Kate Fazzini reports: Scammers have found a new way to wring money out of unsuspecting victims of the 2015 breach of the Ashley Madison affair-dating website, by using their stolen credentials in an amped-up version of the common “sextortion” scam. Researchers at email security company Vade Secure found the new scam earlier this year, when…
Category: Business Sector
Japanese company NEC confirms 2016 security breach
Catalin Cimpanu reports: Japanese electronics and IT company NEC Corp disclosed a security breach today that took place more than three years ago, in December 2016. The company’s admission comes after reports in Japanese media [1, 2, 3] that the company might have suffered a security breach but decided to keep it quiet. Read more on ZDNet.
Hackers infiltrated a big Facebook data partner to launch scams
Alfred Ng reports: When hackers take over your account on Facebook, it could mean you see suspicious posts about deals on Ray-Ban sunglasses, which are definitely bogus content. But when hackers take over a single account belonging to one of Facebook’s biggest data partners, it means a widespread campaign that could lead to thousands of dollars lost and…
INTERPOL supports arrest of cybercriminals targeting online shopping websites in Operation Night Fury
More coverage on the collaborative law enforcement/private sector operation: January 27, SINGAPORE – An INTERPOL-coordinated cyber operation against a strain of malware targeting e-commerce websites has identified hundreds of compromised websites and led to the arrest of three individuals running the malicious campaign in Indonesia. The malware, known as a JavaScript-sniffer, targets online shopping websites….
Maze Team updates its site, dumps more victims’ data
The Maze Team attackers continue to announce more of their ransomware victims that have not complied with their ransom demands, and they continue to dump data from those who do not pay them. When I checked their site again today, I noticed that they had announced that they have dumped all their files on the…
Breached Wawa Payment Card Records Reach Dark Web
Both Gemini Advisory and KrebsOnSecurity caught this one quickly. From Gemini Advisory: Joker’s Stash began uploading records as advertised on January 27. The breach was titled “BIGBADABOOM-III” and appeared in four different bases. The records included the state geolocation information, but not the city or ZIP Code as previously announced. The listed geolocation data for…