Round Up of Major Breaches and Scams
Cybercrime is one of the biggest concerns of the global populace, with fake news ranking highest among such risks, according to a new report from Lloyd’s Register Foundation. The UK charity, funded by the eponymous technical and business services organization, this week released the results of its first World Risk Poll, compiled from interviews with 150,000 individuals in 142 countries. Some 71% of respondents cited cybercrime as one of their biggest concerns, with almost all internet users fearful about some aspect of it.
US officials have outlined how criminal applications of blockchain technologies and cryptocurrency should be responded to through a new framework. While the possibilities of the blockchain are considered “breathtaking” prospects that could allow humans to “flourish,” the new “cryptocurrency enforcement framework” focuses on darker applications — such as the use of virtual assets in criminal enterprises.
A company that fired out more than 9,000 spam emails promoting face masks has been fined £40,000 by the UK Information Commissioner’s Office and ordered to stop doing it. “The ICO investigation found that the company was not involved in the business of supplying PPE, but that the director had decided to buy face masks to sell on at a profit,” the data regulator said in a statement. Studios MG Ltd, the offending firm, sent 9,000 emails on 30 April as the country grappled with its first national lockdown.
Cybercriminals have planted a payment card skimmer on the websites of several organizations using the Playback Now conference platform, Malwarebytes reported on Thursday. Playback Now enables organizations to record events and deliver the content via live streaming or on demand. It also provides a virtual conference hall and helps companies market their events. Malwarebytes researchers noticed that a server owned by Playback Now, which hosts conference materials for the company’s customers, was compromised.
Age UK has revealed that cybercriminals have been targeting older people, which has resulted in £100,000 stolen from older residents in Lancaster. A Freedom of Information requests filed to Action Fraud, the nation’s primary fraud reporting agency, found that Lancashire Constabulary filed 80 reports of cybercrime from April 2018 to March 2019 from residents age 55 and older. These cybercrime cases have resulted in £100,343 being stolen during this time.
Round Up of Major Malware and Ransomware Incidents
Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoing attacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September. This time, the threat actor is TA505, an adversary who is indiscriminate about the victims it attacks, with a history starting with the distribution of Dridex banking trojan in 2014.
A security researcher discovered that malicious apps for Fitbit devices can be uploaded to the legitimate Fitbit domain and users can install them from private links. With some social engineering, hackers could take advantage of this and trick users into adding apps to obtain the wealth of personal information typically collected from Fitbit device sensors or the phone. Fitbit develops fitness activity tracking wearables providing the user with metrics like number of steps walked or steps climbed, heart rate, sleep quality, along with activity history.
A new variant of a sophisticated Android locker family used an innovative sequence to load its ransom note on infected devices. On October 8, Microsoft Defender Research Team revealed that it had spotted a new Android locker variant using novel techniques to display its ransom note to its victims. This threat specifically targeted two components on Android devices: the “call” notification and
Round Up of Major Vulnerabilities and Patches
A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws could have allowed an attacker to “fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.”