Major cybersecurity events on 31st December 2020 (Morning Post): Ticketmaster pays $10 million criminal fine for intrusions into competitor’s computer systems. CISA demands US govt agencies to update SolarWinds Orion software. New worm turns Windows, Linux servers into Monero miners.Continue readingGoogle Docs bug allow hackers to hijack screenshots, T-Mobile breach exposes phone numbers, and more
Category: Emotet
Major cybersecurity events on 28th December 2020 (Morning Post): Misconfigured AWS Bucket exposes hundreds of social influencers. Kaspersky Lab and Yandex detects malicious browser extensions including Frigate Light, Frigate CDN and SaveFrom. Fake Amazon gift card emails deliver the malware.Continue readingiCloud outage causes account activation failure, GoDaddy apologizes for insensitive phishing email, and more
Major cybersecurity events on 23rd December 2020 (Morning Post): UK cryptocurrency exchange EXMO suffers breach, funds stolen. Ransomware downed UVM Medical Center systems, no payments have been made. New marketing campaign emerges against UK subway, using TrickBot malware.Continue readingUS warns of COVID-themed phishing, fraud schemes, Emotet campaign returns after 7-week hiatus, and more
Major cybersecurity events on 15th December 2020 (Evening Post): WhatsApp denies that its encrypted data can be hacked by Pegasus, an Israeli spyware. Wormable Gitpaste-12 botnet returns to target Linux servers, IoT devices. ‘PGMiner’ crypto-mining botnet abuses PostgreSQL for distribution.Continue readingOver 45 million medical images leaked online, Twitter fined €450,000 for GDPR breach, and more
Major cybersecurity events on 23rd November 2020 (Morning Post): Manchester United football club discloses security breach, October Mumbai power outage may be due to a cyber attack, Threat actor selling list of 49k+ systems vulnerable to Fortinet SSL VPN vulnerability.Continue readingManchester United football club discloses security breach, October Mumbai power outage may be due to a cyber attack, Threat actor selling list of 49k+ systems vulnerable to Fortinet SSL VPN vulnerability
Major cybersecurity events on 11th November 2020 (Evening Post): Antivirus software flags Dell printer drivers as malware, blocks installation. Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal. Patched Ubuntu desktop vulnerability allows privilege escalation.Continue readingLTO data leak involves car registrations, Ragnar Locker gang uses Facebook ads to extort victims, and more
Major cybersecurity events on 9th November 2020 (Evening Post): Housing association in East Anglia struck by Sodinokibi ransomware, leaks unknown volume of employee, customer data. E-commerce software platform X-Cart suffers ransomware attack, forces shut down of e-stores. Continue readingPrestige Software S3 buckets expose 10M personal files, Emotet, TrickBot top malware charts, and more
Major cybersecurity events on 3rd November 2020 (Evening Post): Emotet soars over 1200% between Q2 and Q3 of this year, warns HP Inc. FireEye releases ThreatPursuit pre-configured virtual machine, to help threat intelligence analysts hunt down adversaries. Russian hacker jailed for $100M botnet fraudulent scheme.Continue reading12% ICS security incidents by nation-state actors, Ransomware gangs return, target healthcare, and more
Major cybersecurity events on 3rd November 2020 (Morning Post): Microsoft Tips leaks images of new Windows 10 screens, dialogs using rounded corners. US city fined $200k for failing to terminate former employee who later stole data. Over 250,000 malicious email attacks hit BBC, per day.Continue readingWakefern’s ShopRite fined $235K for negligence, UNC1945 uses Solaris 0-day to breach corporate networks, and more
Major cybersecurity events on 30th October 2020 (Morning Post): Mount Locker ransomware group leaks 18GB of leading security firm Gunnebo AB’s data. Brooklyn & Vermont hospitals are latest Ryuk ransomware victims. Threat actors continue to target Windows Zerologon flaw.Continue readingREvil targets video games, claims massive revenue, Emotet uses parked domains to deliver malware, and more