Categories
APT Breach Malware Phishing Ransomware Ryuk Vulnerability

CloudSEK Daily Threat Bulletin – 9th March 2020

Round Up of Major Breaches and Scams Phishing campaign uses chatbot that pretends to be a customer service agent In a new phishing campaign, a chatbot pretends to be a customer service agent, helping Russian victims to get a refund of $2,100, for unused internet and cellular services. This lures victims to fill several forms,…Continue readingCloudSEK Daily Threat Bulletin – 9th March 2020

Categories
Breach CVE Malware Ransomware TrickBot Vulnerability

CloudSEK Daily Threat Bulletin – 6th March 2020

Round Up of Major Breaches and Scams Brazilian security firm exposes 25 GB of data on leaky S3 bucket A Brazilian home and business security firm has exposed 25 GB of files on a leaky S3 bucket. The files, which include tax documents, payment slips, and social security documents, reveal their clients’ contract details and…Continue readingCloudSEK Daily Threat Bulletin – 6th March 2020

Categories
Breach CVE Emotet Malware Phishing Ransomware Ryuk TrickBot Vulnerability

CloudSEK Daily Threat Bulletin – 5th March 2020

Round Up of Major Breaches and Scams T-Mobile discloses data breach due to attack on email vendor T-Mobile has disclosed a data breach that exposed their customers’ personal and financial information. The source is believed to be their email vendor, who was hacked. Some of the hacked accounts contained T-Mobile customers’ social security numbers, financial…Continue readingCloudSEK Daily Threat Bulletin – 5th March 2020

Categories
Cyber Security Ransomware Vulnerability

CloudSEK Daily Threat Bulletin – 4th March 2020

Round Up of Major Breaches and Scams Tesco notifies Clubcard loyalty members of credential-stuffing attack U.K. supermarket chain Tesco has notified, 600,000 Clubcard loyalty program members, of a credential-stuffing attack. The attack came to light when Tesco’s internal systems detected attackers trying different combinations of usernames and passwords to access Clubcard accounts. The credentials are…Continue readingCloudSEK Daily Threat Bulletin – 4th March 2020

Categories
CVE Cyber Security Ransomware Vulnerability

CloudSEK Daily Threat Bulletin – 3rd March 2020

Round Up of Major Breaches and Scams Exaggerated Lion carries out BEC attacks by exploiting G Suite features Researchers have found that African threat group Exaggerated Lion carries out Business Email Compromise (BEC) attacks by exploiting G Suite features. Since G suite offers a 30-day trial period, and allows users to send 500 emails per…Continue readingCloudSEK Daily Threat Bulletin – 3rd March 2020

Categories
Cyber Security Phishing Ransomware Vulnerability

CloudSEK Daily Threat Bulletin – 2nd March 2020

Round Up of Major Breaches and Scams ‘SurfingAttack’ allows attackers to remotely control voice-controlled devices A new omni-directional attack method called SurfingAttack, allows attackers to control voice-controlled devices from a distance, without the victim’s knowledge. Attackers can use voice commands to instruct voice assistants to reveal sensitive data such as SMS authentication codes for online…Continue readingCloudSEK Daily Threat Bulletin – 2nd March 2020

Categories
Cyber Security Ransomware TrickBot

CloudSEK Daily Threat Bulletin – 28th February 2020

Round Up of Major Breaches and Scams Error in official Walgreens app exposes users’ personal data An error in the official app of US pharmacy chain Walgreens allowed users to view other users’ names, prescriptions, store number, and shipping addresses. The company announced that for a week, an error in the app’s personal secure messaging…Continue readingCloudSEK Daily Threat Bulletin – 28th February 2020

Categories
Cyber Security Malware Phishing Ransomware

CloudSEK Daily Threat Bulletin – 27th February 2020

Round Up of Major Breaches and Scams Phishing campaign uses fake NortonLifelock documents to distribute RAT Researchers have discovered a phishing campaign, which uses fake NortonLifelock documents, to bait users into installing a RAT (remote access tool). The password-enabled document contains a malicious macro, which is executed, once the document is enabled by the victim.…Continue readingCloudSEK Daily Threat Bulletin – 27th February 2020

Categories
Cyber Security Malware Phishing Ransomware Spearphishing

CloudSEK Daily Threat Bulletin – 26th February 2020

Round Up of Major Breaches and Scams Law enforcement partner Clearview notifies customers of breach Law enforcement partner Clearview has notified its customers of a breach that exposed the list of customers, their accounts, and their searches. The facial recognition platform, which is solely for law enforcement agencies, has purportedly collected ~3 billion facial images.…Continue readingCloudSEK Daily Threat Bulletin – 26th February 2020

Categories
CVE Cyber Security Emotet Malware Ransomware

CloudSEK Daily Threat Bulletin – 25th February 2020

Round Up of Major Breaches and Scams Threat group steals data by bypassing server firewall and masking C2 traffic What appears to be a state-sponsored threat group is using a technique called “Cloud Snooper” to bypass a server’s firewall to communicate with command and control (C2). The attackers deployed a rootkit that then installs a…Continue readingCloudSEK Daily Threat Bulletin – 25th February 2020