Cybersecurity News & Analysis | SC Media | Info Security News


London Blue cybergang compiled list of 50,000 execs for BEC phishing attacks


A U.K./Nigerian cybergang with U.S.-based co-conspirators has obtained a list of more than 50,000 corporate officials to be targeted in future Business Email Compromise (BEC) phishing campaigns. The list was generated during a five-month period in early 2018 and of the list, 71 percent were CFOs, two percent were executive assistants and the remainder were…

Marijuana plant

Florida marijuana dispensary website leaked customer data


A Florida medical marijuana dispensary took down its website after being notified that customer information was viewable through the site’s search function. The medical marijuana dispensary website AltMed, which also operates under the name MüV, said Sunday on its Facebook page a customer had noticed that on it was possible to view customer information…

The Chaos Computer Club (CCC) became the first group to bypass Apple's Touch ID.

Fake fitness apps steal money using Apple’s Touch ID feature


Apple has removed a pair of fake fitness apps from its App Store after they tricked users into making expensive purchases via the Touch ID biometrics feature. Named the “Fitness Balance app” and “Calories Tracker app,” the two malicious programs cleverly instruct victims to scan their fingerprints in order to view their personalized calorie tracker and…


Bloom is off the rose: Canadian 1-800-FLOWERS operation discloses four-year breach


The Canadian retail operations of 1-800-FLOWERS has disclosed a four-year data breach affecting customers who purchased goods on its website, warning that payment card data was exposed. The company 1873349 Ontario, Inc., which owns, acknowledged the incident in a breach notification to impacted consumers, which was filed with the California attorney general’s office on Nov. 30.…

Seeing the green: Troon Golf and Fortinet

Russian national charged with hacking Pittsburgh golf course to commit fraud


A Russian national was charged with hacking into the computer systems of Pittsburgh National Golf Course in Gibsonia, Pa., to commit various types of fraud. Ilya Kulkov, of Barnaul, Russia, was charged with a five-count indictment accusing him of crimes including wire fraud, computer fraud and money laundering, U.S. Attorney Scott W. Brady said in a…

election cyber

NRCC emails hacked during 2018 midterms


Although Department of Homeland Security Secretary Kristjen Nielsen declared the 2018 midterms the nation’s most secure election ever, bad actors who hacked the National Republican Congressional Committee (NRCC) apparently didn’t get the message. After one of its vendors noticed the intrusion last April, the NRCC launched an investigation and reported the incident to authorities, according…

Cybersecurity executive changes

December 4, 2018 (ISC)2 appointed Mary-Jo de Leeuw as director of cybersecurity advocacy for the EMEA region. In this role, de Leeuw will work to encourage corporations, governments, academic institutions and others to collaborate on strong cybersecurity policies, legislation and education throughout EMEA in order to drive recruitment and professional development for the next generation…

Quora breach compromises 100 million users


A breach at the question and answer website Quora has compromised the data of 100 million users. Last Friday the company discovered an intrusion by a third party and has “already taken steps to contain the incident,” Quora said in an email to users obtained by SC Media. Information that could have been compromised is…

Kubernetes vulnerability impacting Red Hat OpenShift


Red Hat has disclosed a flaw in that was reported by the Kubernetes’ community that if left unpatched could give an unauthorized party the ability to escalate their privileges on Kubernetes installations, including Red Hat OpenShift. The flaw, CVE-2018-1002105, is in Kubernetes 1.10 and higher and is rated as critical due to its ease of…


Gamaredon, like Fancy Bear and Cozy Bear, steps up cyberattacks against Ukraine, others


Russia didn’t just ratchet up its aggression toward Ukraine on the high seas last week, it also stepped cyberattacks against the country and other governments and private entities around the world. Familiar threat actors Fancy Bear – using a packed Zebrocy variant and Cannon payload – and Cozy Bear – delivering a Cobalt Strike Beacon…

Next post in News