A U.K./Nigerian cybergang with U.S.-based co-conspirators has obtained a list of more than 50,000 corporate officials to be targeted in future Business Email Compromise (BEC) phishing campaigns. The list was generated during a five-month period in early 2018 and of the list, 71 percent were CFOs, two percent were executive assistants and the remainder were…
A Florida medical marijuana dispensary took down its website after being notified that customer information was viewable through the site’s search function. The medical marijuana dispensary website AltMed, which also operates under the name MüV, said Sunday on its Facebook page a customer had noticed that on www.altmedflorida.com it was possible to view customer information…
Apple has removed a pair of fake fitness apps from its App Store after they tricked users into making expensive purchases via the Touch ID biometrics feature. Named the “Fitness Balance app” and “Calories Tracker app,” the two malicious programs cleverly instruct victims to scan their fingerprints in order to view their personalized calorie tracker and…
The Canadian retail operations of 1-800-FLOWERS has disclosed a four-year data breach affecting customers who purchased goods on its website, warning that payment card data was exposed. The company 1873349 Ontario, Inc., which owns www.1800Flowers.ca, acknowledged the incident in a breach notification to impacted consumers, which was filed with the California attorney general’s office on Nov. 30.…
A Russian national was charged with hacking into the computer systems of Pittsburgh National Golf Course in Gibsonia, Pa., to commit various types of fraud. Ilya Kulkov, of Barnaul, Russia, was charged with a five-count indictment accusing him of crimes including wire fraud, computer fraud and money laundering, U.S. Attorney Scott W. Brady said in a…
Although Department of Homeland Security Secretary Kristjen Nielsen declared the 2018 midterms the nation’s most secure election ever, bad actors who hacked the National Republican Congressional Committee (NRCC) apparently didn’t get the message. After one of its vendors noticed the intrusion last April, the NRCC launched an investigation and reported the incident to authorities, according…
December 4, 2018 (ISC)2 appointed Mary-Jo de Leeuw as director of cybersecurity advocacy for the EMEA region. In this role, de Leeuw will work to encourage corporations, governments, academic institutions and others to collaborate on strong cybersecurity policies, legislation and education throughout EMEA in order to drive recruitment and professional development for the next generation…
A breach at the question and answer website Quora has compromised the data of 100 million users. Last Friday the company discovered an intrusion by a third party and has “already taken steps to contain the incident,” Quora said in an email to users obtained by SC Media. Information that could have been compromised is…
Red Hat has disclosed a flaw in that was reported by the Kubernetes’ community that if left unpatched could give an unauthorized party the ability to escalate their privileges on Kubernetes installations, including Red Hat OpenShift. The flaw, CVE-2018-1002105, is in Kubernetes 1.10 and higher and is rated as critical due to its ease of…
Russia didn’t just ratchet up its aggression toward Ukraine on the high seas last week, it also stepped cyberattacks against the country and other governments and private entities around the world. Familiar threat actors Fancy Bear – using a packed Zebrocy variant and Cannon payload – and Cozy Bear – delivering a Cobalt Strike Beacon…
