Botnet Breach Cyber Security DDoS Malware Ransomware RAT TrickBot Trojan Vulnerability

9M EasyJet customers details exposed, Mirai, Hoaxcalls target Symantec, Bluetooth vulnerability exposes billions of devices, and more

Major cybersecurity events on 19th May 2020 (evening post): PsyGenics, Inc. sends notice to potentially impacted customers after email incident. DoS attacks skyrocket, espionage dips according to Verizon’s 2020 Data Breach Investigations Report. Magecart malware stole card details, evaded security scans for 8 months.

Round Up of Major Breaches and Scams

Likely Breach Shuts Down Arkansas Unemployment Program

Gov. Asa Hutchinson said he learned Friday evening that an applicant for the program is believed to have somehow accessed the system, prompting an investigation of a possible data breach. The probe will determine if any personal data from applicants was obtained. If any individuals had their data compromised, they will be notified and steps will be taken to address the situation, including possible credit monitoring, Hutchinson said.

PsyGenics, Inc. Provides Notice of Email Incident

PsyGenics, Inc. is providing notice of an incident that may affect the security of certain PsyGenics customers.  While PsyGenics is unaware of any attempted or actual misuse of this information, notice is being provided to potentially affected individuals, as well as certain federal regulators.

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

Denial-of-service (DoS) attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report (DBIR) released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals.

Report: Israel behind cyberattack on Iranian port

US and foreign government officials say that an attack last week on an Iranian port facility appears to have originated with Israel, The Washington Post reported on Monday. The attack on May 9 targeted the shipping traffic at Iran’s Shahid Rajaee port terminal. Computers that regulate the flow of vessels, trucks and goods all crashed at once, creating massive backups on waterways and roads leading to the facility.

EasyJet hack impacts nine million passengers

The personal details of nine million customers of budget airline EasyJet have been accessed by hackers in what the budget airline is describing as a “highly sophisticated attack.” The email addresses and travel details of nine million passengers are thought to have been accessed by the hackers, as well as the credit card details of 2,208 customers.

GDPR what? European Parliament breach exposes data of 1000s of people

Data breaches in the European Union are subject to a law named the General Data Protection Regulation (GDPR). While usually, you have firms that would comply with them seeing the power of the regulatory authorities and hefty fines, what happens when those that are the lawmakers get caught under the grasp of the act in itself?

Round Up of Major Malware and Ransomware Incidents

Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months

A card-skimming Magecart malware infection lingered on a British outdoor clothing retailer’s website without detection for nearly eight months despite regular security scans. London-based Páramo told customers last week that it had discovered a “small piece of computer code covertly installed within our website”.

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways

Round Up of Major Vulnerabilities and Patches

FBI warns about attacks on Magento online stores via old plugin vulnerability

The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers’ payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October, last year.

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.