Eight Arrested in Africa-Based Cybercrime and Business Email Compromise Conspiracy
Dissent
https://www.databreaches.net/eight-arrested-in-africa-based-cybercrime-and-business-email-compromise-conspiracy/
Excerpt:
“In accordance with the Justice Department’s recent efforts to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens, the Department announced Operation Keyboard Warrior, an effort coordinated by United States and international law enforcement to disrupt online frauds perpetrated from Africa. Eight individuals have been arrested for their roles in a widespread, Africa-based cyber conspiracy that allegedly defrauded U.S. companies and citizens of approximately $15 million since at least 2012.”
Mobile is the new frontier for malicious bots
https://www.helpnetsecurity.com/2018/06/28/mobile-malicious-bots/
Excerpt:
“Distil Networks analyzed over 100 million mobile devices on its networks. The findings suggest that sophisticated cybercriminals and bot operators now implement a new technique—leveraging mobile devices – to avoid detection and execute a number of nefarious acts. At this time, 5.8 percent of all mobile devices across six major cellular networks are used in such automated attacks and represent eight percent of all bad bot traffic.”
Bot-driven credential abuse, DDoS attacks continue to rise
https://www.helpnetsecurity.com/2018/06/26/bot-driven-credential-abuse/
Excerpt:
“Cybersecurity defenders face increasing threats from organisations in the form of bot-based credential abuse targeting the hospitality industry and advanced DDoS attacks, according to Akamai.”
141 arrested in worldwide crackdown on airline fraud
https://www.europol.europa.eu/newsroom/news/141-arrested-in-worldwide-crackdown-airline-fraud
Excerpt:
“Europol coordinated raids at European airports, targeting criminals trying to travel using fraudulently bought tickets.”
Android Gets New Anti-Spoofing Feature to Make Biometric Authentication Secure
Mohit Kumar
https://thehackernews.com/2018/06/android-biometric-authentication.html
Excerpt:
“Google just announced its plan to introduce a new anti-spoofing feature for its Android operating system that makes its biometric authentication mechanisms more secure than ever.”
Dude Gets 20 Years in the Slammer for Attempting to Hijack Domain at Gunpoint
Catalin Cimpanu
https://www.bleepingcomputer.com/news/legal/dude-gets-20-years-in-the-slammer-for-attempting-to-hijack-domain-at-gunpoint/
Excerpt:
“An Iowa man will go to prison for the next 20 years after he attempted to hijack an Internet domain at gunpoint, tased and shot the victim, and got shot back himself.”
Black River Medical Center employee falls for phishing scam; breach ensues
Filip Truta
https://securityboulevard.com/2018/06/black-river-medical-center-employee-falls-for-phishing-scam-breach-ensues/
Excerpt:
“An affiliate of Saint Francis Healthcare System, Black River is a community-owned, not-for-profit hospital in Missouri, US. On April 23, the hospital discovered that a staffer fell for a phishing scam and had his / her email account compromised. From there, the attacker could use those credentials to access sensitive patient information.”
Ham-fisted hacker gets jail time for serial DDoS attacks
Tomáš Foltýn
https://www.welivesecurity.com/2018/06/21/ham-fisted-cybercriminal-gets-jail-time-serial-ddos-attacks/
Excerpt:
“A 23-year-old man from Arizona, USA, was sentenced to 20 months in jail for launching distributed denial of service (DDoS) attacks at the computer networks of Madison, the capital of Wisconsin, three years ago that caused outages to the city’s emergency communications systems and other services, according to a press release by the US Department of Justice.”
Adidas fans hit by phishing scam
Luana Pascu
https://hotforsecurity.bitdefender.com/blog/adidas-fans-hit-by-phishing-scam-20046.html
Excerpt:
“Why users always fall for the lamest phishing scams is beyond comprehension, but hackers take advantage of this weakness and hide their scheming behind the usual fake prizes and too-good-to-be-true giveaways. This time, it was Adidas’ turn to feature in a major phishing scam that targeted users in specific regions.”
