News

Pornography played on giant television screens at an Asics sports store in New Zealand for hours over the weekend after hackers took over the shop’s IT systems. The pornography was streamed onto screens facing Auckland’s Queen Street, the country’s busiest shopping thoroughfare, and wasn’t stopped until employees arrived to open the store on Sunday morning. The Japanese company has apologised to anyone who was inadvertently subjected to the material, and said they were working with their...

Defence contractors Rheinmetall AG and Defence Construction Canada (DCC) were hit this month by cyber-attacks that impacted and disrupted their information technology systems. German Rheinmetall AG is one of the world's top suppliers of military equipment and systems, with two operational components, namely Rheinmetall Defence and Rheinmetall Automotive. "The group's 23,000-strong global workforce generated sales last year of $6.9 billion," says a press release published today. Source: Bleeping Computer

Cybercriminals have found a way to use Google Alerts to hook victims into scams or push malware. Bleeping Computer CEO Lawrence Abrams found that malicious actors are creating malicious sites into Google so they will be emailed to people who have alerts set for that particular subject matter. The malicious pages are created using popular keywords and based on hot topics. “For example, as we publish a lot of ransomware news, I have a Google Alert...

Food delivery company, DoorDash, has confirmed it was hit by a data breach which exposed the data of close to 5 million customers, delivery people and partners. The breach took place in May of this year, and it's unclear why it has taken DoorDash so long to reveal the details. According to a spokesperson for DoorDash, the breach took place via a third party provider - who was not named - and affected users who...

The iPhone maker released the latest version of its mobile operating system, iOS 13, last week and the company followed this up with the recent release of iOS 13.1 and iPadOS 13.1. However, Apple has warned users of an issue affecting third-party keyboard apps in a brief advisory, which reads: “Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features...

A new spam campaign is underway that is targeting Chinese recipients to trick them into installing the REvil (Sodinokibi) Ransomware. This spam campaign was discovered by security researcher onion and pretends to be an email from DHL stating that the delivery of a package has been delayed due to an incorrect customs declaration. It then proceeds to inform the recipient that they must download the enclosed "Customs documents", fill them out correctly, and send it back in...

DoorDash has announced a data breach where an unauthorized user was able to gain access to the personal information of 4.9 million consumers, Dashers, and merchants. In a security notice published on their site and through emails being sent to affected users, DoorDash states that an unauthorized party was able to gain access to user data on May 4, 2019. The data is only for users, Dashers, and merchants who joined their platform on or...

An estimated 16,000 WordPress websites are running a plugin that is vulnerable to unauthenticated plugin option updates. WordFence, a WordPress security solution provider, has reported that the plugin Rich Reviews has a vulnerability that is currently being abused and can be exploited to deliver stored cross-site scripting (XSS) payloads. This can result in malvertisements being injected, causing pop up ads and redirects to appear on the site using the plugin. “The Wordfence team is seeing...

Google and Apple recently removed hundreds of apps from their respective app stores after being informed they were actually fronts for gambling operations. While it’s not unusual to find malicious apps, this operation was different in that many of the apps passed through Google and Apple’s vetting process, Trend Micro reported. This was accomplished by essentially delivering two apps in one to the app store reviewer, one good and one bad. The “good” app presents...

Hackers have penetrated cloud computing networks of some 60 percent of top US companies, with virtually all industry sectors hit. Researchers at the enterprise security firm Proofpoint said they detected over 15 million unauthorized login attempts to cloud computing networks of US Fortune 500 firms in the first six months of 2019, of which 400,000 were successful. Source: TechXplore