You don’t tug on Superman’s cape, you don’t spit into the wind, you don’t pull the mask off the old Lone Ranger and, with apologies to Jim Croce, you don’t mess around with medical and healthcare organizations battling the coronavirus pandemic, or you’ll face the full force of the COVID-19 CTI League, a group of…
In the middle of a pandemic, insurance companies are likely targets for cyberattackers so it’s not surprising that Chubb this week reportedly found itself a victim of the Maze ransomware’s operators, who encrypted the company’s files. The group put a notice on its news site claiming that it had encrypted the insurance company’s network. If…
The same default setting that allows attackers to “Zoom bomb” schoolchildren or remote workers meeting online with racist and pornographic content could be used to by cybercriminals to unleash their malicious bag of tricks during the COVID-19 pandemic. “An attacker could create a malicious invite link and trick Zoom users into clicking on it, leading…
Tupperware hasn’t yet put a lid on a targeted cyberattack that uses a credit card skimmer to collect customer payment information at checkout on the tupperware[.]com site and some of its local sites. The threat actors hid “malicious code within an image file that activates a fraudulent payment form during the checkout process,” according to…
A February breach at service provider Canon Business Process Services exposed the personal information of current and former GE employees and their beneficiaries. “While I’m usually a bit numb to the latest data breach, the sheer variety of exposed information is unique,” said Roger Grimes, data driven defense evangelist at KnowBe4. “GE and Canon haven’t…
Attackers are exploiting unpatched Windows zero day flaws, Microsoft said in a Monday security advisory. The company said “limited targeted attacks” could leverage two unpatched remote code executive (RCE) vulnerabilities in Windows “when the Windows Adobe Type Manager Library improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format.” Among the ways…
The hack of an FSB contractor has exposed details of the Russian intelligence agency’s cyber weapons program aimed at exploiting vulnerabilities in IoT devices. Digital Revolution, a Russian hacking group, has claimed credit for the April 2019 breach of subcontractor ODT (Oday) LLC, which was working with frequent Russian Ministry of Internal Affairs contractor InformInvestGroup…
More than five billion records were exposed after an Elasticsearch “data breach database” managed by a U.K.-based security firm and housing a trove of security incidents from the last seven years was left unprotected. “Data was very well structured,” wrote security researcher Bob Diachenko, who discovered the Elasticsearch instance, of the information, which included hashtypes,…
With concerns over coronavirus on the rise and in a political climate that can generously be described as “charged,” when Facebook began marking and removing posts linking to COVID-19-related articles as spam, many users on the social media platform began eyeing their friends lists with suspicion and even floating conspiracy theories. But the culprit it…
In an effort to protect government sources and investigative methods, Justice Department prosecutors will drop charges against two Russian companies, Concord Management and Concord Consulting, indicted by former Special Counsel Robert Mueller for financing operations behind interference in the 2016 presidential election. The two companies, along with Internet Research Agency and a cadre of 13…