Disruptive technologies in fintech to watch
https://www.helpnetsecurity.com/2018/06/21/disruptive-technologies-fintech/
Excerpt:
“Juniper Research has revealed the top 10 technologies set to disrupt the fintech industry in 2018 and 2019.”
Vulnerabilities in these IoT cameras could give attackers full control, warn researchers
Danny Palmer
https://www.zdnet.com/article/vulnerabilities-in-these-iot-cameras-could-give-attackers-full-control-warn-researchers/
Excerpt:
“Vulnerabilities in almost 400 models of internet connected video camera by one manufacturer could allow attackers to take remote control of devices for use as a surveillance tool with the ability to snoop on any audio or video it recorded.’
SamSam ransomware: controlled distribution for an elusive malware
https://blog.malwarebytes.com/threat-analysis/2018/06/samsam-ransomware-controlled-distribution/
Excerpt:
“SamSam ransomware has been involved in some high profile attacks recently, and remains a somewhat elusive malware. In its time being active, SamSam has gone through a slight evolution, adding more features and alterations into the mix. These changes do not necessarily make the ransomware more dangerous, but they are added to make it just a bit more tricky to detect or track as it is constantly changing.
75% of Malware Uploaded on “No-Distribute” Scanners Is Unknown to Researchers
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/75-percent-of-malware-uploaded-on-no-distribute-scanners-is-unknown-to-researchers/
Excerpt:
“Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time.”
Cancer Center Fined $4.3M for HIPAA Violations Involving Data Breaches
David Bisson
https://www.tripwire.com/state-of-security/regulatory-compliance/hipaa/cancer-center-fined-4-3m-for-hipaa-violations-involving-three-data-breaches/
Excerpt:
“A cancer center received an order to pay $4.3 million in a settlement for HIPAA violations that involved multiple data breaches.”
DHS, FBI published a join alert including technical details of Hidden Cobra-linked ‘Typeframe’ Malware
Pierluigi Paganini
https://securityaffairs.co/wordpress/73646/apt/hidden-cobra-malware-2.html
Excerpt:
“A new joint report published by US DHS and FBI made the headlines, past document details TTPs associated with North Korea-linked threat groups, tracked by the US government as Hidden Cobra.”
French authorities take down ‘Black Hand’ dark web forum selling narcotics, weapons, stolen banking data
Filip Truta
https://hotforsecurity.bitdefender.com/blog/french-authorities-take-down-black-hand-dark-web-forum-selling-narcotics-weapons-stolen-banking-data-20040.html
Excerpt:
“The French Minister of Public Action has announced the dismantling of the “Black Hand” forum, a marketplace on the French dark web selling drugs, weapons, stolen credit cards and other illicit goods and services.”
Banco de Chile admits losing $10 million in disk-wiping malware attack
Luana PASCU
https://hotforsecurity.bitdefender.com/blog/banco-de-chile-admits-losing-10-million-in-disk-wiping-malware-attack-20031.html
Excerpt:
“Banco de Chile, the second largest bank in the country, released a public statement confirming a major malware attack that breached its computer systems on May 24, shutting down bank operations. The hackers used a disk-wiping malware to cause the outage in order to distract attention from their original target – the SWIFT money transferring system.”
Worldwide cloud IT infrastructure revenues continue to grow
https://www.helpnetsecurity.com/2018/06/25/worldwide-cloud-it-infrastructure-revenues/
Excerpt:
“Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew 45.5% year over year in the first quarter of 2018 (1Q18), reaching $12.9 billion. IDC also raised its forecast for total spending on cloud IT infrastructure in 2018 to $57.2 billion with year-over-year growth of 21.3%.”
Multipurpose Trojan MysteryBot Targets Android Devices
Lucian Constantin
https://securityboulevard.com/2018/06/multipurpose-trojan-mysterybot-targets-android-devices/
Excerpt:
“Cybercriminals have a new Android malware program in their toolbox called MysteryBot that can serve multiple purposes: banking Trojan, keylogger and ransomware.”
