• Hacked Disney+ Accounts on Sale for $1

    Hacked Disney+ Accounts on Sale for $1 Disney's new video-on-demand streaming service has been compromised within a week of its being launched, with hacked Disney+ accounts offered for sale online for just $1. According to The Daily Dot, the hugely popular Disney+ service, which amassed over 10 million subscribers on its first day alone, was targeted by threat actors from the get-go. Within hours of the service going live on November 12, Disney+ users began posting messages o
  • SEC Charges Man With $42 Million Crypto Fraud Scheme

    SEC Charges Man With $42 Million Crypto Fraud Scheme A US entrepreneur has been charged with defrauding investors in a cryptocurrency Initial Coin Offering (ICO) that raised more than $42 million.The Securities and Exchange Commission (SEC) alleged that UnitedData founder Eran Eyal conducted a “fraudulent unregistered securities offering” by selling tokens for his Shopin business from August 2017 to April 2018.It’s claimed that Eyal pocketed at least $500,000 of investor f
  • Advertisement

  • Over 100 Phishing Sites Spotted in Global Government Campaign

    Over 100 Phishing Sites Spotted in Global Government Campaign Scores of domains and over 120 phishing sites have been detected as part of a major global campaign targeting government procurement services, according to Anomali.The security vendor said the credential harvesting campaign featured spoofed sites for multiple international government departments, email services and two courier services, plus the usual email-based social engineering techniques.The attached documents in these phish
  • Bad Santa: Smart Home Hacker Taunts Terrified Child

    Bad Santa: Smart Home Hacker Taunts Terrified ChildThe security of smart home equipment has come under scrutiny again after a hacker compromised a US family’s connected camera system to spy on and talk to its 8-year-old daughter.The Ring camera was only installed for four days in the girl’s room before the incident, according to local reports.After remotely compromising the device, the male hacker appears to have taunted the child, encouraging her to destroy her room and playing
  • Advertisement

  • Emsisoft Declares Ransomware Crisis

    Emsisoft Declares Ransomware Crisis Internationally renowned security software company Emsisoft has declared a ransomware crisis and called on governments to take immediate action to improve their security and mitigate risks. So serious is the threat posed by ransomware that the New Zealand company has published a report into the effects of the malware on the United States three weeks earlier than planned in an effort to prevent further attacks.The State of Ransomware in the US:&n
  • Registration Opens for Girls' Free Cybersecurity Training

    Registration Opens for Girls' Free Cybersecurity Training Girls in America are being invited to register for a free national cybersecurity training program that starts next year.The 2020 Girls Go CyberStart challenge is being run in partnership with SANS Institute to encourage more young women to explore cybersecurity. The online training program is aimed at high school girls with the intention of encouraging them to consider a career in the increasingly understaffed cybersecurity indu
  • Manhattan Hotel to Pilot Cyber-Safe Travel Program

    Manhattan Hotel to Pilot Cyber-Safe Travel ProgramGuests at a historic New York hotel will soon be offered a new way to stay cyber-safe away from home. The Martinique New York on Broadway, which has been welcoming guests since 1897, is to pilot a new Cyber Safe Travel product designed to protect occupants' personal data from cyber-attackers. Designed by full-service risk management, cybersecurity and training company Cino Ltd, Cyber Safe Travel uses keystroke encryption,
  • Three Charged in $722 Million Crypto Ponzi Scheme

    Three Charged in $722 Million Crypto Ponzi Scheme Three men have been arrested and charged in connection with a cryptocurrency conspiracy which defrauded investors out of at least $722 million.Matthew Brent Goettsche, 37, of Lafayette, Colorado; Jobadiah Sinclair Weeks, 38, of Arvada, Colorado; and Joseph Frank Abel, 49, of Camarillo, California, have been charged with conspiracy to offer and sell unregistered securities, while the first two are also charged with conspiracy to commit wire fraud.
  • Three Charged in $722 Crypto Ponzi Scheme

    Three Charged in $722 Crypto Ponzi Scheme Three men have been arrested and charged in connection with a cryptocurrency conspiracy which defrauded investors out of at least $722 million.Matthew Brent Goettsche, 37, of Lafayette, Colorado; Jobadiah Sinclair Weeks, 38, of Arvada, Colorado; and Joseph Frank Abel, 49, of Camarillo, California, have been charged with conspiracy to offer and sell unregistered securities, while the first two are also charged with conspiracy to commit wire fraud.They sol
  • Over One Billion Email-Password Combos Leaked Online

    Over One Billion Email-Password Combos Leaked OnlineBillions of email addresses and plain text passwords have been leaked online by an unnamed party, putting countless internet users at risk from credential stuffing and other attacks.Security researcher Bob Diachenko discovered the unsecured Elasticsearch database on December 4, although it was first indexed by the BinaryEdge search engine and therefore publicly available from the very start of the month.After he notified the US-based ISP hostin
  • North Korean Hackers Tap Power of New TrickBot Module

