Daily NCSC-FI news followup 2019-07-05

Google Chrome to Unload Heavy Ads With Intensive Resource Usage

www.bleepingcomputer.com/news/google/google-chrome-to-unload-heavy-ads-with-intensive-resource-usage/ Google is currently working on adding a new feature to the Chrome web browser designed to automatically unload ads which use an outrageous amount of system resources in an effort to shrink the browser’s CPU and network footprint.

Samsung Update App with 10M+ Installs Charges for Free Firmware

www.bleepingcomputer.com/news/security/samsung-update-app-with-10m-installs-charges-for-free-firmware/ An Android app with over 10 million installations on Google Play attempts to trick Samsung phone users into paying for their firmware updates, which are available free of charge from the vendor.

Automated Magecart Campaign Hits Over 960 Breached Stores

www.bleepingcomputer.com/news/security/automated-magecart-campaign-hits-over-960-breached-stores/ A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security.

Over $800,000 Stolen by Scammers in Atlanta Area City BEC Fraud

www.bleepingcomputer.com/news/security/over-800-000-stolen-by-scammers-in-atlanta-area-city-bec-fraud/ Over $800,000 were stolen from the City of Griffin, Georgia, by scammers in a BEC (Business Email Compromise) attack by redirecting two transactions to their own bank accounts according to local media sources.

The Week in Ransomware – July 5th 2019 – Shadiness in the Sunshine State

www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-5th-2019-shadiness-in-the-sunshine-state/ This week is a double edition covering the ransomware news between June 22nd and July 5th.

Maryland Govt Agency Breach Exposes Names, SSNs of 78K People

www.bleepingcomputer.com/news/security/maryland-govt-agency-breach-exposes-names-ssns-of-78k-people/ The Maryland Department of Labor (Maryland DoL) published a press release today explaining that sensitive information of roughly 78,000 customers including names and social security numbers was accessed by an unauthorized party.

7-Eleven Japanese customers lose $500,000 due to mobile app flaw

www.zdnet.com/google-amp/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/ Hackers exploit 7-Eleven’s poorly designed password reset function to make unwanted charges on 900 customers’ accounts.. However, in a mind-boggling turn of events, the app contained a password reset function that was incredibly poorly designed. It allowed anyone to request a password reset for other people’s accounts, but have the password reset link sent to their email address, instead of the legitimate account owner.

Croatian government targeted by mysterious hackers

www.zdnet.com/article/croatian-government-targeted-by-mysterious-hackers/ Government agencies targeted with never before seen malware payload named SilentTrinity.

UK’s largest police forensics lab paid ransom demand to recover locked data

www.zdnet.com/article/uks-largest-police-forensics-lab-paid-ransom-demand-to-recover-locked-data/ Eurofins Scientific has already recovered from the incident. Didn’t say how much it paid hackers.

You might be interested in …

Daily NCSC-FI news followup 2020-07-28

Älykelloissa käytettävät Garmin-sovellukset toimivat jälleen usean päivän jälkeen yhtiö myöntää olleensa kyberhyökkäyksen kohde yle.fi/uutiset/3-11467797 Muun muassa älykelloja valmistava Garmin myöntää olleensa kyberhyökkäyksen kohteena. Yhtiön mukaan sen sovellukset olivat maanantaina palaamassa jälleen toimintaan usean päiävän käyttökatkon jälkeen. Niiden pitäisi palautua normaaleiksi muutaman päivän kuluessa. Lisäksi www.forbes.com/sites/barrycollins/2020/07/28/garmin-risks-repeat-attack-if-it-paid-10-million-ransom/ ja www.tivi.fi/uutiset/tv/5beb6fe2-dc58-4e3b-9494-0ab3284c8ffd. ja www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/. Lisäksi arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/ ja www.is.fi/digitoday/tietoturva/art-2000006584082.html ja www.zdnet.com/article/garmin-begins-to-restore-garmin-connect-features-services. […]

Read More

Daily NCSC-FI news followup 2020-11-14

Schools Struggling to Stay Open Get Hit by Ransomware Attacks www.wsj.com/articles/my-information-is-out-there-hackers-escalate-ransomware-attacks-on-schools-11605279160?mod=djemalertNEWS Districts around the U.S. are fighting a wave of increasingly aggressive hackers, who are publicly posting sensitive student information. Based on searches of hackers’ sites on the dark weba network of websites accessed through special software that gives users anonymityas well as publicly known […]

Read More

Daily NCSC-FI news followup 2019-09-25

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/ Hackers can inject system commands via version 5 of software, no patch available. An anonymous bug hunter has publicly disclosed a zero-day flaw in the version 5 of the popular vBulletin forum software than can be exploited over the internet to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.