Global IoT tech spending to reach $1.2 trillion in 2022
https://www.helpnetsecurity.com/2018/06/19/iot-tech-spending/
Excerpt:
“IDC forecasts IoT spending will experience a compound annual growth rate (CAGR) of 13.6% over the 2017-2022 forecast period and reach $1.2 trillion in 2022. The forecast is based on the latest research in the burgeoning IoT technology market, which offers business investment opportunities across a spectrum of industries and illuminated through use case implementations.”
Early detection of compromised credentials can greatly reduce impact of attacks
https://www.helpnetsecurity.com/2018/06/19/detect-compromised-credentials/
Excerpt:
“According to Blueliv’s credential detection data, since the start of 2018 there has been a 39% increase in the number of compromised credentials detected from Europe and Russia, compared to the same period in 2017 (January-May). In fact, Europe and Russia are now home to half of the world’s credential theft victims (49%).”
DDoS attack aimed at Mexican opposition presidential candidate website during debate
Teri Robinson
https://www.scmagazineuk.com/ddos-attack-aimed-mexican-opposition-presidential-candidate-website-during-debate/article/1486722
Excerpt:
“A distributed denial of service (DDoS) attack on the website opposing a Mexican presidential candidate Tuesday during a debate, renewed fears that elections around the globe are vulnerable.”
Apple prohibits developers from using, selling users’ Contacts
Zeljka Zorz
https://www.helpnetsecurity.com/2018/06/14/apple-user-contacts-privacy/
Excerpt:
“According to new rules recently published by Apple, iOS app developers must refrain from creating a database of the information gleaned from users’ Contacts and to sell it on.”
The challenges of securing mobile workers and keeping data secure
Mirko Zorz
https://www.helpnetsecurity.com/2018/06/15/securing-mobile-workers/
Excerpt:
“Recently, Apricorn announced new research highlighting that 95 percent of surveyed organisations in the UK recognise problems with mobile and remote working, and nearly one in five (18%) suggest their mobile workers don’t care about security.
US government report highlights gaps in battle against botnets
Tomáš Foltýn
https://www.welivesecurity.com/2018/06/13/us-report-highlights-battle-botnets/
Excerpt:
“The United States’ Department of Homeland Security and Department of Commerce have released a joint report aimed at identifying actions to reduce threats posed by botnets.”
Dixons Carphone hit by huge data breach: Attackers access 5.9 million card details
Danny Palmer
https://www.zdnet.com/article/dixons-carphone-falls-victim-to-huge-data-breach-attackers-accessed-5-9-million-customer-card/
Excerpt:
“Electronics retailer Dixons Carphone has suffered a massive data breach, with attackers accessing 5.9 million customer payment-card details and a further 1.2 million records containing personal information.”
IoT connections to grow 140%, will reach 50 billion by 2022
https://www.helpnetsecurity.com/2018/06/14/iot-connections-2022/
Excerpt:
“New data has revealed that the total number of connected IoT sensors and devices is set to exceed 50 billion by 2022, up from an estimated 21 billion in 2018.”
Don’t start the blockchain revolution without making security a top priority
https://www.helpnetsecurity.com/2018/06/14/blockchain-security-priority/
Excerpt:
“McAfee released a report detailing the numerous cybersecurity risks associated with blockchain-based cryptocurrencies, and asserts the necessity of making cybersecurity a top priority as industry builds out the foundations for the widespread implementation of blockchain technologies.”
Researcher hacks smart fingerprint padlock in mere seconds
Zeljka Zorz
https://www.helpnetsecurity.com/2018/06/14/tapplock-one-hack/
Excerpt:
“The Tapplock one “smart” padlock, which received many rave reviews by tech-focused news sites and YouTubers, can be forced to open in under two seconds with a smartphone.”
