It appears North Korean hackers have revisited a tried-and-true scheme to attack Mac owners who work at cryptocurrency exchanges: creating a fake company and corresponding cryptocurrency trading app that actually infects users with malware. Researcher Patrick Wardle, creator of OS X security firm Objective-See, reported in a blog post late last week that malicious actors…
A malicious actor used stolen credentials to access a web portal operated by credit reporting agency TransUnion Canada and then used that portal to access consumer files. This week, BleepingComputer posted a report containing scanned images of a disclosure notification that TransUnion Canada has begun mailing out to affected consumers. The notification, dated Sept. 19,…
Thanks in no small part to the perpetrators’ own sloppy operational security, researchers have uncovered a large Android banking trojan scheme that may have impacted hundreds of millions of Russians. Dubbed Geost, the malware is distributed via a malicious cybercriminal botnet operation consisting of 13 command-and-control servers and more than 140 malicious domains, according to…
The Danish hearing aid manufacturer Demant has quickly piled up a $95 million bill associated with a cyber incident that struck the company in early September. In a September 26 financial statement, the company revealed how the cyber incident that began on September 3 has impacted the company’s financial situation. Demant executives credited the quick…
Russian Andrei Tyurin has pleaded guilty to taking part in a cybercriminal campaign that targeted the U.S. financial sector and stole personal data from roughly 100 million customers of various firms, the DOJ announced this week. Tyurin, 35, pleaded guilty in a Southern New York federal court to one count of conspiracy to commit computer…
Researchers have uncovered two variants of information-stealing Mac malware that impersonates a legitimate stocks and cryptocurrency trading application. The two variants, identified by Trend Micro as Trojan.MacOS.GMERA.A and Trojan.MacOS.GMERA.B, both include a copy of Stockfolio version 1.4.13, along with the malware author’s digital certificate and various malicious components. The first variant’s components include a Mach-O…
For months in some instances, Canadian banking giant Scotiabank reportedly stored highly sensitive digital property on a series of publicly open and accessible GitHub repositories, potentially exposing its internal source code, login credentials and access keys. The financial institution had the repositories “torn down” earlier this week after being alerted to the error, according to…
Cybercriminals recently set up impostor websites for the NordVPN virtual private network service and two office software products, in an attempt to infect visitors with the Win32.Bolij.2 banking trojan, according to researchers. Launched on Aug. 8, the fake NordVPN site, nord-vpn[.]club, has already drawn thousands of visitors so far this month, Dr.Web reports in an…
First American Financial Corp. is reportedly the subject of a U.S. Securities and Exchange Commission investigation, following the discovery of a website defect that left 885 million documents exposed to the public. Earlier this year, the financial services company’s website was found to have allowed anyone with a web browser and a URL for a…
The U.K.-based digital bank Monzo Sunday disclosed that it has fixed an error that caused certain customers’ PIN codes to be stored in a less secure area of its internal systems. In an Aug. 4 company blog post, the mobile-only banking services provider acknowledged that it mistakenly had recorded some customers’ PINs in encrypted log…
