fbpx

Download free GDPR compliance checklist!

Tag Archives for " malware "

Hackers are hiding virtual credit card skimmers in image file metadata

Hackers put Magecart JavaScript code into the EXIF metadata of image files, which is then loaded and executed by compromised stores.

Hiding malicious code inside of images is nothing new, but it’s the first time security researchers have seen them used to obscure credit card skimmers.

Source: Hackers are hiding virtual credit card skimmers in image file metadata | Engadget

Google removes 49 Chrome extensions caught stealing crypto-wallet keys

The Chrome extensions were mimicking cryptocurrency wallet apps like Ledger, MyEtherWallet, Trezor, Electrum, and others, but, in reality, they were stealing users’ private keys and mnemonic phrases.

49 extensions appear to have been put together by the same person/group, believed to be a Russian-based threat actor. Whilst the extensions all function the same, the branding is different depending on the user they are targeting.

Source: Exclusive: Google removes 49 Chrome extensions caught stealing crypto-wallet keys | ZDNet

Attack on Home Routers Sends Users to Spoofed Sites That Push Malware

Researchers are warning that a hack of Linksys and D-Link routers is redirecting users to malicious sites posing as COVID-19 informational resources.

The hacks redirect users to malicious sites that install malware or attempt to phish passwords.

Source: Attack on Home Routers Sends Users to Spoofed Sites That Push Malware | News | Communications of the ACM

Android surveillanceware operators jump on the coronavirus fear bandwagon

Researchers have uncovered a mobile surveillance campaign that has used more than 30 malicious Android apps to spy on targets over the past 11 months. Two of the most recent samples are exploiting the coronavirus by hiding off-the-shelf surveillanceware inside apps that promise to provide information about the ongoing pandemic.

One of the apps, “corona live 1.1,” is a trojanized version of “corona live,” a legitimate app that provides an interface to data found on tracker from Johns Hopkins University. Buried inside the spoofed app is a sample of SpyMax, a commercially available piece of surveillanceware that gives attackers real-time control of infected devices.

A second app used in the same campaign is called “Crona.” The campaign, which has been active since April 2019 at the latest, was discovered by researchers from mobile-security provider Lookout.

Source: Android surveillanceware operators jump on the coronavirus fear bandwagon | Ars Technica

Retailer fined half a million pounds for data breach of at least 14 million people

The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

An attacker installed malware on 5,390 tills at DSG’s Currys PC World and Dixons Travel stores between July 2017 and April 2018, collecting personal data during the nine month period before the attack was detected.

The company’s failure to secure the system allowed unauthorised access to 5.6 million payment card details used in transactions and the personal information of approximately 14 million people, including full names, postcodes, email addresses and failed credit checks from internal servers.

Source: National retailer fined half a million pounds for failing to secure information of at least 14 million people | ICO

Google teams up with security companies to catch bad apps before they hit the Play Store 

Google announced that it’s teaming up with three security companies to help identify malicious apps before they’re published on the Play Store and can potentially do harm to Android users. The company is calling this partnership the App Defense Alliance.

Android is on over 2.5 billion devices, according to Google, and the company says that makes the platform “an attractive target” for abuse.

Source: Google teams up with security companies to catch bad apps before they hit the Play Store – The Verge

Italy hit by a wave of musical ransomware attacks

The musical ransomware, FTCode, plays German rock music whilst encrypting victims’ files.

Researchers at AppRiver discovered FTCode within malicious email campaigns targeting Italian Officer 365 customers. Victims receive emails containing malicious content posing as invoices, documents scans and resumes.

Source: #Privacy: Italy hit by a wave of musical ransomware attacks

Mysterious iOS Attack Changes Everything We Know About iPhone Hacking

For two years, a handful of websites have indiscriminately hacked thousands of iPhones.

The rare and intricate chains of code took advantage of a total of 14 security flaws, targeting everything from the browser’s “sandbox” isolation mechanism to the core of the operating system known as the kernel, ultimately gaining complete control over the phone.

Source: Mysterious iOS Attack Changes Everything We Know About iPhone Hacking | WIRED

Malware that can record computer screens discovered

A new malware has been discovered that is able to record the screen of an infected machine and identify a user who is viewing porn.

Researchers at IT security company ESET, first observed the malware dubbed “Varenyky” in May 2019. A month later, researchers saw the first malicious document infecting a victim’s computer which had been attached to an email message.

Source: #privacy: Malware that can record computer screens discovered

Report reveals the dangers and trends of malware through 2018

Last year, the arrival of the EU’s General Data Protection Regulation sent shockwaves through the world of data protection. Big corporates registered record-breaking data breaches, while pre-GDPR transgressions such as those committed in the Facebook/Cambridge Analytica scandal fell under heightened scrutiny of a more privacy-conscious age.

Full article: Report reveals the dangers and trends of malware through 2018

1 2 3 6
>