It has been reported that Canadian banks are being impersonated in a phishing campaign targeting both individuals and businesses via a large-scale infrastructure shared with previous attacks going back to 2017 and pointing to the same attackers. The infrastructure behind these Canadian focused attacks includes hundreds of phishing websites designed to mimic major Canadian banks’ websites as part of an effort to steal user credentials from the financial institutions’ clients. To get the targets on their phishing landing pages, the attackers use custom-crafted and legitimate-looking email messages with malicious PDF attachments.
ISBuzz Team
Chinese state-sponsored hacker group APT20 has been bypassing two-factor authentication (2FA) in a recent wave of attacks, hacking government entities and managed service providers. More on the story here: https://www.zdnet.com/article/chinese-hacker-group-caught-bypassing-2fa/
Convenience store chain Wawa disclosed today a card breach after its security team found malware installed on its payment processing systems. Wawa said the malware collected payment card information from customers who used credit or debit cards at their stores and gas stations. The malware was installed on its servers on March 4 this year, and was discovered on December 10, and removed two days later on the 12. https://twitter.com/briankrebs/status/1207787839620079624
Research has found child-tracking smartwatches to contain severe security flaws allowing unauthorized persons, whether with or without bad intentions, to monitor children’s locations. According to research conducted by Pen Test Partners, a company that conducts penetration tests to see if a device offers adequate security, anyone with access to the internet (and a particular set of skills) can access information about the real-time GPS location of children wearing a smartwatch, or carrying a GPS tracker, from a Chinese company called ThinkRace. In addition to accessing their GPS location, unauthorized persons can also spy on these children and/or listen to the audio recordings they…
A cybersecurity automotive firm Upstream released a report revealing just how bad cyberattacks on the automotive industry have gotten over the years – 150 incidents in 2019, or a whopping 99% increase; the report discusses how bug bounties are essential for conquering and combatting these types of attacks.
The Magecart attack on Macy’s was so sophisticated it was customized specifically to the store’s website and targeted not only checkout, but also digital wallets according to RiskIQ as reported by CSO. Previous detail of our expert commenray on Macy Breach is here.
A database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication. Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster. The open database, which has been pulled down, wasn’t protected by a password or any other safeguard for nearly two weeks. In fact, someone has already made the data available for download on a hacker forum. https://twitter.com/AFP/status/1207860777618563072
Police forces across Britain have seen thefts of critical devices like mobiles, tablets, laptops and radios surge since 2016, according to research from Parliament Street Think Tank. The data collected via the Freedom of Information Act provided insight into the frequent loss of devices from reported by police staff and serving officers over the last three most recent financial years. In total, 2,600 mobile phones, laptops, police radios and other devices were reported lost or stolen by police officers and staff over the three year period. The most recent financial year (FY 18-19) saw a total of 1,360 gadget losses, an…
In response to the news that gaming modification site Nexus Mods disclosed a data breach, a cybersecurity expert offers perspective.
The Guardian revealed that Zynga, a social game developer that created the likes of Farmville and Words With Friends, admitted to a hack in September, telling users that cyber-attacks were “one of the unfortunate realities of doing business today”. It did not reveal at the time how many accounts were affected, but now it has been revealed that the stolen database contained information on 172,869,660 unique accounts. https://twitter.com/haveibeenpwned/status/1207528355790282753