Cybercrime | SC Media

Cybercrime

Bitcoin scammers impersonate Elon Musk, hack Target’s Twitter account

By

Scammers impersonating Elon Musk managed to hack the verified Twitter accounts of Target and several others in a cryptocurrency fraud scheme promising huge Bitcoin giveaways Tuesday morning. Hackers were briefly able to get ahold of the Target Twitter page for about a half hour when they used the big-box retailer’s account to promote “the biggest crypto-giveaway…

Attackers exploit GDPR compliance plug-in for WordPress

By

A WordPress plug-in that’s supposed to help with GDPR compliance contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites. Known as the WP GDPR Compliance plug-in, the software module helps ensure compliance with Europe’s General Data Protection Regulation by providing tools through which site visitors can permit use of their…

Companies, customers will avoid you after a breach, survey says

By

A recent study found customers would cease engaging with a brand after it experienced a breach and that overall, most respondents were unwilling to pay extra for the protection of their personal data. Ping Identity 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era report found that following a breach, 78 percent of people…

Huntsville Hospital in Alabama notifies job applicants of data breach

By

Huntsville Hospital in Alabama is reporting the information of job applicants who applied to the facility may be at risk after a breach at a recruiting firm it uses. The hospital’s online application vendor Jobscience, a cloud computing firm that helps staffing and recruiting organizations, experienced a breach which could affect thousands across the country.…

WirelessRouter2

IoT botnet BCMUPnP_Hunter targets routers with vulnerable UPnP feature

By

A large-scale botnet malware operation has been targeting router equipment running vulnerable versions of the Broadcom Universal Plug and Play (UPnP) feature. Active since at least September 2018, malicious campaign appears to be infecting devices for the likely purpose of converting them into spam bots, according to a blog post yesterday from researchers at Qihoo’s…

Drone vulnerability could compromise enterprise data

By

Check Point Researchers developed an attack to hijack DJI drone user accounts that may contain the user’s sensitive information as well as access to the device itself. Researchers developed an XSS attack that could be posted on a DJI forum that is used by hundreds of thousands of DJI customers, to intercept the identifying token…

Secret Service warns of USPS ‘Informed Delivery’ scam

By

The U.S. Secret Service is warning of cybercriminals using the U.S. Postal Service (USPS) “Informed Delivery” feature to commit various identity theft and credit card fraud schemes. The features sends a scanned image of incoming mail to the recipients email address before it arrives later that day. An internal alert obtained by KrebsOnSecurity and sent by…

Oracle’s VirtualBox vulnerability leaked by disgruntled researcher

By

An independent researcher who was disgruntled with traditional bug bounty methods took it upon himself to leak the details of an exploit in Oracle’s Virtual Box without first informing Oracle. Sergey Zelenyuk discovered a flaw that would allow him to escape from the virtual environment of the guest machine to reach the Ring 3 privilege layer…

StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code

By

A malicious actor compromised the platform of leading web analytics firm StatCounter in a supply chain attack that targeted the cryptocurrency exchange gate.io with a bitcoin-stealing script. Outside of gate.io, none of the other two million-plus websites using StatCounter’s metrics services appear to have been affected by the malicious JavaScript, even if they downloaded it. That’s because the…

Malicious Google Chrome extension collected users' data for third parties

Google Chrome to remove ads from abusive sites

By

Google announced it will be adding new features to Chrome 71, starting in December 2018, which will remove ads from sites with persistent abusive experiences. Site owners are free to use the Abusive Experiences Report in the Google Search Console to see if their sites contains any of these abusive experiences that need to be…

Next post in Cybercrime