News

The Emotet malware gang is now using a tactic that has been previously seen used by nation-state hackers. The group has been spotted this week reviving old email conversation threads and injecting links to malicious files. Users involved in the previous email exchanges would receive an email spoofed to appear from one of their previous correspondents, but actually coming from Emotet servers. The email conversation thread would be left intact, but the Emotet gang would...

Organised crime groups are using computer games to recruit teenagers to become the next generation of cybercriminals, police say. Detectives believe that young people with autism are most at risk of being groomed by gangs online, with four in five cybercriminals now coming from a background in gaming.Source: The Times

Julian P. Assange, 47, the founder of WikiLeaks, was arrested today in the United Kingdom pursuant to the U.S./UK Extradition Treaty, in connection with a federal charge of conspiracy to commit computer intrusion for agreeing to break a password to a classified U.S. government computer. According to court documents unsealed today, the charge relates to Assange’s alleged role in one of the largest compromises of classified information in the history of the United States.Source: United...

Greenville, N.C., has effectively been knocked offline by a ransomware attack with the city IT department having shut down the majority of its servers to limit the extent of the attack. In a Facebook post city officials said the incident began on April 10 and TheReflector.com reported a city spokesperson a ransom note was received but did not reveal further details on that aspect of the situation. Additionally, the city has brought in cybersecurity help...

Low paydays in the first trimester of the year have prompted scammers in the sextortion email business to switch to new tricks to restore the revenue stream of the not too distant past. Between August 30 and October 5 last year, operators of the 'Aaron Smith' sextortion email campaigns made almost 150,000 in bitcoin (~23 BTC) from victims. Since the beginning of 2019, profits decreased to about $17,000 (~3.5 BTC).Source: Bleeping Computer

The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets and the US is getting worried about it. This according to a report from US-Cert, which say that the group (also known as "Hidden Cobra") has a new piece of spyware capable of securely connecting to a control server and uploading pilfered files from infected machine. Known as "Hoplight," the malware...

Email automation and delivery service Mailgun was one of the many companies that have been hacked as part of a massive coordinated attack against WordPress sites. The attacks exploited an unpatched cross-site scripting (XSS) vulnerability in a WordPress plugin named Yuzo Related Posts. The vulnerability allowed hackers to inject code in vulnerable sites, which they later used to redirect incoming visitors to all sorts of nasties, such as tech support scams, sites peddling malware-laced software...

Two-thirds of hotel websites inadvertently leak guests’ personal data to third-party companies and leave customers vulnerable to hackers, a new report has revealed. Research by cyber security firm Symantec has found the majority of hotels use booking systems that could allow scammers to access information such as mobile phone numbers and passport details. The report found confirmation emails sent to customers often contain an unsecured direct link to their booking, meaning anyone on the same...

Security researchers discovered new vulnerabilities in the WPA3-Personal protocol which allow potential attackers to crack Wi-Fi network passwords and get access to the encrypted network traffic exchanged between the connected devices. According to a press release from the Wi-Fi Alliance, the devices impacted by these security vulnerabilities in the WPA3 Wi-Fi standard "allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable...

The Home Office has apologised to hundreds of EU citizens seeking settled status in the UK after accidentally sharing their details. It blamed an "administrative error" for sending an email that revealed 240 personal email addresses - a likely breach of the Data Protection Act. The department may now have to make an apology in Parliament. In a statement to BBC Radio 4's Today programme, it said it had since improved its systems and procedures....