Cybersecurity News Round

Jimmy/ April 25, 2022/ bleeping computer

This month, we look at a scam targeting people seeking verified Twitter status, a phishing attack that uses harvested login credentials from NHS staff and a simulated social engineering test that backfired. Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site. If you are a WordPress user with administrative privileges on this site, please enter your email address in the box below and click “Send”.

Bleeping Computer reported the Bank of Zambia realized it could restore its data itself and trolled the hackers by sending naked penis pictures and a mocking statement. This is a step by step tutorial that demonstrates the procedure on how to clean an infected computer, regardless of what malware related problems you are having… The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials. Then there’s the story that probably wasn’t on anyone’s bingo card — “FBI charges Venezuelan doctor with using, selling ‘Thanos’ ransomware”.

However, the American Federation of State, County and Municipal Employees Local 328 has criticised the practice after OHSU (Oregon Health & Science University) conducted a simulated phishing attack on its staff. It added that although the number of compromised accounts represents only a small fraction of the total number of NHS email accounts, it still amounted to a dangerous and widespread scam. Users who complies with the request are unwittingly handing their information to scammers, who use the stolen credentials to reset the user’s password and take control of the account.

But we don’t really recommend any of them, especially as Microsoft is making it harder to run Windows 11 on unsupported systems, which could mean you miss out on important updates, security fixes and features in the future. However, as security researchers CloudSEK discovered by clicking the ‘Download now’ button, the website downloads an ISO file that contains malware. The threat actors used phishing lures to trick their victims into believing they received an alert from their bank and proceeded to steal their account credentials.

In 2016, a QR code was added to it which users can scan to find out more information about the fault. The screen appears when users have a problem on their computer, often prompting a restart. He has a master’s degree in Critical Theory and Cultural Studies, specialising in aesthetics and technology, and is a one-time winner of a kilogram of jelly beans. Verified accounts are designated by a blue badge next to the person’s username and indicate that the social media firm has confirmed that the person behind the account is genuinely who they claim to be.

The result is that the DoJ will no longer prosecute good-faith security research that would have violated the country’s federal hacking law the Computer Fraud and Abuse Act . In addition, prosecutors must also avoid charging people for simply violating a website’s terms of service — including minor rule-breaking like embellishing a dating profile — or using a work-related computer for personal tasks. Founded in 1998, Help Net Security is an independent website focused on information security. It does serve the interests of those who are looking for breaking security news. Even so, it’s particularly useful to those who are looking to explore challenges and other trends that are shaping the security community.

According to Bleeping Computer, when exploited, the vulnerability gives the attacker system privileges on all up-to-date devices running the latest Windows releases. A WARNING has been issued to Microsoft users after a new vulnerability was discovered that leaves them exposed to hackers. Jérôme Segura discovered the attack and was able to get the vamberlo[.]com shut down, stopping the skimmer. This being said, as the site is still comprised it is open to reinfection. Security Researcher Troy Mursch used the PublicWWW tool and discovered this same script is currently active on 39 other web sites. Despite numerous attempts being made to contact the company, no one acknowledged the attack on the site.

Magecart detection takes less than 5 minutes to set-up and will alert you to any untrusted data on your ecommerce site. Samsung Electronics confirmed it has been a victim of a cyberattack, with hacking group Lapsus$ leaking nearly 190GB of confidential data that allegedly includes “source code relating to the operation of Galaxy devices.” No matter how desperate you are to install Windows 11, you should only download ISO files from sources you are absolutely certain are legitimate. This malware, called ‘Inno Stealer’, uses a part of the Windows installer to create temporary files on an infected PC. These create processes that run and place four additional files on your PC, some of which contain scripts that disable various security features, including in the Windows registry. They also tweak the built-in Windows Defender anti-virus, and remove other security products from Emisoft and ESET.

The update also makes it easier for users to sort through new updates, as all optional updates are now listed in a new page within Microsoft’s Windows Update service. Microsoft’s so-called blue screen of death will turn black in the new Windows 11 operating system, according to those with access to a preview of the software. Massive data leaks have been a common occurrence over the past few years, with Microsoft suffering from a cyberattack last year, too. It’s important to keep yourself safe online, and a few of the best ways to do so is to sign up to one of the best password managers, along with setting up one of the best VPN services. If your PC isn’t eligible, due to not meeting the TPM 2.0 requirements, then there are some safer ways to install Windows 11 without TPM anyway.

The stolen data then gets sent to the people who originally created the malware. Hackers are using a fake Windows 11 download page to get malware onto unsuspecting users’ computers. If downloaded, said malware will steal browser data, cryptocurrency wallets and more. This campaign is targeted at folks whose PCs fail to meet Microsoft’s stringent Windows 11 hardware requirements. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs … According to Bleeping Computer, REvil’s websites are up and running and filled with information new and old, including a list of previous hacking victims alongside a couple of new ones.

Share this Post