A hacker that uploaded ransom notes on nearly 23,000 MongoDB databases left exposed online without passwords has given his potential victims until tomorrow to pay a $140 ransom, or possibly report the breach to local GDPR authorities. According to recent ZDNet story, the hacker used an automated script to scan for misconfigured MongoDB databases, effectively…
The Sodinokibi/REvil ransomware gang has apparently made good on its threat to auction off files it lifted from celebrity law firm Grubman Shire Meiselas & Sacks. The group on July 1 reportedly placed legal documents corresponding to Nicki Minaj, Mariah Carey and LeBron James up for bid, with the starting price set at $600,000 per…
Another Texas-based government institution may have fallen victim to ransomware actors. According to a reliable source, the cybercriminals behind the malicious encryptor NetWalker have published online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs. Trinity Metro…
A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum by the KelvinSecurity Team hacking group, according to KELA, a darknet threat intelligence firm, based in Tel Aviv. The hacking group, which last week tried to sell databases related to U.S. business consulting firm Frost & Sullivan,…
A new blog post and research report from the Lookout Threat Intelligence Team has exposed the lengths to which a reputed Chinese government-sponsored APT operation has allegedly gone to track the country’s Uyghur minority population, including the trojanization of mobile apps with surveillanceware. Lookout details four spyware families — SilkBean, DoubleAgent, CarbonSteal and GoldenEagle —…
In a pair of out-of-band updates, Microsoft patched RCE vulnerabilities, one rated critical, the other important. Microsoft said the two vulnerabilities, CVE-2020-1425 (critical) and CVE-2020-1457 (important), fixed prior to the company’s monthly Patch Tuesday updates, are not likely to be exploited. “To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image…
The actors behind a campaign to spread GoldenSpy malware via tax accounting software used by customers of a Chinese bank have recently attempted to distribute an uninstaller that deletes the backdoor in an apparent attempt to cover up their illicit activities. In a previous company blog post and threat report, Trustwave and its SpiderLabs team identified the accounting software…
Despite an increased toll on their computer systems amid Covid-19, healthcare organizations throughout the world generally are doing a good job of mitigating inbound attack attempts, according to a Vectra analysis of the first five months of 2020. The report cites a doubling of data exfiltration behaviors to external destinations in Europe, Middle East and…
It appears that Xerox is among the victims of Maze ransomware attackers, if screenshots posted by the ransomware’s operators are legitimate. The hackers pilfered more than 100GB of information and are threatening to publish it, according to a report in BleepingComputer, which cited the ransom note as saying, “After the payment the data will be…
SC Labs revisited endpoint security tools this month, an area that’s become increasingly more relevant as the bad guys run phishing attacks via email. These cloud-based management systems have taken endpoint security to the next level with proactive attack prevention, accurate detection and effective remediation. The comprehensive visibility these tools offer uncover visibility gaps at…
