Over 1.1 million accounts managed by the retro gaming website Emuparadise were exposed in a newly reported breach that actually took place back on April 1, 2018. Researcher Troy Hunt added Emuparadise to his “Have I Been Pwned?” data breach reference website yesterday, crediting the operators of hacked-database search engine DeHashed with supplying the compromised…
Cybercriminals have been using a recently discovered critical vulnerability in the Oracle WebLogic server to deliver a Monero cryptomining program, while using certificate files to obfuscate malicious code. Caused by a deserialization error, the flaw, CVE-2019-2725, was patched in an April 26 out-of-band security update. The SANS ISC InfoSec forums originally hosted reports of malicious actors exploiting…
A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs. Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author…
An American and three Europeans have been charged with racketeering conspiracy and conspiracy to commit wire fraud and bank fraud for allegedly distributing malware on the now-defunct Darkode computer hacking forum. A District of Columbia federal court this week unsealed an indictment against the four individuals, who are identified as Thomas McCormick (aka fubar), 26,…
The campaign by Russia’s Internet Research Agency to interfere with the 2016 U.S. presidential election using fake Twitter accounts was even organized than many people realize, according to a new report from Symantec Corporation. But another new report from scholars at Stanford University prescribes more than 45 policy recommendations for how the U.S. can prevent…
One day after Quest Diagnostics reported that nearly 12 million of its patients were potentially affected by a malicious breach of third-party bill collection vendor American Medical Collection Agency (AMCA), fellow clinical testing firm LabCorp acknowledged that roughly 7.7 million of its customers may be affected by the same incident. Burlington, North Carolina-based LabCorp publicly…
Health insurance company Premera Blue Cross has agreed to a $72 million proposed settlement that would resolve a contentious class-action lawsuit stemming from a 2014 data breach affecting roughly 10.6 million people. Pending court approval and barring further appeals, the deal would require Premera to pay $42 million to fund comprehensive remedial measures and injunctive…
The California Assembly on May 29 passed AB 25, an amendment to the California Consumer Privacy Act of 2018 that would exclude employees and job applicants from the legislation’s definition of “consumer.” The proposed law, which passed unanimously 77-0-3, is now in the hands of the California Senate. Under the terms of the amendment, an…
The University of Chicago Medicine scrambled to secure a database containing information on patients as well as existing and potential financial donors, after a researcher discovered that a misconfiguration left nearly 1.68 million records exposed to the public. Bob Diachenko, cyber threat intelligence director at Security Discovery, said in a June 3 company report that…
Researchers have discovered a new malware family that uses a set of eight exploits to compromise web servers, network drives and removable drives. Dubbed BlackSquid, the malware has been observed dropping XMRig cryptominer programs, but attackers could easily use it to deliver other nasty payloads to infected devices, as well as obtain unauthorized access, escalate…
