News

More and more mobiles are coming pre-installed with malware from the factory. Forty-two low-cost smartphone models had the Triada Banking Trojan. Meanwhile, millions of devices from a variety of manufacturers like Huawei, Xiaomi, Vivo, and Samsung had RottenSys, mobile adware disguised as a secure Wi-Fi service, already on their devices. Source: Brian Madden

The GandCrab ransomware TOR site allows shady data recovery companies to hide the actual ransom cost from victims and it is currently being disseminated through a large assortment of distribution channels according to a Codeware report. Partnering with recovery firms who frequently access GandCrab's TOR site is an https://www.coveware.com/blog/2018/10/10/gandcrab-ransomware-decryption-payment, with "discount" codes being provided to the most active ones, usable when processing future settlements. Source: Bleeping Computer

Two hacker groups are behind 60% of all publicly reported cryptocurrency exchange hacks and are believed to have stolen around $1 billion worth of cryptocurrency, according to a report published last week by blockchain analysis firm Chainalysis. "On average, the hacks we traced from the two prominent hacking groups stole $90 million per hack," said Chainalysis. Source: ZDNet

More than 59,000 data breaches have been reported across Europe since data protection laws were brought in last year, new figures have revealed. The Netherlands, Germany and the UK topped the list of the most reported breaches in the eight months since new GDPR laws came into force, according to law firm DLA Piper. The breaches, which range from minor errors such as missent emails to major cyber hacks, were reported by public and private...

Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. Source: Krebs on Security

Researchers say they have identified the threat actor behind the massive “Collection #1” data dump which exposed hundreds of millions of credentials on a hacking forum in January. Recorded Future researchers said this weekend that an individual using the moniker “C0rpz” has claimed as early as Jan. 7 to be the original creator and seller of the Collection #1 data. The original database of breached emails – totalling 773 million unique email addresses –was discovered...

US-based casual dining and fast food restaurant chain Huddle House announced late Friday last week a security breach that impacted its point of sale (POS) system. "Criminals compromised a third-party point of sale (POS) vendor's data system and utilized the vendor's assistance tools to gain remote access-and the ability to deploy malware-to some Huddle House corporate and franchisee POS systems," Huddle House said in a security alert listed on its front page. Source: ZDNet

Avast (LSE:AVST), a global leader in cybersecurity products, and Barracuda Networks, Inc., a leading provider of cloud-enabled security solutions, today announce an agreement under which Barracuda will become a master reseller of Avast Business CloudCare, Avast Management Console and Avast Antivirus Security solutions. “Small to mid-size businesses are currently underserved by the market as security systems tend to be targeted to the needs of larger enterprises. Through Avast’s 30 years of cybersecurity expertise, we have...

Reading & Farnborough 4 February 2019. SecureCloud+, a trusted provider of next-generation secure information systems to government and defence, has been contracted by the Royal Air Force to deliver network collaboration services for Team Tempest. Team Tempest is a global network of international partners formed by the Royal Air Force Rapid Capability Office (RCO) along with BAE Systems, Rolls Royce, MBDA and Leonardo. SecureCloud+ is the only SME to be part of the team, which...

A 20-year-old college student who stole cryptocurrency worth more than $5 million by hijacking victims' phone numbers has pleaded guilty and accepted a sentence of 10 years in prison. Ortiz was arrested last year on charges of siphoning millions of dollars in cryptocurrency from around 40 victims using a method commonly known as "SIM swapping," which typically involves fraudulently porting of the same number to a new SIM card belonging to the attacker. Source: The...