Cybercrime News, Articles and Updates

Pawn Storm readied attacks against U.S. senators, political and Olympic targets

The cyberespionage gang Pawn Storm had an extremely active second half of 2017 with targets ranging from the Olympic Wintersports Federations to various political targets.

AdultSwine malware helps porn ads and scams invade children's apps

Cybercriminals have been spiking game apps, including several aimed at children, with malware that displays pornographic ads, pushes fake security apps, and registers users for premium services with permission.

Bannon to testify before House intel committee

Bannon, once Trump's campaign manager, will testify behind closed doors before the Housr Intelligence Committee probing Russia's interference on the U.S. presidential election.

Researchers find 147 vulnerabilities in 34 SCADA mobile applications

Researchers released a whitepaper outlining 147 vulnerabilities in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems.

Teligram? Fake Telegram app contains malvertising

A phony and malicious application imitating the Telegram app made its way into the Google Play Store posing as a newer updated version of the popular messaging app.

In a pair of contradictory tweets, Trump blasts, praises FISA

President Trump initially contradicted a White House statement supporting FISA with a tweet ripping the act as potentially having been used to spy on his campaign, then clarified his support for the legislation in a second tweet.

Cryptominer malwares in RIG EK spread via malvertising

Malwarebytes researcher Jerome Segura analyzed a RIG exploit campaign distributing malware coin miners.

Mueller's team includes cyber expert

Dickey is the first of Mueller's expanding, expert team who focuses exclusively on cybersecurity.

FakeBank malware accesses sensitive SMS banking messages

A newly discovered mobile malware program that primarily targets Russian banking customers can take over victims' SMS capabilities, allowing cybercriminals to intercept text messages that contain bank security codes, and then use those codes to reset bank account passwords.

Cardin report blasts Trump's inaction on Russian interference

For the second time in two days, Congressional Democrats have run counter to the wishes of their Republican colleagues by releasing information pertinent to Russia's cyberespionage activities and interference in democratic processes.

Proposed law would levy substantial penalties on breached credit reporting agencies

A newly proposed legislation introduced by two Democratic U.S. senators aims to impose stiff, mandatory penalties on credit reporting agencies (CRAs) like that fail to protect consumers' sensitive information from data breaches.

Researchers believe malicious Android app written in Kotlin code may be a first

Researchers have discovered a fake utility app called Swift Cleaner that they believe may be the first Android mobile malware developed using the open-source Kotlin programming language.

North Korean Monero miner: educational tool or weapon prototype?

A North Korean cryptominer is raising questions as to whether it is a tool or a prototype to carry out silent attacks on unsuspecting CPUs.

Mole on Trump team fed FBI info, Steele worried about political influence on FBI, Fusion GPS head says

Defying her GOP counterparts on the Senate Judiciary Committee, Sen. Dianne Feinstein made public the testimony of the CEO of Fusion GPS, the firm that hired former British spy Christopher Steele, author of the controversial Trump dossier.

FTC fines VTech toy firm over data breach

The Federal Trade commission fined toy firm VTech $650,000 as part of a settlement for violating a U.S. children's privacy laws.

North Carolina introduces data breach legislation, after incidents rise in 2017

More than 5.3 million residents of North Carolina were victims of data breaches in 2017 - an escalating trend that has prompted state Attorney General Josh Stein (D) and state Rep. Jason Saine (R) to introduce newly proposed legislation to prevent further incidents and protect the public.

Multiple vulnerabilities including remote execution spotted in WDMyCloud products

A GulfTech researcher spotted multiple vulnerabilities In Western Digital's MyCloud products, some of which could lead to remote code execution and unauthorized access.

Breach possibly exposed sensitive data on up to 30K Florida Medicaid recipients

The Inspector General's initial review indicated that the names, Medicaid ID numbers, birth dates, diagnoses, Social Security numbers, addresses, and medical conditions of up to 30,000 recipients "were accessed in part or full."

Aspen Cyber Strategy Group holds inaugural meeting to tackle cybersecurity issues

The organization is chaired by IBM Chairman, President and CEO Ginni Rometty, Rep. Will Hurd, and former White House Homeland Security Advisor Lisa O. Monaco.

LockPoS malware adopts injection technique to evade detection

LockPoS, a point-of-sale malware program discovered in 2017 stealing payment card data from computers' memory, is now using a new malware injection technique designed to bypass antivirus hooks and evade detection.

Study: Phishing kit developers commonly betray their cybercriminal customers

An analysis of roughly 1,000 do-it-yourself phishing kits found that roughly a quarter of them double-cross the cybercriminals who implement them by secretly transmitting phished information to a third party who is most likely the kit's original developer.

New adware found in fake Flashlight apps with dark intentions

A newly discovered mobile adware program called LightsOut was recently observed in numerous fake Android flashlight applications, reportedly prompting their removal from the Google Play Store.

Dismantled Andromeda botnet will 'slowly disappear' over time, says ESET researcher

What remains of the Andromeda botnet that was largely dismantled in a November 2017 global law enforcement operation will probably "slowly disappear" as remediation continues into 2018, predicted one cybersecurity company that assisted in the investigation.

Trump directed McGahn to press Sessions not to recuse himself from Russia probe

Mueller reportedly has handwritten notes by former White House Chief of Staff Reince Priebus from conversations with the president that corroborate former FBI Director James Comey's account of meetings with Trump.

Report: Expect more website ads to contain hidden cryptominers

In addition to hiding cryptocurrency miners in the coding of websites, malicious actors may also increasingly conceal them within advertisements appearing on these sites, according to a new report from CoinDesk, citing the Israeli adtech firm Spotad.

White House disbands election integrity commission

Alarmed by the breadth of voter data requested by the commission many states had resisted its overtures, leading the White House to concede it was fighting an uphill battle.

Cybercriminals dropping Bitcoin for more private cryptocurrencies

Cybercriminals appear to be dropping Bitcoin for more private cryptocurrencies as law enforcement develop new techniques to monitor transactions.

Forever 21 blames POS malware, lapses in encryption, for payment card data compromise

A POS malware infection was responsible for compromising payment card data collected at certain Forever 21 stores last year -- an attack that was exacerbated by a lack of encryption on some devices, the apparel retailer stated.

John McAfee's Twitter and phone hacked to promote cryptocurrencies

John McAfee is warning users that anyone can be hacked after someone allegedly broke into his Twitter account to promote cryptocurrency investments.