News

Cybercriminals are reportedly demanding a $14 million extortion payment after using Ryuk ransomware to infect Virtual Care Provider Inc. (VCPI), a company that provides IT consulting and cloud-based data hosting and security services to roughly 110 nursing homes around the U.S. Source: SC Magazine

Cybercriminals have devised a card-skimming scheme that involves creating a phishing page that impersonates a retailer’s third-party payment service platform (PSP). Certain e-commerce websites outsource their financial transactions by redirecting customers to a secure page operated by PSP companies. But in this scam, discovered by researchers at Malwarebytes, the malicious actors swap out the genuine PSP payment processing page with a fraudulent one that asks for customers’ personal and financial data. These details will then be...

A newly announced data breach of several popular Catch restaurants stemmed from malware on its point-of-sale (PoS) systems. Popular NYC restaurants Catch NYC, Catch Roof and Catch Steak discovered and removed malware on their point-of-sale (PoS) systems — but not before it exposed credit-card information from unknowing diners. Source: Threat Post

Catch Hospitality Group has disclosed that point-of-sale systems (POS) at NYC hotspots Catch NYC, Catch Rooftop, and Catch Steak were infected with malware that allowed attackers to steal credit card information from customers. According to Catches 'payment card incident' notice, the POS malware was active at Catch NYC and Catch Rooftop between March 19, 2019 and October 17, 2019. For Catch Steak, which opened for business on September 18th, the malware was active between September 17, 2019...

As part of our ongoing series to educate users about some of the more silly phishing scams out there, we bring a new one that states Excel is blocked unless you login and verify your details. As people get more educated about phishing scams and how to spot them, we continue to see scammers create outlandish campaigns in order to bait people into entering their login credentials. Source: Bleeping Computer

Wireless communications company T-Mobile has disclosed a data breach incident that impacts certain customers with pre-paid service accounts. “Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities,” stated a notification that the Germany-based company posted online. Source: SC Magazine

Google is raising its "reward" for uncovering security flaws in some of its Android smartphones from $200,000 to a maximum of $1.5m. The new top "prize" is payable to those who spot bugs in the Titan M security chip in Google's Pixel smartphones, as well as meeting specific criteria. Google said it had paid out more than $4m to security researchers since 2015. Source: BBC

Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous. An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet. Source: Threat Post

Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million. An expansion of Google's Android Security Rewards (ASR) program includes a new top prize of $1 million, a massive increase from the previous top prize of $200,000, Google reported today. Researchers could earn even more for exploits found in Android developer preview versions. Source: Dark Reading

T-Mobile said today in a data breach notification that the account information of an undisclosed number of customers using the company's prepaid services was accessed by an unauthorized third-party. "Our Cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account," the breach notification says. Source: Bleeping Computer