Collaborate Disseminate
An undisclosed number of Discover card account holders have learned of a data breach that might have compromised their account information. According to Bleeping Computer, Discover Financial Services first learned of the security incident on 13 August … Continue reading Untold Number of Discover Card Account Holders Notified of Data Breach
Bad actors have targeted a video-sharing technology platform with credential stuffing attacks in order to hijack users’ accounts. On 25 January, Dailymotion published a statement on its website in which it announced that it had been the subject o… Continue reading Video-Sharing Platform Targeted by Credential Stuffing Attacks
An ongoing malicious spam campaign is currently targeting Russian-speaking users with samples of the Redaman banking malware. Since at least September 2018, the malspam campaign has been sending out malicious spam emails written in Russian to users who… Continue reading Malspam Campaign Targeting Russian Speakers with Redaman Malware
A short-lived malvertising campaign leveraged a steganography-based payload to target Mac users with the Shlayer trojan. Named for its use of veryield-malyst[dot]com as one of its ad-serving domains, the “VeryMal” threat actor conducted its… Continue reading Malvertising Campaign Used Steganography to Distribute Shlayer Trojan
The Department of Homeland Security (DHS) has issued an emergency directive that requires federal agencies to mitigate the threat of Domain Name System (DNS) infrastructure tampering. In “Emergency Directive 19-01,” DHS explains that itR… Continue reading DHS Issues Emergency Directive on DNS Infrastructure Tampering
STOP ransomware is using adware installers disguised as cracks as a new method of distributing itself to unsuspecting users. According to Bleeping Computer creator and owner Lawrence Abrams, websites known for distributing software cracks, or software … Continue reading Adware Installers Disguised as Cracks Installing STOP Ransomware
A new strain of ransomware known as “Phobos” is using the same ransom note employed by Dharma to demand payment from its victims. Ransomware incident response provider Coveware found that Phobos’ ransom message differs from DharmaR… Continue reading New Phobos Ransomware Using Same Ransom Note as Dharma
The Microsoft Security Response Center (MSRC) has announced the creation of a bug bounty program for Azure DevOps services. On 17 January, MSRC said it would begin awarding bounties of up to $20,000 for reports on eligible vulnerabilities affecting Azu… Continue reading Microsoft Announces Azure DevOps Bug Bounty Program
A data breach known as “Collection #1” exposed approximately 800 million email addresses as well as tens of millions of passwords. In the beginning of January, multiple people reached out to Australian web security expert Troy Hunt about a … Continue reading Nearly 800 Million Email Addresses Exposed in “Collection #1” Data Breach
The U.S. Department of Justice (DOJ) has charged two Ukrainians with participating in a plot to hack into computers systems at the U.S. Securities and Exchange Commission (SEC) and use the information they stole to commit fraud. On 15 January, the U.S…. Continue reading Two Ukrainians Charged with Plot to Hack into SEC and Commit Fraud