Category: News

From 2-spyware.com

Penta ransomware is a virus that encodes original data and changes the name to indicate that the piece is affected. The process happens quickly, so the infection is not noticed before it is too late. Once the virus is done locking data, it provides the PENTA_READ_ME.txt ransom note with further instructions and tips for the victim. The purpose of such a message is to encourage people to pay up since the main goal of criminals behind these threats is money. Creators claim that cryptocurrency transaction is the only method to get those files back, but it is not recommended to even contact criminals behind the infection. You may receive additional malware instead of the proper decryption tools or any helpful application or solution.

Read more…

From ehackingnews.com

Viktor Chebyshev, a leading researcher of mobile threats at Kaspersky Lab, spoke in an interview with Russian newspaper Izvestia about Android Trojans that automatically interact with banking applications. After infiltrating the smartphone, Trojans motivate the user to open the application of a particular credit institution and log in to it. And then the malware automatically clicks the necessary “buttons” for the money transfer. This happens so quickly that the victim does not have time to suspect anything by visual signs.

Read more…

From cybersecurity-insiders.com

According to a media update released by US Census Bureau, hackers launched a cyber attack on the website database in January 2020 with an intention to access or steal data. However, the IT staff of the government organization took control of the situation and blocked the access and the malicious intentions before any serious incident took place.

The Census Bureau issued an update that the attack took place as hackers tried their best to exploit a Citrix Vulnerability to remotely execute a malicious code. However, they achieved success only to infiltrate one of the computer networks that was used by remote workers to access agency records.

Read more…

From securityboulevard.com

The U.S. Department of Justice (DoJ) announced the creation of a cybersecurity fellowship program that will train prosecutors and attorneys to handle emerging national cybersecurity threats.

Fellows in the three-year Cyber Fellowship program will investigate and prosecute state-sponsored cybersecurity threats, transnational criminal groups, infrastructure and ransomware attacks and the use of cryptocurrency and money laundering to finance and profit from cybercrimes.

Read more…

From theregister.com

On Tuesday, a woman from Brooklyn, New York, pleaded guilty to destroying computer data at an unidentified credit union from which she had recently been fired.

Juliana Barile, 35, according to charges filed by the US Attorney’s Office in the Eastern District of New York [PDF], was working remotely at the credit union on a part-time basis when she was terminated on May 19, 2021. An employee from the credit union is said to have asked the firm’s IT department to disable Barile’s system access but that didn’t happen.

Two days later, Barile logged into the credit union’s file server and, over the next 40 minutes, trashed it.

“During that time period, Barile deleted approximately 20,433 files and 3,478 directories, a total of approximately 21.3 gigabytes of data, from the ‘P:\’ drive on that file server, which the Credit Union

Read more…

From ehackingnews.com

The Covid epidemic has provided a ripe opportunity for cybercriminals, who are taking advantage of internet information from outdated driver’s licenses of targeted individuals. 
According to Stateline, the “phishing” scams benefit from the fact that several nations have made emergency declarations permitting driver’s licenses to remain in force beyond expiry dates. With the expiration of such renewals, drivers must now ensure that their licenses are updated, but scammers are taking full advantage of that shift, according to Stateline. 
In conventional phishing, cybercriminals send malicious links or attachments via email, and victims inadvertently click on them. Fraudsters use messaging to conduct their operations, which is known as “SMS phishing” or “smishing.” 

Read more…

From csoonline.com

The US Cybersecurity and Infrastructure Security Agency (CISA) has started a list of what it deems to be bad security practices. The two on the list so far instruct any organization that provides national critical functions (NCF) what not to do. They are so broad in their “badness,” however, that any organization should take notice and ensure they are not doing them. The two bad practices are:

1. Use of unsupported (or end-of-life) software
2. Use of known/fixed/default passwords and credentials

Read more…