    North Korean Hackers Tap Power of New TrickBot ModuleNorth Korea’s infamous Lazarus Group has been using a new stealth module developed by the group behind TrickBot for covert data theft, according to new research.The Anchor module is a framework of tools designed “for targeted data extraction from secure environments and long-term persistency,” according to SentinelOne.It includes memory scrapers, POS malware, backdoor installers and submodules enabling lateral movement, among
  • Cybersecurity Requirements for US Defense Contracts Expected in 2020

    Cybersecurity Requirements for US Defense Contracts Expected in 2020 The US Department of Defense (DoD) is planning to protect its supply chain from threat actors by introducing a cybersecurity certification program for its contractors. Undersecretary of defense for acquisition and sustainment, Ellen Lord, said the new cybersecurity maturity model certification program will play a vital role in ensuring that the companies seeking to win DoD contracts meet stringent cybersecurity requirement
  • Healthcare Provider Agrees to Cough Up $6M to Settle Data Breach Lawsuit

    Healthcare Provider Agrees to Cough Up $6M to Settle Data Breach Lawsuit American healthcare provider Banner Health has agreed to pay the alleged victims of a 2016 data breach $6 million. Banner Health operates 28 hospitals and specialized facilities across six states, providing jobs for over 50,000 people. The company, which is the largest single employer in Arizona, suffered a data breach in June 2016.Threat actors accessed the private health data of 2.9 million individuals
  • US Software Testing Giant Buys AI Firm

    US Software Testing Giant Buys AI Firm Software testing and quality assurance company Qualitest has announced the acquisition of an Israeli firm specializing in the creation of automated machine learning tools. AlgoTrace, which is based in Tel Aviv, uses artificial intelligence (AI) and machine learning (ML) to assist companies to improve their predictive analytic capabilities. The company was founded in 2016 and is best known for its tool AlgotraceML.While news of the acquisition
  • Microsoft Patches Just 36 Flaws in December

    Microsoft Patches Just 36 Flaws in DecemberMicrosoft has taken pity on system administrators by ending the year with a relatively light patch load fixing just 36 vulnerabilities.The update round includes seven critical flaws and one being actively exploited in the wild: CVE-2019-1458, a privilege escalation vulnerability in the Win32k component.Although it’s only listed as “important,” security experts urge admins to prioritize a fix for that bug. Recorded Future intelligence a
  • ISP 1&1 Hit With €9.6 Million GDPR Fine

    ISP 1&1 Hit With €9.6 Million GDPR FineInternet service provider (ISP) and hosting company 1&1 has been fined nearly €10 million ($11m) by Germany’s GDPR watchdog for data protection failures in its call centers.The United Internet subsidiary, which operates across Europe and the Americas, will be appealing the €9.55 million ($10.6m) penalty from the German Federal Data Protection Authority (BfDI).“Under GDPR organizations are obliged to put in place adequate t
  • Connected Toys Expose Smart Homes: Report

    Connected Toys Expose Smart Homes: ReportSecurity experts have warned of several flaws in connected toys which could allow hackers to talk to the children using them or even launch attacks against the smart home.British consumer advice group Which? enlisted the help of pen testing firm NCC Group to run the rule over seven smart toys from major retailers Amazon, Smyths, Argos and John Lewis.Several, including the Singing Machine SMK250PP and TENVA’s pink karaoke microphone, don’t requ
  • UK Government Issues Cybersecurity Warning to Charities

    UK Government Issues Cybersecurity Warning to Charities The British government issued a cybersecurity alert to charities today warning of a spike in reported cases of mandate fraud in which scammers impersonate employees.A spokesperson for the Charity Commission said: "We have received several reports from charities who have been targeted by fraudsters impersonating members of staff, specifically attempting to change employees bank details."All the requests to change employee
  • Cyber Predator Arrests Double in New Jersey

    Cyber Predator Arrests Double in New Jersey The number of people arrested for using the internet to exploit people for sexual and other purposes has grown by 2.5 times in just four years in the state of New Jersey.In 2015, New Jersey law enforcement officers arrested 143 cyber predators. This year, the figure is expected to rise to over 360.New Jersey attorney general Gurbir Grewal said action is being taken to crack down on individuals who stalk young children and teens online, but with cr
  • Arkansas to Teach Cybersecurity in High Schools

    Arkansas to Teach Cybersecurity in High SchoolsArkansas high school students will be offered cybersecurity courses for the first time next year. The courses, which are due to commence in the fall of 2020, will be designed to prepare students to study cybersecurity at college or to pursue an industry-level certification after they graduate high school.The state's curriculum will be based on models created by the University of Arkansas at Little Rock (UALR) and already in use at the universit
  • Islamist extremism remains dominant UK terror threat, say experts

