More Than 140GB of Data Exposed by Israeli Marketing Company

An Israeli marketing company exposed more than 140GB of data by mishandling the credentials for an Elasticsearch database. A San Diego-based DevOps engineer who uses the Twitter handle 0m3n detected the disclosure after they grew tired of receiving tex… Continue reading More Than 140GB of Data Exposed by Israeli Marketing Company

Scammers Disguise Two Domains as CDN to Cloak Credit Card Skimmer

Scammers disguised two domains as a content delivery network (CDN) in an attempt to quietly target visitors with a credit card skimmer. Malwarebytes noticed something suspicious within the website code of a Parisian boutique store. At first, the script… Continue reading Scammers Disguise Two Domains as CDN to Cloak Credit Card Skimmer

Attack Campaign Leveraged Coronavirus Theme to Deliver Remcos RAT

Security researchers discovered an attack campaign that abused fears surrounding the global coronavirus outbreak to deliver the Remcos RAT. Yoroi Security detected the attack campaign when its threat intelligence activities uncovered a suspicious artif… Continue reading Attack Campaign Leveraged Coronavirus Theme to Deliver Remcos RAT

DoppelPaymer Ransomware Launches Site for Publishing Victims’ Data

The operators of DoppelPaymer ransomware launched a site for publishing the data of their victims who don’t pay the ransom. On February 25, DoppelPaymer’s handlers published a site called “Dopple leaks.” A message on the site at… Continue reading DoppelPaymer Ransomware Launches Site for Publishing Victims’ Data

Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials

Security researchers detected several phishing campaigns that leveraged a Google Docs Form to target users’ Microsoft credentials. Cofense observed that the phishing emails originated from a compromised email account with privileged access to fin… Continue reading Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials

U.S. Department of Defense Disclosed Data Breach at DISA

The U.S. Department of Defense (DoD) warned that a data breach at the Defense Information Systems Agency (DISA) might have compromised some individuals’ personal information. In a photograph of a letter obtained by Reuters, DISA CIO and Risk Mana… Continue reading U.S. Department of Defense Disclosed Data Breach at DISA

Scammers Use Fake Website to Masquerade as Burning Man Organizers

Scammers created a fake website to masquerade as the organizers of Burning Man and to trick people into buying non-existent tickets for the arts event. Kaspersky Lab discovered a fraudulent website that attempted to capitalize on people’s interes… Continue reading Scammers Use Fake Website to Masquerade as Burning Man Organizers

CISA Disclosed Ransomware Attack at Natural Gas Compression Facility

The Cybersecurity and Infrastructure Security Agency (CISA) revealed that a natural gas compression facility suffered a ransomware attack. According to CISA Alert (AA20-049A), digital attackers leveraged a spearphishing link and abused the lack of robu… Continue reading CISA Disclosed Ransomware Attack at Natural Gas Compression Facility

Payment Card Data Security Incident Disclosed by Rutter’s

Convenience store and gas station chain Rutter’s disclosed a security incident that might have affected customers’ payment card data. According to a notice posted on its website, Rutter’s launched an investigation after receiving a re… Continue reading Payment Card Data Security Incident Disclosed by Rutter’s

‘Ransomwared’ Ransomware Strain Demands Explicit Pictures as Payment

Security researchers spotted a new ransomware strain called “Ransomwared” demanding explicit pictures from its victims as a means of payment. Upon successful infection, Ransomwared runs its encryption routine, appending the file extensions … Continue reading ‘Ransomwared’ Ransomware Strain Demands Explicit Pictures as Payment