Tuesday, May 21, 2019
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...
Tripwire

Company Behind LeakedSource Pleads Guilty after RCMP Investigation

A company responsible for helping to operate LeakedSource.com has submitted a guilty plea following an investigation by the Royal Canadian Mounted Police (RCMP). On 17 May, Defiant Tech Inc. pleaded guilty to the charge of “trafficking in identity information...
Tripwire

Stack Overflow Discloses Digital Attack against Production Systems

Stack Overflow, a popular question and answer site for programmers, disclosed a digital attack in which bad actors accessed its production systems. Mary Ferguson, VP of Engineering at the company, publicly revealed the incident on 16 May. In a...
Tripwire

Magecart Used Same Skimmer against Two Web-Based Suppliers

Magecart threat actors used the same skimmer to target customer payment card information provided to two web-based suppliers. The first attack occurred at 15:56:42 GMT on 10 May when bad actors injected the skimmer into the bottom of a...
Tripwire

Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor

Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both created and executed the Plead backdoor using...
Tripwire

Global Information Services Company Discloses Malware Attack

A global information services company has disclosed a malware attack that affected several of its applications and platforms. On 6 May, global solutions provider Wolters Kluwer published a statement in which it confirmed that it was suffering network issues:...
Tripwire

Online Tutoring Program Reveals Customer Data Breach

An online tutoring program has revealed that it suffered a data breach in which an unauthorized individual compromised affected customers’ information. The Hacker News received a copy of a notice sent out by Wyzant to its customers informing them...
Tripwire

Fraudsters Targeting Consumers with One-Ring Phone Scams

Fraudsters are targeting consumers with one-ring phone scams that exploit people’s curiosity so as to trick them into paying exorbitant fees. According to the U.S. Federal Communications Commission (FCC), this scam oftentimes begins when a fraudster contacts an unsuspecting...
Tripwire

President Trump Signs EO to Bolster Federal Digital Security Workforce

President Trump has signed an executive order (EO) that seeks to bolster the U.S. federal government’s digital security workforce. On 2 May, President Trump authorized the “Executive Order on America’s Cybersecurity Workforce.” This directive sets out various actions designed...
Tripwire

Unprotected Database Exposed 13.7M Users’ Employment Information

An unprotected database made it possible for anyone on the web to view the personal and employment information of 13.7 million users. Security researcher and GDI Foundation member Sanyam Jain discovered the database and determined that it belonged to...
Tripwire

$9.8M Settlement to Eddie Bauer Data Breach Filed in Federal Court

A Washington federal court has received a $9.8 million settlement that would resolve a data breach class-action lawsuit filed against Eddie Bauer. Filed on 26 April, the proposed settlement is the product of two years of litigation between Eddie...
Tripwire

Unprotected Database Exposed Details of Over 80 Million U.S. Households

Security researchers found an unprotected database stored on the cloud that contained detailed information of over 80 million U.S. households. vpnMentor’s Noam Rotem and Ran Locar discovered the unprotected database hosted on a Microsoft cloud server during the course...
Tripwire

Fraudster Posed as Jason Statham to Prey Upon Star-Struck Users

A digital fraudster posed as English actor and film producer Jason Statham to prey upon and steal money from star-struck users. A woman who asked not to be named said the scam began when someone posing as Statham contacted...
Tripwire

Washington State Legislature Passes New Data Breach Law

The Washington legislature has passed a bill that effectively expands the state’s consumer data breach notification requirements. Previously, Washington-based organizations needed to notify consumers of a data breach only in the event that the security incident exposed users’ names...
Tripwire

Bodybuilding.com Suffered Security Incident Potentially Involving Customer Info

American online retailer Bodybuilding.com suffered a security incident that might have exposed customers’ personal information. In February 2019, Bodybuilding.com learned of an instance where unknown actors gained unauthorized access to its systems. The fitness platform responded by retaining a...
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...
isBuzz

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...