Ethereum "Giveaway" Scammers Have Tricked People Out of $4.3 Million
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/ethereum-giveaway-scammers-have-tricked-people-out-of-43-million/
Excerpt:
“Online crooks promoting fake "giveaways" have tricked people out of 8,148 Ether, currently worth around $4.3 million, according to statistical data compiled in EtherScamDB.”
French company fined 250,000 euros for a data leak
Zeljka Zorz
https://www.helpnetsecurity.com/2018/06/12/optical-center-data-leak/
Excerpt:
“CNIL, the French data protection authority, has decided to impose a 250,000 euro fine on Optical Center, a French company selling eye and hearing aids, because it failed to secure the data of customers that ordered products via its website.”
Password reset flaw at internet giant Frontier allowed account takeovers
Zack Whittaker
https://www.zdnet.com/article/password-reset-flaw-at-frontier-allowed-account-takeovers/
Excerpt:
“A bug in how cable and internet giant Frontier reset account passwords allowed anyone to take over user accounts.”
Search Engines in Russia cannot link to banned VPN services and Internet proxy services
Pierluigi Paganini
https://securityaffairs.co/wordpress/73390/digital-id/russia-censorship-search-engines.html
Excerpt:
“Russian Government has approved a new bill to punish search engines that are not aligned with Moscow and that allows its users to find VPN services, and anonymization tools that allow circumventing the censorship.”
Protecting consumers from mobile and IoT threats
https://www.helpnetsecurity.com/2018/06/12/protecting-consumers-mobile-iot-threats/
Excerpt:
“A new report by Allot Communications revealed a dynamic and automated threat landscape in which consumers lack the security expertise to effectively protect themselves.”
Wi-Fi phishing attacks discovered around Atlanta City Hall
https://www.helpnetsecurity.com/2018/06/08/wi-fi-phishing-attacks/
Excerpt:
“As Atlanta continues to fully recover from March’s ransomware attack, new evidence discovered today by Coronet reveals hundreds of active Wi-Fi phishing attacks currently ongoing both inside of and in close proximity to Atlanta City Hall.”
Three Rhode Island State Agencies Affected by Malware Attack
David Bisson
https://securityboulevard.com/2018/06/three-rhode-island-state-agencies-affected-by-malware-attack/
Excerpt:
“A malware attack affected computing devices owned and operated by three state agencies in Rhode Island, confirmed the State’s digital security teams.”
Traffic manipulation and cryptocurrency mining campaign compromised 40,000+ machines
Zeljka Zorz
https://www.helpnetsecurity.com/2018/06/07/operation-prowli/
Excerpt:
“Unknown attackers have compromised 40,000+ servers, networking and IoT devices around the world and are using them to mine Monero and redirect traffic to websites hosting tech support scams, malicious browser extensions, and so on.”
Masterminds behind CEO fraud ring arrested after causing more than EUR 18 million of damage
https://www.europol.europa.eu/newsroom/news/masterminds-behind-ceo-fraud-ring-arrested-after-causing-more-eur-18-million-of-damage
Excerpt:
“On 28 May the French National Gendarmerie - Section de Recherches of Bordeaux, supported by the Israeli authorities and Europol, arrested the main suspects of an organised crime group behind a total of 24 cases if CEO fraud across Europe to the detriment of Belgian and French-based commercial companies, causing more than EUR 18 million worth of damage.”
Your iPhone is tracking your movements and storing your favorite locations all the time
Adrian Kingsley-Hughes
https://www.zdnet.com/article/your-iphone-is-tracking-your-movements-and-storing-your-favorite-locations-all-the-time/#ftag=RSSbaffb68
Excerpt:
“It comes as a surprise to many to discover that their iPhone is collecting a detailed history of places you visit on a regular basis. Here's how you can find out what information your iPhone has on you, along with ways you can take control of it, or even delete it completely.”
Ticketfly got hacked, user data was leaked
Zeljka Zorz
https://www.helpnetsecurity.com/2018/06/01/ticketfly-hack/
Excerpt:
“Ticketfly, a ticket distribution service owned by event management and ticketing pioneer Eventbrite, appears to have been hacked.”
Read full article
