Tuesday, March 19, 2019
Tripwire

New Sextortion Scam Tries to Scare Users with Fake CIA Investigation

Extortionists have launched a new sextortion scam campaign that leverages a fake Central Intelligence Agency (CIA) investigation to try to scare users. In an email I obtained from a wary user, the scammers pose as a fake CIA technical...
Tripwire

Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware

A spam campaign is using two recent crashes involving Boeing 737 Max aircraft to distribute malware to unsuspecting users. Discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, the campaign sends out attack emails...
Tripwire

Attackers Sending Fake Copyright Infringement Notices to Instagram Users

Digital attackers are targeting high-profile Instagram users with fake copyright infringement notifications in a bid to hijack their accounts. Detected by Kaspersky Lab, this scheme begins when an Instagram influencer receives an email notification informing them that their “account...
Tripwire

Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab

Digital attackers are sending out fake flu warnings that appear to come from the U.S. Center for Disease Control (CDC) in order to distribute GandCrab ransomware. An attack begins when a user receives a fake CDC email. The sender...
Tripwire

Kathmandu Notifies Customers of Security Incident Involving Its Website

Outdoor apparel and equipment retail chain Kathmandu said it’s in the process of notifying customers about a security incident involving its website. On 13 March, Kathmandu released a notification disclosing how the company became aware of the security incident...
Tripwire

New Sextortion Scam Says Adult Sites Infected Victims with Malware

A new sextortion scam is informing victims that their computers suffered a malware infection after they visited an adult website. In this latest ruse, digital criminals claim that they infected a user with malware after they visited a child...
Tripwire

STOP Ransomware Variant Installing Azorult Infostealer

A variant of the STOP ransomware family is downloading the Azorult infostealer onto victim’s machines as part of its infection process. Security researcher Michael Gillespie was the first to detect this malicious activity. While testing some of the crypto-malware...
Tripwire

Vulnerabilities in Two Smart Car Alarm Systems Affected 3M Vehicles

Two smart car alarm systems suffered from critical security vulnerabilities that affected upwards of three million vehicles globally. Researchers at Pen Test Partners independently assessed the security of products developed by Viper and Pandora, two of the world’s largest...
Tripwire

Various Membership Plans Offered by Jokeroo Ransomware-as-a-Service

The Jokeroo ransomware-as-a-service (RaaS) offers various membership plans through which would-be digital criminals can become affiliates. In his analysis of the ransomware-as-a-service, Bleeping Computer creator and owner Lawrence Abrams found that Jokeroo differs from similar platforms in that it...
Tripwire

New CryptoMix Clop Ransomware Variant Claims to Target Networks

A new variant of the CryptoMix Clop ransomware family claims to target entire networks instead of individual users’ machines. Security researcher MalwareHunterTeam discovered the variant near the end of February 2019. In their analysis of the threat, they noticed...
Tripwire

TikTok Fined $5.7M for Illegally Collecting Children’s Personal Data

TikTok has agreed to pay a penalty of $5.7 million in order to settle allegations that it illegally collected children’s personal data. The penalty effectively settles a complaint submitted by the U.S. Federal Trade Commission against TikTok alleging that...
Tripwire

Ring Doorbell Fixes Flaw that Allowed Attackers to Spy on, Inject Footage

Ring Doorbell has patched a flaw that allowed attackers to spy on and inject their own application footage, thereby undermining users’ home security. Researchers at Dojo, Bullguard’s Internet of Things (IoT) security team, discovered the vulnerability while performing an...
Tripwire

New ‘Farseer’ Malware Designed to Spy on Windows Users

Researchers have uncovered a new family of malware called “Farseer” that’s designed to conduct surveillance against Windows users. Discovered by Palo Alto Networks, Farseer works by using a technique known as “DLL sideloading” to drop legitimate, signed binaries to...
Tripwire

Online Bidding Phishing Schemes Targeting U.S. Government Contractors

A couple of phishing schemes are currently targeting contractors who do business with two U.S. federal government agencies. Anomali Labs uncovered a malicious server hosting the two schemes in late February 2019. The first scheme begins when users visit...
Tripwire

Proposed Bill Would Strengthen California’s Data Breach Notification Law

A new bill would strengthen California’s data breach notification law by expanding the types of information of whose exposure businesses are legally obligated to inform their customers. On 21 February, California Attorney General Xavier Becerra and Assembly Member Marc...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.