Government IT systems and critical infrastructure systems around the world are at risk due to legacy technology and the pending retirement of those who have historically maintained these older systems. Of the U.S. General Services Administration’s mission-critical IT staff, 20-50 percent will be eligible to retire by 2024 and 66 percent of U.K. companies have…
A hacker took over the Twitter account of Tampa Mayor Bob Buckhorn and sent out a fake ballistic missile warning and a bomb threat from the compromised account. The threat actor sent a fake bomb threat to Tampa International Airport and said there was a ballistic missile headed to the Tampa area in a series…
Cybercriminals have gamified the ATM jackpotting experience with a malware variant dubbed WinPot which includes a slot machine-like interface. The graphics are a node to the popular term ATM-jackpotting techniques designed to empty ATMs minor modifications just as WinPot does when it infects a target system, according to a Feb. 19 Kaspersky Lab blog post.…
A Monero miner-malware is leveraging RADMIN and MIMKATZ for propagation while exploiting critical vulnerabilities to spread in a worm-like behavior to covertly target specific systems in industries in China, Taiwan, Italy, and Hong Kong. Researchers noted an uptick in activities between the last week of January and February 2019 which coincidentally coincided with regional holiday…
A multi-staged malware dropping multiple payloads is infecting its victims without a clear purpose and has shown a significant uptick in activity since January 2019. Dubbed Reitspoof, the malware has bot capabilities although Avast researchers believe it was primarily designed as a dropper, according to a Feb. 16 blog post. The malware’s developers used several…
Wendy’s has agreed to pay $50 million to settle negligence claims following its 2015-2016 data breach that affected more than 1,000 of the burger chain’s locations. Payment card data was stolen from victims who purchased food at these locations then used fraudulently at other merchants after malware was installed through a third-party vendor. The settlement…
Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying…
Mozilla Foundation has issued security advisories for several vulnerabilities in Firefox ESR 60.5.1 and Firefox 65.0.1. The updates patch a use-after-free in skia flaw, an integer overflow in Skia flaw, and a buffer overflow in Skia with accelerated Canvas 2D vulnerability in Firefox ESR 60.5.1, all of which are rated high. The buffer overflow flaw…
The Xiaomi M365, a popular electric scooter used by several ride-share companies such as BIRD as well as for personal ownership, is vulnerable to remote hacking due to improper password validation. The scooters are enabled with Bluetooth access which allows the user to interact with the scooters for multiple features including its Anti-Theft System, Cruise-Control,…
A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version…
