From theconversation.com
It’s a crime story fit for the digital era. It was recently reported that a number of restaurants in New York had been targeted by internet scammers threatening to leave unfavourable “one-star” reviews unless they received gift certificates. The same threats were made to eateries in Chicago and San Francisco and it appears that a vegan restaurant received as many as eight one-star reviews in the space of a week before being approached for money.
From securityaffairs.co
At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.
From bleepingcomputer.com
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
Mandiant researchers, who discovered the threat actor and now track it as UNC3524, say the group has demonstrated its “advanced” capabilities as it maintained access to its victims’ environments for more than 18 months (in some cases).
From tripwire.com
In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons is that demonstrating this can definitely have elements of “being creepy.” With software vulnerabilities, we can obtain the software ourselves and demonstrate the vulnerability. That’s more difficult to do with privacy related information as anyone who could consent is someone that you likely know a lot about already.
From bleepingcomputer.com
Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.
From securityafairs.co
While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving emails warning them that someone tried to use them to access their accounts.
From netlab.360.com
Netlab 360 have setup honeypots to study the impact of the latest log4j critical vulnerability. They established that the number of attack sessions rose rapidly in the next few days after the vulnerability was exposed. On December 18, the day with the highest number of attack sessions so fare, there were over 28,000 attack sessions in one day. starting on December 13, there were also combined attacks of this vulnerability with other vulnerabilities (Apache Flink, Hadoop, Apache Struts2 vulnerability, etc.).