Major cybersecurity events on 22nd December 2020 (Evening Post): Hackers break into US Treasury systems, steal essential encryption keys. CISA issues ICS Advisory for new vulnerabilities in Treck TCP/IP stack. Tech giants Microsoft, Google, Cisco support Facebook in case against spyware maker.Continue readingNOW: Pensions suffers 3rd party data breach, “Joker’s Stash” servers seized by law enforcement, and more
Category: Snooping
Major cybersecurity events on 8th December 2020 (Morning Post): DoppelPaymer ransomware operators hit Mexican facility of electronics giant Foxconn. Rana Android malware variant spies on instant messages in WhatsApp, Telegram, Skype. PS Now bugs let sites run malicious code on Windows PCs.Continue readingPhishing campaign targets 200M 365 accounts, Mercy Health fires employee over insider breach, and more
Major cybersecurity events on 30th November 2020 (Evening Post): Office 365 phishing campaign leverages Oracle and Amazon cloud services, A hacker is selling access to the email accounts of hundreds of C-level executives, Operators behind Dark Caracal are still alive and operational. Continue readingA hacker is selling access to the email accounts of hundreds of C-level executives, Operators behind Dark Caracal are still alive and operational, and more
Major cybersecurity events on 8th October 2020 (Morning Post): Chinese hackers suspected to be behind global cyber-espionage campaign targeting Russia, India. CISA warns state, local governments over Emotet phishing attacks. OceanLotus hackers inject malware in Windows error report.Continue readingMicrosoft 365 outage affects Outlook, Teams, Phishing lure cash in on info related to Trump’s health, and more
Major cybersecurity events on 7th October 2020 (Evening Post): Upcoming IRS Coronavirus relief payment deadlines lure convincing phishing attacks. Updated Valak malware variant makes “most wanted malware” list for the first time. ESET researchers discover largest conglomerate of banking trojans.Continue readingCop abuses police systems to snoop on girlfriend’s ex, UK firms under attack every 45 secs in Q3 2020, and more
Major cybersecurity events on 25th August 2020 (Evening Post): FINRA warns: Threat actors targeting users with fake sites try to steal sensitive information. Lazarus Group leverages LinkedIn job advertisements to target cryptocurrency firm. DeathStalker APT group targets financial sector.Continue readingDenmark top intelligence chief suspended for spying on citizens, Indian ticket vendor suffers breach, and more
Major cybersecurity events on 24th July 2020 (Morning Post): 29 fraudulent apps, part of the cyber-scheme Chartreuse Blur, detected and exposed, after 3.5 million downloads. ASUS home router bugs expose consumers to snooping attacks. IVG vulnerability allows attackers to brute-force into systems.Continue readingData of 17M CouchSurfing users leaked, Meow attack deletes 4000 unsecured databases, and more
Major cybersecurity events on 6th July 2020 (Evening Post): Multi-stage bitcoin scam leaks data personal data of 2,50,000 people. Russian MoFA Twitter account hijacked, data offered for sale. New, more sinister Mac ransomware infects Apple’s Mac computers.Continue readingDating apps breaches leak millions of sensitive data, Bug in LinkedIn iOS app resorts to clipboard snooping, and more
Major cybersecurity events on 29th June 2020: CloudSEK researcher reports 40,000 Indiamart suppliers’ data. Aspire News App, domestic violence assistance app, suffers data breach. Hackers threaten to leak beverage firm Lion’s stolen files, following a ransomware attack. Continue readingTikTok stops clipboard snooping after Apple exposes it, 5 million DeviceLock users’ data leaked, and more
Round Up of Major Breaches and Scams Comcast accidentally published 200,000 “unlisted” phone numbers Comcast mistakenly published the names, phone numbers, and addresses of nearly 200,000 customers who paid monthly fees to make their numbers unlisted. The names and numbers were made available on Ecolisting, a directory run by Comcast, and picked up by third-party directories.…Continue readingCloudSEK Daily Threat Bulletin – 12th March 2020