News

The UK's National Crime Agency (NCA) said 14,500 people had bought spying tools from the Imminent Methods site. Police searched more than 80 properties across the world to find those selling the tools. They were also able to trace people who had bought the software and charge them with computer misuse offenses. It gave the attacker full access to an infected device, letting them steal data, monitor what the victim was doing and even access...

A fake Steam skin giveaway site has been created that states it gives away news skins every day, but in reality it just steals your login credentials. This phishing site was first discovered by researcher nullcookies where he posted a warning about it on Twitter. After nullcookies told us that Steam phishing sites are commonly promoted directly on Steam, we performed a search and found that this scam is being promoted through comments made to Steam profiles. These...

A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords. This trojan is called CStealer, and like many other info-stealing trojans, was created to target and steal login credentials that were saved in Google Chrome's password manager. Source: Bleeping Computer

With Thanksgiving being celebrated in the United States, malware distributors are sending out holiday themed emails to distribute the Emotet Trojan and other malware. New email campaigns are underway that pretend to be Thanksgiving Day greeting cards and office closing notices with last minute invoices. Users who fall for the emails and open the attached word documents will be left with a Windows computer infected with a password-stealing Trojan and possibly other malware. Source: Bleeping Computer

Twitter warned its users that a software development kit (SDK) developed by oneAudience could have allowed that company to obtain account information. Facebook also posted a notice concerning not only the oneAudience SDK, but also for fellow SDK maker Mobiburn. OneAudience confirmed the problem and then shut down the SDK along with its associated websites but said the data was never intended to be collected, never added to its database and never used. Source: SC Magazine

The cybersecurity firm Palo Alto Networks has admitted that it suffered a data breach which resulted in the personal data of both past and current employees being leaked online. Business Insider, who broke the story, was first made aware of the breach by a former employee of the company that wished to remain anonymous. Source: Tech Radar

Cumbrian marine services firm James Fisher and Sons has said there is no indication that personal or commercially sensitive data was lost during a recent cyber attack. In a trading update the Barrow-headquartered business appeared to reveal the attack had been centred on its JFD arm, which provides diving equipment and rescue training to commercial clients and the defence sector, with specific emphasis on submarines. Source: NEW Mail

Fifteen months after DiBella’s Old Fashioned Submarines was notified by the FBI and credit card companies of a data breach the sandwich shop chain has issued a notice informing its customers of the incident. The company reported its stores in Connecticut, Indiana, Michigan, Ohio, New York and Pennsylvania may have had the information on as many as 305,000 payment cards compromised. DiBella’s said it was informed by the FBI and its credit card firms on...

Black Friday is here, and deals are popping up all over the internet. Consumers are browsing for the most generous discounts, their inboxes flooded with promotional emails alerting them of cheap flights to exotic locations available for a fraction of the cost. But while the prospect of acquiring a new smartphone at a slashed price may appealing, the cybersecurity community is all but confident that things will run smoothly for customers, who will be targeted...

Great Plains Health medical center is recovering from a ransomware incident that hit its computer network at the beginning of the week and forced switching to pen and paper to maintain activity. The attack was detected on Monday around 7 p.m. and the IT department worked through the night to reduce the impact on local health services. Source: Bleeping Computer