Cybersecurity News and Product Reviews | SC Media

Home

InnfiRAT malware hunts for cryptocurrency info, browser cookie data

Researchers have discovered a previously unknown remote access trojan called InnfiRAT, capable of data exfiltration and digital spying. InnfiRAT searches for users’ cryptocurrency wallet information (Bitcoin and Litecoin included), and steals browser cookie data in order to obtain victims’ usernames, passwords and session data. This information is then sent to a malicious command-and-control server, explain…

Automakers pen 'privacy principles' for in-car technology

Misconfigured database exposes 198M records on prospective auto buyers

Dealer Leads, LLC, a digital marketing company for car dealerships, was discovered last month to have exposed an Elastic database that contained 198 million records on prospective automotive buyers. Publicly accessible information included the plain-text names, email addresses, phone numbers, home addresses and IP addresses of visitors to numerous websites affiliated with Dealer Leads, cybersecurity…

U.S. sanctions North Korea hacking groups, says attacks funded missile program

The U.S. Office of Foreign Assets Control (OFAC) sanctioned North Korea Friday for ransomware attacks on the Swift interbank messaging system and other critical infrastructure targets that generated funding for the nation-state’s weapons and missile programs. The Treasury Department targeted three state-sponsored hacking groups – the Lazarus Group, whose WannaCry attacks wreaked havoc around the…

Ryuk-like malware targeting law, military and finance groups

A new malware containing some similarities to Ryuk ransomware, but which acts as an information stealer targeting military, law and financial institutions has been uncovered by MalwareHunterTeam. Once onboard a device the as-yet-unnamed malware begins its attack begins searching for .docx and .xlsx files, according to Bleeping Computer. In a fashion similar to how ransomware…

U.K. man arrested for allegedly hacking musicians, selling their songs

A 19-year-old man has been arrested in the U.K. for allegedly hacking into musicians’ websites and cloud accounts, then stealing and selling their unreleased songs. The investigation actually commenced “across the pond,” in the Manhattan District Attorney’s office, which ultimately partnered with the City of London Police upon learning that a suspect was based in…

Instagram fixed after researcher finds way to link account info to PII

Facebook has repaired a vulnerability in its Instagram social media platform, after a researcher found that it could be exploited to link users’ phone numbers to their account numbers, usernames and actual names. With the help a brute-force algorithm and a network of bots, malicious actors could have leveraged the flaw to bypass data security…

Facebook, YouTube used in Brazilian phishing scheme

A cybercriminal gang has put together a phishing campaign that utilizes several trusted sources, along with insider help from a top tier security company service to convince its victims to open and download a malicious attachment. Cofense Intelligence found the malicious actors, who are only targeting Brazilians, are extensively using trusted names, legitimate Windows services…

Intel releases medium and low-rated security advisories

Intel posted two security advisories for its Easy Streaming Wizard (CVE-2019-11166) and Data Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA). A potential escalation of privileges vulnerability, rated as a medium threat, exists with Easy Streaming Wizard on versions before 2.1.0731 due to improper file permissions in the installer. Intel plans on issuing…

Next post in Vulnerabilities