Micropayments company Coil has emailed users its new privacy policy but, in error, put hundreds of their users’ email addresses in the “To:” field – breaching their privacy. Coil has become aware of the incident and sent an apology email with a subject line “Please forgive us”. More on that story here: https://www.theregister.com/2020/11/17/coil_email_data_breach/
ISBuzz Team
It has been reported that Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. Today, cybersecurity researchers from ESET revealed the abuse of the certificates, stolen from two separate, legitimate South Korean companies. In this supply chain attack, the threat actors are using an “unusual supply chain mechanism,” ESET says, in which Lazarus is abusing a standard requirement for South Korean internet users — the need to install additional security software when they visit government or financial services websites.
Pharmaceutical companies researching treatments and vaccines for COVID-19 are being actively targeted by prominent nation state-backed hackers from Russia and North Korea, according to IT Pro. Groups including Strontium, Zinc and Cerium are launching “unconscionable” cyber-attacks against companies running trials for COVID-19 vaccines, one clinical research organisation and a company that’s developed a virus test – targeting a total of seven companies involved in researching vaccines and treatments. Strontium, allegedly linked with the Russian state, is using password spray and brute force attacks to steal login credentials, hoping to break into user accounts using millions of quickfire attempts. Zinc, meanwhile,…
The UK’s Information Commissioner’s Officer confirmed on Friday that it was fining Ticketmaster £1.25 million in relation to a data breach of the ticketing firm’s website back in 2018.
Resident Evil developer Capcom has announced a breach that compromised the personal information of employees, and potentially compromised the data of up to 350,000 users.
Please see below a press release from the IT company DSA Connect, on new research revealing that some 4.5 million electronic devices have been handed back to employers as people have been made redundant. Its research reveals that of those people who have been made redundant or furloughed since the COVID-19 crisis started, 26% have had to give back electronic devices to work. In 50% of cases, they said that these devices had personal information on them including their bank and credit card details, personal passwords, and photos. With England in a new lockdown and more staff being furloughed or…
The cybersecurity company Morphisec has discovered Jupyter infostealer on the network of an unnamed higher education establishment in the US. A newly uncovered trojan malware campaign is targeting businesses and higher education in what appears to be an effort to steal usernames, passwords and other private information as well as creating a persistent backdoor onto compromised systems. The trojan has the capability to target Chromium, Firefox, and Chrome browser data but also can open a backdoor on compromised systems, allowing attackers to execute PowerShell scripts and commands, as well as the ability to download and execute additional malware.
Whilst the current COVID-19 crisis has brought many businesses and operations to a standstill, one area it hasn’t diminished is fraud. The sad truth is that fraudsters don’t stop their crimes because of a pandemic. In fact, they often seize the immense change that comes with an event like this to ramp up their activity – targeting individuals and businesses whilst they are at their most vulnerable and least protected. In fact, recent data covering the first six months of 2020 showed that £208m was stolen in reported “authorised push payment fraud”, where victims unwittingly send their money to a…
According to ZDNet, Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers. The incident took place on March 11 and happened as a result of human error when three data files were inadvertently stored in an unsecured external storage service. Vertafore said the files were removed from the external storage system on August 1, but after an investigation, they discovered that the files had been accessed without authorization. According to the software provider, the three files contained information on driver’s licenses issued before February…
People Incorporated Mental Health Services disclosed that an email security data breach exposed sensitive patient records and financial data. The cybersecurity experts offer perspective below.