The Shakespeare Theatre of New Jersey was forced to cancel a performance of “A Christmas Carol” earlier this week after a ransomware attack disrupted its database and ticketing system, causing a show reservations nightmare. Performances of the show, which run through Dec. 29, are now back underway. However, the ransomware has disabled the company’s online…
In a lawsuit filed yesterday, Facebook is accusing a Hong Kong-based company of infecting individuals with malware in order to hijack their Facebook ad accounts and run malicious advertisements at their expense. The Menlo Park, Calif.-based social media company filed the legal documentation in a San Francisco federal court against ILikeAd Media International Company Ltd.,…
The U.S. today announced legal and regulatory action against the powerhouse cybercriminal group Evil Corp, filing hacking and bank fraud charges against two of its suspected members. Authorities are also offering a $5 million bounty for information leading to the arrest or conviction of one of the group’s alleged masterminds, 32-year-old Maksim Yakubets of Moscow,…
Hundreds of thousands of cell phone bills and other documents belonging to AT&T, Verizon and T-Mobile customers were reportedly exposed after a Sprint contractor left them sitting on an open public server. The documents had been collected and stored in the first place as part a marketing effort to persuade subscribers of rival carrier services…
Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst’s account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported…
Cybercriminals are reportedly attempting to trick users of the Steam video game digital distribution service into visiting a phishing site that pretends to give away new game skins, but actually steals login credentials. Researcher “nullcookies” first reported the fraudulent giveaway promotion in a Twitter post late last month. BleepingComputer followed up on the post and…
The e-commerce website of weapons manufacturer Smith & Wesson has been targeted by a Magecart payment card-skimming group that’s been using lookalike domain names to impersonate payment anti-fraud company Sanguine Security. The Smith & Wesson website was compromised with a JavaScript-based skimmer last Wednesday, Nov. 27 – in time to steal card information for any…
What at first looked like a single data breach affecting Montgomery County Public Schools (MCPS) in Maryland turned out to be a series of breaches that impacted thousands of more students than was originally reported. On Oct. 4, 2019, MCPS disclosed that a district student had one day earlier allegedly executed a brute-force credentials-stealing attack…
Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first gain root access, according…
An unauthorized party illegally accessed systems belonging to British online audio streaming service Mixcloud and is now reportedly selling the company’s user data on the dark web. Roughly 20 million to 22 million accounts were compromised in the November incident, according to multiple media organizations that were contacted by the malicious hacker late last week.…
