News

Phishers are using “black SEO” to lure users in to malicious downloads masquerading as the latest Star Wars movie. Whenever the internet lights up in anticipation of anything, there are fraudsters and scammers waiting in the wings to take advantage of it. This week’s premiere of Star Wars: The Rise of Skywalker is no exception, with cybercriminals eyeing one of the world’s most beloved franchises as rich fodder for phishing attempts.   Source: Threatpost

With today's release of the new Vivaldi 2.10, the browser will impersonate Google Chrome when visiting certain sites. It does this to prevent the browser from being blocked based on its user agent. Even though Vivaldi is a Chromium-based browser and should be supported at every site that supports Chrome, many sites will block the browser based on its user agent.   Source: Bleeping Computer

Emotet has started a new spam campaign that is banking off the popularity of environmental activist Greta Thunberg and her dedication to the climate movement. Unsuspecting users who think they are getting info about an upcoming "climate crisis" demonstration, will instead find that they have become infected with Emotet and other malware.   Source: Bleeping Computer

An unsecured database on the dark web left the personal information of more than 267 million Facebook users, mostly in the U.S., exposed. Although the database, discovered by security researcher Bob Diachenko and Comparitech and traced to Vietnam, is now inaccessible, it laid bare names, phone numbers, timestamps and Facebook IDs and that information also appears on a hacker forum. Source: SC Magazine

An active malspam campaign is distributing Emotet banking Trojan payloads via emails camouflaged to look like messages delivered by several German federal authorities warns the BSI, Germany's federal cybersecurity agency. Source: Bleeping Computer

An insurance and financial services company based out of Manitoba, Canada is the latest victim of the Maze Ransomware with allegedly 245 computers encrypted during a cyberattack in October. The victim, Andrew Agencies. is a full-service insurance company with 125 employees and 18 locations based out of Manitoba, Saskatchewan, and Alberta, Canada. Source: Bleeping Computer

Parents buy their children GPS-enabled smartwatches to keep track of them, but security flaws mean they’re not the only ones who can. This year alone, researchers have found several vulnerabilities in a number of child-tracking smartwatches. But new findings out today show that nearly all were harboring a far greater, more damaging flaw in a common shared cloud platform used to power millions of cellular-enabled smartwatches. Source: Tech Crunch  

Automotive giant Honda exposed roughly 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers after misconfiguring an Elasticsearch cluster on October 21, 2019. Honda's security team in Japan promptly secured the publicly accessible server within just a few hours after being contacted by Security Discovery researcher Bob Diachenko on December 12. Source: Bleeping Computer

Just days after New Orleans revealed it was victimized by a ransomware attack, smaller municipalities in Florida and California reported being hit. Galt, Calif. municipal systems and the St. Lucie County, Fla. Sheriff’s Department were each knocked offline. Source: SC Magazine

Hundreds of industrial companies are currently the targets of cyber-espionage activity from an advanced threat actor. The adversary uses a new version of an older info-stealer to extract sensitive data and files. The attacker uses spear-phishing emails with malicious attachments often disguised as PDF files. Separ is the malware of choice, which steals login data from browsers and email clients, also hunting for various types of documents and images.   Source: Bleeping Computer