News

The U.S. Department of Justice has formally charged two members of a hacking group operating in China for illegally accessing computer systems of health insurer Anthem and stealing personally identifiable information (PII) of 78.8 million people. One of the hackers has been identified by his real name, Fujie Wang (a.k.a. Dennis Wang), while another is known only by aliases (a.k.a. Zhou Zhihong, Kim Young, Deniel Jack) and charged as John Doe. They were part of...

Adware bundles are installing a VPN software called Pirate Chick, which then connects to a remote server to download and install malicious payloads such the AZORult password-stealing Trojan. As adware bundles need to look as legal as possible, they require offers that they promote to have legitimate web sites with privacy policies and user agreements. Such is the case with the Pirate Chick VPN, whose web site looks like any other VPN site and includes a free...

A massive SMS spamming operation kicked out tens of millions of text messages, pestering unsuspecting recipients with links to fake sites flogging loans and free money. The operation was simple but smart. The system processed vast batches of phone numbers and curated custom messages on the fly with links to the fake sites. These fake sites urged spam victims to sign up with their name, email address and phone number and promised “free money… for real.”...

C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks, alerts the Verizon 2019 Data Breach Investigations Report. Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver. Source: Helpnetsecurity

A huge MongoDB database exposing 275,265,298 records of Indian citizens containing detailed personally identifiable information (PII) was left unprotected on the Internet for more than two weeks. Security Discovery researcher Bob Diachenko discovered the publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as historical data provided by the platform showed, the huge cache of PII data was first indexed on April 23, 2019. Source: Bleeping Computer

Another city has become the victim of a ransomware attack, as government officials in Baltimore have revealed that the city hall computer networks have been infected, according to CBS Baltimore. Experts have identified the ransomware used in this case as the RobbinHood variant, about which there is little information given that it is relatively new. RobbinHood was also identified as the ransomware used last month in an attack on Greenville, North Carolina. Source: Infosecurity Magazine

Two new leaks exposing Iranian cyber-espionage operations have been published online, via Telegram channels and websites on the Dark Web and the public Internet. One leak claims to contain operational data from the MuddyWater hacking group, while the second leak reveals information about a new group identified in official Iranian government documents as the Rana Institute --and currently not linked to any known Iranian cyber-espionage group. Source: ZDNet

The cyber security industry in Northern Ireland provides employment for nearly 1,700 people and is on course to generate more than £70m in salaries each year, according to Máire O’Neill, professor at Queen’s University Belfast.Source: Computer Weekly

Hackers drained cash from Amazon merchant accounts over a six month period, a redacted U.K. filing from November 2018 spotted by Bloomberg reveals. In the filing, which details “extensive fraud”, without naming the sum stolen, Amazon’s lawyers asked a London judge to approve account statement searches at Barclays and Prepay, where the hackers had access to accounts used in the fraud.Source: Computer Business Review

A recent Ponemon Institute study found that there has been a dramatic increase in IoT-related data breaches specifically due to an unsecured IoT device or application since 2017. The study found these breaches account for 26 percent of incidents, up from 15 percent, although the actual number may be greater as most organisations aren’t aware of every unsecured IoT device, application, or third party platform, according to the firm’s "Third Annual Party IoT Risk: Companies...