- PayPal says crooks poked around 35,000 accounts in credential stuffing attack
January 19, 2023
The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company’s customers this week. PayPal attributed this privacy breach to “unauthorized parties,” who accessed accounts using customer login credentials. That is to say, whoever got into the accounts had found out or guessed their victims’ ...
- Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner
January 19, 2023
Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom. Yum! Brands operates 53,000 restaurants across 155 countries and territories, with over $5 billion in total assets ...
- WhatsApp Ireland fined €5.5 million for breaches of GDPR
January 19, 2023
WhatsApp Ireland has been fined €5.5 million for breaches of GDPR. The Data Protection Commission (DPC) has also announced that WhatsApp Ireland has been given six months to bring its data processing operations into compliance. The EU’s General Data Protection Regulation, or GDPR, was adopted in 2016 and came into force on 25 May, 2018. Read more… Source: The ...
- Following the LNK metadata trail
January 19, 2023
Microsoft announced at the beginning of 2022 that they would soon start to disable macros by default in Office documents downloaded from the Internet. They implemented the changes around June, only to remove the feature later that month. The feature was finally re-enabled by the end of July. Cisco Talos observed threat actors reacting to ...
- Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
January 19, 2023
Mandiant is tracking a suspected China-nexus campaign believed to have exploited a recently announced vulnerability in Fortinet’s FortiOS SSL-VPN, CVE-2022-42475, as a zero-day. Evidence suggests the exploitation was occurring as early as October 2022 and identified targets include a European government entity and a managed service provider located in Africa. Mandiant identified a new malware they ...
- Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
January 19, 2023
Roaming Mantis (a.k.a Shaoye) is well-known as a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation. Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer ...
- Chinese Playful Taurus Activity in Iran
January 18, 2023
Playful Taurus, also known as APT15, BackdoorDiplomacy, Vixen Panda, KeChang and NICKEL, is a Chinese advanced persistent threat group that routinely conducts cyber espionage campaigns. The group has been active since at least 2010 and has historically targeted government and diplomatic entities across North and South America, Africa and the Middle East. In June 2021, ESET ...
- “Payzero” Scams and The Evolution of Asset Theft in Web3
January 18, 2023
Web3 is a lucrative emerging technology where many participants seek quick profit via the different methods of monetization for their online assets. What makes Web3 different from what’s typically called Web2 is that its users are not only participants but are also the owners of digital assets. Web3 users no longer employ the traditional user ...
- MailChimp discloses new breach after employees got hacked
January 18, 2023
Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers. MailChimp says the attackers gained access to employee credentials after conducting a social engineering attack on Mailchimp employees and contractors. Read more… Source: Bleeping Computer
- Thousands of Sophos firewalls still vulnerable out there to hijacking
January 18, 2023
More than 4,000 public-facing Sophos firewalls remain vulnerable to a critical remote code execution bug disclosed last year and patched months later, according to security researchers. The flaw, CVE-2022-3236, had already been exploited as a zero-day when Sophos published a security advisory about the vulnerability in September 2022. At the time, the vendor said the hole ...
- Ukraine links data-wiping attack on news agency to Russian hackers
January 18, 2023
The Computer Emergency Response Team of Ukraine (CERT-UA) has linked a destructive malware attack targeting the country’s national news agency (Ukrinform) to Sandworm Russian military hackers. “According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency’s information infrastructure, but the threat has been swiftly localized nonetheless,” the State ...