Six years after blogging platform LiveJournal was hacked, the credentials of some 26 million users are being sold and traded on multiple hacker forums and the dark market. Complicating the breach’s fallout, the database’s old and/or unique passwords have allowed bad actors to launch targeted sextortion email campaigns. Another blogging platform, Dreamwidth, says it’s withstood…
The exposure of the PII of more than 3,500 California residents in the database of international multi-level marketing firm Arbonne following a breach on April 23 offers a glimpse into whether the state will enforce its new privacy statute that went into effect in January. Almost half of a four-page information sheet from Arbonne describing…
New phishing campaigns tracked by Trustwave deploy schemes that harvest credentials by taking advantage of “the reputation and services” of the Google Cloud’s Firebase mobile and web application development platform. The bogus emails cut across industries and tap Firebase’s data storage API in a Google Cloud Storage bucket, while hiding malicious URLs in phishing emails…
Following a month of cyberattacks involving Iran and Israel, experts are reluctant to predict all-out digital warfare between the nation states, despite the obvious recent tit for tat that underscores age-old, religion-based tensions. The latest possible salvo came May 21, when approximately 1,000 corporate and manufacturing targets within Israel were afflicted with defacements and denial…
The Silent Night Zbot, a new variant of the infamous banking trojan ZeuS that wreaked havoc in mid-2009 may be impressive in its design but it’s “not any game changer,” according to a deep-dive report from Malwarebytes and HYAS. Calling Silent Night “yet another banking Trojan based on ZeuS,” the 186-page report praised the malware’s…
Adding COVID-19 exploitation to its nefarious arsenal targeting governments, the Nigerian Scattered Canary criminal gang most recently attempted to exploit the CARES Act on May 17, filing two fraudulent unemployment claims through Hawaii’s Department of Labor and Industrial Relations website. The bogus claims were part of a larger criminal effort in the past month that…
A new malware called “WolfRAT is targeting messaging apps, such as WhatsApp, Facebook Messenger and Line on Thai Android devices. WolfRAT, according to the Cisco Talos intelligence team, is based on a leak of the previously leaked DenDroid malware family. Talos said in a blog post it highly believes that this modified version of the malware…
An attack against British airline easyJet by “a highly sophisticated source” accessed the email addresses and travel details of approximately nine million customers, including credit card details of 2,208 customers. The company did not reveal when it learned of the attack or what a forensic investigation revealed, nor did it specify the breach date. Although the…
After Facebook was stopped from launching a dating service in Europe on Feb. 13, infosec experts are left wondering if the social media network had learned anything from the Cambridge Analytica debacle in 2018 or the platform’s other data privacy transgressions. The EU found Facebook committed data protection violations within the forthcoming service, such as…
The U.S. government expanded its year-old lawsuit against Chinese tech firm Huawei, alleging the company conducted cyber espionage on six American competitors in an attempt to steal trade secrets to gain an unfair advantage. Filed in the federal court’s Southern District in Brooklyn, the indictment charges that Huawei’s activities violated racketeering laws by illegally gaining…
