company violated the Illinois Biometric Information Privacy Act (BIPA), attorneys for the plaintiffs announced on Wednesday. San Francisco Federal District Court Judge James Donato must still approve the settlement, which the lawyers claim is the largest cash settlement ever for a privacy-related lawsuit. Source: SC Magazine

A Ryuk ransomware attack against U.S. Department of Defense contractor Electronic Warfare Associates (EWA) has reportedly affected the electronics company’s web server, making several of its websites in accessible. The attack took place last week and impacted the websites for the EWA Government Systems Inc., a subsidiary that sells electronic warfare products; EWA Technologies Inc, a division that offers JTAG (Joint Test Action Group) products; Simplicikey, am EWA division that manufacturers a remote control electronic...

The TrickBot Trojan has switched to a new Windows 10 UAC bypass to execute itself with elevated privileges without showing a User Account Control prompt. Windows uses a security mechanism called User Account Control (UAC) that will display a prompt every time a program is run with administrative privileges. When these prompts are shown, they will ask logged in user if they wish to allow the program to makes changes, and if the program is suspicious...

A new service called 'I Got Phished' has launched that will alert domain and security administrators when an employee in their organization falls for a phishing attack. Phishing attacks are a common vector for a variety of other attacks such as BEC scams, network intrusions, and even ransomware attacks. Source: Bleeping Computer

Cybercriminals have attempted to sell customer payment card data likely pilfered from a Wawa POS breach discovered in December. The Pennsylvania-based convenience store and gas station operator said in a release that it had asked its payment card processor, payment card brands and card issuers to tick up their fraud monitoring in light of the latest revelations. Source: SC Magazine