by CIRT Team
Phishers target panicking PayPal users with fake “failed transaction” emails [source: helpnetsecurity]
With the end-of-the-year holidays quickly approaching and many users worrying whether the gifts they bought online will be delivered in time for the festivities, an email from PayPal saying their transactions were impossible to verify or their payments were not processed will throw most users for a loop. Phishers are counting on that, and are hoping that panicking users will be too distraught to notice...
Read More
by CIRT Team
Student Hacks High School, Changes Grades [source: bleepingcomputer]
Tenafly High School has informed parents earlier this month that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after. The New Jersey-based high school has not named the student but said it informed authorities, and law enforcement is currently handling the investigation. According to reports in local media [1, 2], the teen...
Read More
by CIRT Team
PayPal Says 1.6 Million Customer Details Stolen in Breach [source: bleepingcomputer]
PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers. The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired TIO Networks this past July for...
Read More
by CIRT Team
2018 Malware Forecast: ransomware hits hard, continues to evolve [source: sophos]
Sophos releases its 2018 Malware Forecast today, and the big takeaway is this: ransomware remains a huge problem for companies and isn’t going away. In 2017, attackers further perfected their ransomware delivery techniques, leading to global outbreaks such as WannaCry, NotPetya and, most recently, Bad Rabbit. Though most ransomware is hitting Windows users, it’s clear that people aren’t immune if they use other platforms, including mobile devices. A prime example is the...
Read More
by CIRT Team
The Shipping Giant Clarkson has suffered a security breach [source: securityaffairs]
Clarkson, one of the world’s largest providers of shipping services publicly disclosed a security breach. Clarkson confirmed the hackers may release some of the stolen data, it hasn’t provided further details due to the ongoing law enforcement investigation. The information disclosed by the company suggests cyber criminals blackmailed the company requesting the payment of a ransom in order to avoid having its data leaked online. According to Clarkson,...
Read More
by CIRT Team
Google Will Block 3rd-Party Software From Injecting Code Into Chrome[source:bleepingcomputer]
Google has laid out a plan for blocking third-party applications from injecting code into the Chrome browser. The most impacted by this change are antivirus and other security products that often inject code into the user’s local browser process to intercept and scan for malware, phishing pages, and other threats. Google says these changes will take place in three main phases over the next 14...
Read More
by CIRT Team
Even Highly Skilled Cyber-Thieves Make Stupid Mistakes !![source: bleepingcomputer]
Cobalt, a highly-skilled group of hackers who target banks and financial institutions, may have committed a mistake and accidentally leaked a list of all their current targets, according to Yonathan Klijnsma, a security researcher with RiskIQ. The error occurred in a spear-phishing campaign that took place last week, on November 21. Group accidentally exposes a list of targets Klijnsma says the group sent out a...
Read More
by CIRT Team
“Huge Dirty COW” (CVE-2017–1000405) [source: medium]
The “Dirty COW” vulnerability (CVE-2016–5195) is one of the most hyped and branded vulnerabilities published. Every Linux version from the last decade, including Android, desktops and servers was vulnerable. The impact was vast — millions of users could be compromised easily and reliably, bypassing common exploit defenses. Plenty of information was published about the vulnerability, but its patch was not analyzed in detail. We at Bindecy were...
Read More
by CIRT Team
‘McAfee Labs 2018 Threats Predictions Report’ Previews 5 Cybersecurity Trends[source:mcafee]
Welcome to the McAfee Labs 2018 Threats Predictions Report. We find ourselves in a highly volatile stage of cybersecurity, with new devices, new risks, and new threats appearing every day. In this edition, we have polled thought leaders from McAfee Labs and the Office of the CTO. They offer their views on a wide range of threats, including machine learning, ransomware, serverless apps, and privacy...
Read More
by CIRT Team
Unix mailer Exim is affected by RCE, DoS vulnerabilities [source: securityaffairs]
The Exim Internet mail message transfer agent warned of flaws through the public bug tracker, sys admins have to apply the workaround asap. Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet, it is the most popular MTA on the Internet. The Internet mail message transfer agent warned of flaws through the public bug tracker, an unfortunate choice...
Read More
