News

A U.S. district court issued an order enabling Microsoft to take over 50 domains used by a North Korea-based cybercrime gang to conduct spear phishing campaigns. Microsoft’s Digital Crimes Unit and the Microsoft Threat Intelligence Center took down the domains controlled by a group it named Thallium after researching the malicious actors activity and filing a report with the U.S. District Court for the Eastern District of Virginia, said Tom Burt, Microsoft’s corporate vice president,...

The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform’s relationship with China grows. With backlash swelling around TikTok’s relationship with China, the United States Army this week announced that U.S. soldiers can no longer have the social media app on government-owned phones. TikTok, a social media app used to create and share short form videos, is owned by Beijing-based parent company ByteDance. Despite its popularity with users and...

As of January 1st, 2020, Python 2.7 has officially reached the end of life and will no longer receive security updates, bug fixes, or other improvements going forward. Released in 2000, Python 2.7 has been used by developers, administrators, and security professionals for 20 years.  While Python 3 was released in 2006, due to the number of users continuing to use 2.7, the Python team decided to support both development branches. Originally slated to be retired...

The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The ransomware program, identified as Ryuk, was delivered via a phishing email containing a malicious link that was clicked by an employee. According to the alert, the ransomware encrypted critical network files, then “further burrowed into...

One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The severity rating of the vulnerability was set to critical as the key allowed access to a Starbucks JumpCloud API. Source: Bleeping Computer

Sextortion scammers have started to utilize new tactics to bypass spam filters and secure email gateways so that their scam emails are delivered to their intended recipients. Sextortion scams are emails that pretend to be from an attacker who has hacked your PC and installed malware that can monitor what sites you visit and create videos using your webcam. These emails go on to state that they have created a video of you while watching...

Active Network’s Blue Bear Software platform reported that unauthorized activity in its network earlier this year resulted in customer PII being exposed. The company reported the issue to the California Attorney General’s office stating it recently became aware that between Oct. 1, 2019 and Nov. 13, 2019 there was illegal activity taking place on its Blue Bear platform during which time personal information was accessed or acquired by malicious actors. Blue Bear makes software for public K-12...

An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers. Wyze makes smart home cameras and connected devices like connected bulbs and plugs, which can be integrated with smart home assistants like Amazon Alexa and Google Assistant. The database, which was exposed on Dec. 4 until it was secured on Dec. 26, contained customer emails along with camera nicknames, WiFi SSIDs...

It has been reported that Canadian banks are being impersonated in a phishing campaign targeting both individuals and businesses via a large-scale infrastructure shared with previous attacks going back to 2017 and pointing to the same attackers. The infrastructure behind these Canadian focused attacks includes hundreds of phishing websites designed to mimic major Canadian banks’ websites as part of an effort to steal user credentials from the financial institutions’ clients. To get the targets on their phishing landing pages, the attackers use custom-crafted...

Threat actors breaching company networks are deploying a cornucopia of malware over the remote desktop protocol (RDP), without leaving a trace on target hosts. Cryptocurrency miners, info-stealers, and ransomware are executed in RAM using a remote connection, which also serves for exfiltrating useful information from compromised machines.   Source: Bleeping Computer