    Islamist extremism remains dominant UK terror threat, say experts
    London Bridge attack shows huge challenge remains after focus on far-right in past yearThe attack on London Bridge shows the Islamist threat remains strong in the UK, counter-terrorism and counter-extremism experts have said, warning against complacency.The murder of Jack Merritt and Saskia Jones on 29 November by Usman Khan was the first fatal Islamist terror incident in two years. Continue reading...
  • Data Leak Exposes 750K Birth Certificate Applications

    Data Leak Exposes 750K Birth Certificate ApplicationsOver 750,000 applications for US birth certificates have been found exposed online thanks to a misconfigured cloud server.UK security firm Fidus Information Security found the trove, which was left unsecured in an Amazon Web Services (AWS) bucket with no password protection.The company in question hasn’t been named because it has yet to respond to attempts by the research team to notify it of the privacy snafu. It provides a service
  • UK Government Laptop Losses Soar 400%

    UK Government Laptop Losses Soar 400%The UK’s Ministry of Justice (MoJ) has seen laptop losses soar by 400% over the past three years, according to new Freedom of Information (FOI) data.Security vendor Apricorn sent FOI requests to five government departments to better understand the extend of their risk exposure through lost or stolen devices.Of the three that responded, the MoJ appeared to show the largest increase in losses: with the number of laptops going missing rising from just 45 i
  • Pensacola Under Attack as Suspected Ransomware Strikes

    Pensacola Under Attack as Suspected Ransomware StrikesThe US city of Pensacola has become the latest municipality to suffer a suspected ransomware attack taking out local services.The north-west Florida city came under attack early on Saturday morning local time, according to local reports.“The City of Pensacola has experienced a cyber incident, and we have disconnected much of our city network until the issue can be resolved. Our IT Department is working diligently to resolve the issue,&r
  • Wipro Launches Cyber Defense Center Down Under

    Wipro Launches Cyber Defense Center Down UnderAn Indian information technology, consulting, and business process services company has opened its first of what could eventually be many cybersecurity centers in Australia.Wipro Limited announced the launch of the NextGen Cyber Defense Center on Thursday. The new state-of-the-art facility, which is located in the coastal city of Melbourne, is expected to create over 100 jobs. A Wipro spokesperson said: "With the launch of this center,
  • British Cybersecurity Firm Goes Under Owing Millions

    British Cybersecurity Firm Goes Under Owing Millions An award-winning British cybersecurity firm has gone into administration owing £3.5m to unsecured creditors.XQ Digital Resilience Limited, which traded as XQ Cyber, brought in administrators David Rubin & Partners after declaring bankruptcy in October by placing a notice in the London Gazette. The company was best known for developing CyberScore, a security testing and rating service that converts raw vulnerability data int
  • Ransomware Attack on Minnesota Health Facility

    Ransomware Attack on Minnesota Health Facility A Minnesota healthcare facility specializing in treatments for the face, teeth, mouth, and jaw has been hit by a ransomware attack.Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) announced the data security incident on Thursday via their website.On September 23, 2019, threat actors struck a server used by the organization. IT staff were able to intervene immediately to restore the impacted data. No mention was made as to the am
  • Vietnamese Hackers Compromised BMW and Hyundai: Report

    Vietnamese Hackers Compromised BMW and Hyundai: ReportA Vietnamese state-backed threat group has been blamed for cyber-attacks that compromised the networks of BMW and Hyundai over recent months.APT32, also known as “Ocean Lotus,” has been operational for the past few years. This spring it managed to infiltrate the network of the German car giant, installing a pen testing tool known as Cobalt Strike to remotely spy on machines, according to local reports.However, BMW’s cybersec
  • FTC: Cambridge Analytica Deceived Facebook Users

    FTC: Cambridge Analytica Deceived Facebook UsersCambridge Analytica deceived tens of millions of Facebook users by working to harvest their personal data for use in political targeting, the FTC has ruled.The regulator voted 5-0 in favor of issuing the Opinion and Final Order to the notorious consulting firm, which worked with developer Aleksandr Kogan to obtain data on as many as 87 million Facebook users.That data, harvested via an innocuous-looking app, was subsequently used to target swing vo
  • Reddit: US-UK NHS ‘Sale’ Docs Leaked by Russia

    Reddit: US-UK NHS ‘Sale’ Docs Leaked by RussiaDocuments allegedly revealing a secret post-Brexit US-UK trade deal were leaked online as part of a Russian influence campaign, Reddit has claimed.The social site said it has banned 61 accounts and one subreddit following an investigation into the origin of the documents, which had been seized on by the opposition Labour Party as proof of a deal to ‘sell’ the NHS to US companies.Those it found guilty of posting and sharing the

Follow @Security_UKnws on Twitter!