Don’t tell Luigi, but Nintendo video game hero Mario may have joined Bowser on the dark side. A malspam sample targeting Italy was recently observed using a steganographic image of Mario (of Super Mario fame) to hide malicious code designed to infect victims with the Ursnif banking trojan. In a Feb. 8 company blog post,…
An spam-based phishing campaign recently targeted North American banking customers with malicious Excel documents designed to infect victims with a new variant of the information-stealing TrickBot banking trojan, researchers reported earlier this week. The scam dates back to at least Jan. 27 and peaked in volume on Jan. 30, according a new blog post from…
The Bayside Covenant Church of Roseville, Calif. reported that for three months last year unauthorized personnel accessed some employee information. In a statement, the church said access was gained to certain email accounts through a still unknown means, from Aug. 3, 2018 to Oct. 20, 2018. The information exposed included names, addresses, Social Security Numbers,…
Subscribers to a Tibetan Government-in-Exile mailing list were targeted in a recent email-based phishing campaign designed to infect them with a remote access trojan. Dubbed ExileRAT, the trojan is capable of gathering system information, retrieving and pushing files, and executing and ending various processes, according to a blog post from Cisco Systems’ Talos division, whose…
Delaware’s Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies. It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a “data security…
Attackers this month have revived an email phishing operation that targets Russian speakers with Shade ransomware served via malicious JavaScript attachments. The scam first emerged in a campaign that began in mid-October of last year, before dying down over the holiday period. But January ushered in a more intense second phase that doubled the previous…
Considering the hundreds of millions of records exposed in data breaches just last year, the 12th annual Data Privacy Day could not arrive quickly enough. On the plus side for privacy, at least for EU residents, GDPR went into effect last May and will soon be joined by the California Consumer Privacy Act and other…
An ongoing email phishing campaign designed to spread Redaman banking malware aggressively targeted Russian-speakers, especially those with .ru addresses, over the last four months of 2018. Researchers at Palo Alto Networks’ Unit 42 division reported this week in a company blog post that from September through December, its threat intelligence service detected 3,845 email sessions…
Threat actors are sending out a wave of phishing emails disguised as missed voicemail notifications in an attempt to bypass both email scanners and user suspicions. The attack is sent in the form of an email purporting to be a notification about a voice message using subject lines such as “PBX Message,” “Voice:Message” or “Voice…
Kansas-based Valley Hope Association addiction treatment centers are notifying patients their personal information may have been compromised in a phishing attack which granted unauthorized access to an employee’s email account. An investigation revealed on Nov. 23, 2018, that the threat actors logged into the account between Oct. 9-10, 2018, resulting in a risk of unauthorized…
