News

Business email compromised (BEC) attacks have seen an explosive 476% growth between Q4 2017 and Q4 2018, while the number of email fraud attempts against companies increased 226% QoQ. BEC attacks use social engineering to target specific company employees, regularly from the firm’s Finance department, and try to persuade them into wiring large sums of money to third-party banking accounts controlled by the attackers. Source: Bleeping Computer

A spam-based phishing campaign recently targeted North American banking customers with malicious Excel documents designed to infect victims with a new variant of the information-stealing TrickBot banking trojan, researchers reported earlier this week. The scam dates back to at least Jan. 27 and peaked in volume on Jan. 30, according a new blog post from Blue Hexagon, a brand-new deep-learning cybersecurity firm that launched just this past Tuesday, Feb. 5. Source: SC Magazine

An EE customer has said she was stalked by an ex-partner who worked at the firm, after he accessed her personal data without permission. Francesca Bonafede's number was switched to a new handset and her address and bank details were accessed. She said the company failed to take the data breach seriously and she had to involve police. EE "sincerely apologised" to Ms Bonafede, and said the employee no longer worked for the company. Source:...

Parent gabfest platform Mumsnet has reported a data security breach that it claimed happened amid a "software change" en route to migrating services to the cloud. A user sounded the alarm yesterday evening that they were able to log into and view details of another user's account. This security screw-up, likely some kind of caching blunder, happened between 2pm GMT on 5 February and 9am GMT on 7 February. Source: The Register

Ransomware accounted for one tenth of 1% of all malicious email content in Q4, according to a new threat report from Proofpoint. It’s Q4 threat report found that banking trojans accounted for 56% of all malicious payloads in email in Q4, while remote access trojans (RATs) accounted for 8.4%. Proofpoint claimed that this marked a “significant change” for RATs, as in previous years they were rarely used by attackers. Source: Infosecurity Magazine

The Kaspersky Lab DDoS Q4 Report covering statistics of the last quarter and the whole of 2018 highlights a 13% decline in the overall number of DDoS attacks when compared with the statistics from the previous year. However, the duration of mixed and HTTP flood attacks is growing, which suggests that malefactors are turning to more sophisticated DDoS attack techniques. The low cost of DDoS-as-hire makes such attacks one of the most affordable cyberweapons for...

WhatsApp says it is deleting 2m accounts per month as part of an effort to blunt the use of the world’s most popular messaging app to spread fake news and misinformation. The Facebook-owned service published the data as part of a white paper on “stopping abuse” that was launched on Wednesday in India, the biggest market for the company with more than 200m users. Source: The Guardian

Cyber-criminal groups are using Google Translate to hide the real domain of their phishing sites, security researchers have discovered. Phishing emails that use this technique have already been spotted in the wild. The trick isn't complex at all. The idea is that phishing groups send their normal phishing emails, but instead of linking directly to their phishing page's domain, they pass the phishing page URL through Google Translate and use the newly generated Google Translate...

Google has uncovered a new method to hack Android smartphones using malicious PNG files. The problem was disclosed this week in Google's Android security bulletin. A serious flaw in the operating system's framework can let a remote attacker execute computer code on an Android device by using a "specially crafted PNG file," the notice said. Source: PC Mag UK

The latest quarterly report on Australia's Notifiable Data Breaches (NDB) scheme has revealed around 269,621 separate cases of individuals having their personal information impacted as a result of a human error. The report says that during the period covering October 1, through to December 31, 2018, 262 notifications of data breaches were received by the Office of the Australian Information Commissioner (OAIC), with 85 being put down to human error. Source: ZDNet