London Blue scammers were spotted running BEC scams against employees in Asia who are working for companies in the US, Australia, or Europe. London Blue scammers are spoofing the email address of the target company’s CEO in order to add more authenticity to their scam emails. What is the issue – London Blue scammers were spotted running BEC scams against employees ...
Read More »Cyber Security News
Facebook Data of Millions Exposed in Leaky Datasets
Researchers say that two publicly exposed dataset are leaking Facebook data- from user names to plaintext passwords. Hundreds of millions of Facebook records – including account names, personal data, and more – have been found in two separate publicly-exposed app datasets. The first publicly-exposed dataset originates from a Mexico-based media company, Cultura Colectiva, and contains over 540 million records including ...
Read More »Google researcher finds zero-day in P-Link SR20 router smart home hub
Google security researcher Matthew Garrett publicly released a zero day vulnerability he discovered in the TP-Link SR20 router smart home hub in one device. The device is designed to integrate with a user’s home automation kit that allows them to use the device as the core of their home network and to work with other smart devices. The vulnerability could ...
Read More »Group-IB report: JS-sniffers infected 2440 websites around the world
Crime without punishment: Group-IB issues a new report on JS-sniffers that infected 2440 websites around the world Group-IB, an international company that specializes in preventing cyberattacks, has issued a new comprehensive report on the analysis of JavaScript-sniffers – a type of malware designed to steal customer payment data from online stores. 2440 infected ecommerce websites with a total of around 1.5 million unique daily ...
Read More »The FBI Takes Too Long to Alert Victims of Cyberattacks
In one instance, agents waited nine months to tell a company it had been breached, according to an internal watchdog. The FBI takes too long to notify groups when they’ve succumbed to cyberattacks, and the alerts those victims receive are often sparse on useful information, according to an internal watchdog. The Justice Department Inspector General found the bureau’s reliance on ...
Read More »NSA-style backdoor in Huawei laptops found by Microsoft
The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops. The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops. The PCManager software included in some Huawei’s Matebook systems allows unprivileged users ...
Read More »Toyota suffered a data breach compromising sales information of almost 3.1 million customers
Hackers breached Toyota’s IT systems and gained unauthorized access to servers that contained sales information of almost 3.1 customers. The accessed data belongs to several sales subsidiaries such as Toyota Tokyo Sales Holdings, Tokyo Tokyo Motor, Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo, Lexus Koishikawa Sales, Jamil Shoji (Lexus Nerima), and Toyota West Tokyo Corolla. What is the issue ...
Read More »Magento fixes critical SQL vulnerability with latest security updates
The e-commerce platform released patches for both Magento Commerce and Magento Open Source variants. The SQL flaw found in versions 2.3.1 and earlier could allow attackers to steal sensitive information from databases connected to Magento-based sites. Content management software provider Magento has released a string of updates to fix multiple security holes in its platform. These updates come after the ...
Read More »Business Email Compromise (BEC) Scams: A deep insight on how attackers leverage social engineering tricks to perform BEC scams
Business Email Compromise (BEC) is a type of scam that targets corporate companies that pay bills via wire transfers. BEC scammers targeting employees of corporate companies mostly impersonate the company’s CEO or senior executives. These scammers use social engineering techniques to trick employees into sending funds directly to the scammers. Types of BEC Scams According to the FBI, there are five ...
Read More »Man in the Middle (MitM) attack – What is it and how to stay protected?
The first and foremost step in the Man-in-the-Middle (MitM) attack is to intercept internet traffic before it reaches its destination. Once the interception is achieved, the SSL traffic has to be decrypted without the user’s knowledge and without interrupting the application. Man-in-the-Middle (MitM) is an attack where the attacker eavesdrops on the communication between two parties, commonly between a user ...
Read More »