News

Many Canadians were surprised this weekend when their phones were buzzed by an incoming spam text from an unexpected political source. The Conservative Party of Canada mass-texted millions of randomly generated phone numbers in Saskatchewan, Manitoba, Ontario and New Brunswick, telling recipients that gasoline prices were about to spike, and they should fill up. The texts were meant to drum up political opposition to the Trudeau government's carbon tax, which came into effect Monday in...

Kaspersky says the majority of attacks are not targeted at control systems, but they could still exploit vulnerabilities. Phishing emails with malicious attachments are the main attack vector for penetrating industrial enterprises, according to a report by Kaspersky, which says the type of attack has become “route for workstations in the industrial sphere.”The phishing emails are “carefully crafted”, and appear to be sent from real companies masked as business correspondence, including commercial offers, invitations to...

More than a few restaurant-goers in the US will want to check their bank statements. Earl Enterprises has confirmed that hackers used point-of-sale malware to scoop up credit and card data at some of its US restaurants between May 2018 and March 2019, including virtually all Buca di Beppo locations, a few Earl of Sandwich locations and Planet Hollywood's presences in Las Vegas, New York City and Orlando. It's a fairly large data breach -  KrebsOnSecurity discovered that a...

The UK has one of the world’s leading digital economies, making it more vulnerable to cyber-attacks from hostile countries, criminal gangs and individuals, which continue to increase and evolve as it becomes easier and cheaper to launch attacks. The Cabinet Office leads this work, through successive National Cyber Security Strategies published in 2011 and 2016; and separate National Cyber Security Programmes designed to help deliver each Strategy between 2011-2016 and currently between 2016-21. Source: Parliament

A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it.A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors. Source: ThreatPost

Toyota Motor Corp. has announced a new data breach involving the theft of customer details from its dealerships in Japan, its second data breach in five weeks. The new breach is believed to affect 3.1 million customers and involved the theft of data including customer names, addresses, birthdates, government identification numbers and employment information, but not credit card details. Source: SiliconAngle

Group-IB researchers uncovered the malware that casts a wide net and is complete with fully automated features designed to steal both fiat and crypto currency from user accounts by leveraging a device’s Accessibility Service mode to bypass security bank features. Gustuff has the potential to target users of more than 100 banking apps and is equipped with phishing pages to designed to trick Android users surfing the apps of major banks, including Bank of America,...

Trend Micro researchers have been following a new type of a phishing campaign that utilizes the watering hole technique to acquire login credentials from victims. Given the name “Soula”, this new campaign was found to target popular South Korean websites that are among the top 300 most visited in the country, and thus are considered especially trustworthy by their visitors. The infection of the websites is done through the injection of a JavaScript code that...

Tweets have been circulating saying that you can trigger a cool new Twitter feature – colored tweets in a sort-of rainbow theme – simply by changing your birthday to 2007.Easter eggs have a bit of a cult following with programmers and technical users – Microsoft Excel famously included hidden games until the company’s Trustworthy Computing initiative rightfully banned the practice as being a likely source of risky bugs from improperly tested code.In this case, the...

The fear of being hacked was allegedly the hook used by Office Depot, its subsidiary OfficeMax and a California-based tech-support vendor to dupe customers into paying for computer repair and technical services they didn't need, according to the Federal Trade Commission.Although not admitting any wrongdoing, Office Depot and California-based Support.com have agreed to pay $35 million to settle the claim that they deceived customers into believing their computers were infected with malicious malware and vulnerable...