Author Archives: David Bisson

Passenger Railroad Service Says Data Breach Might Have Affected PII

A passenger railroad service announced that a data breach might have affected some passengers’ personally identifiable information (PII). In a “Notice of Data Breach” letter sent to the Attorney General’s Office of Vermont, Amtrak revealed that it had discovered the data breach on April 16 2020. Amtrak looked into the matter and discovered that an […]… Read More

The post Passenger Railroad Service Says Data Breach Might Have Affected PII appeared first on The State of Security.

Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent

The U.S. National Security Agency (NSA) warned that the Sandworm team is exploiting a vulnerability that affects Exim Mail Transfer Agent (MTA) software. In a cybersecurity advisory published on May 28, the NSA revealed that the Sandworm team has been exploiting the Exim MTA security flaw since August 2019. The vulnerability (CVE-2019-10149) first appeared in […]… Read More

The post Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent appeared first on The State of Security.

PonyFinal Ransomware Delivered by Extended Human-Operated Attacks

Security researchers witnessed the deployment of PonyFinal ransomware at the end of extended human-operated attack campaigns. In a series of tweets, Microsoft Security Intelligence revealed it had observed human-operated campaigns laying in wait for the right moment to deploy PonyFinal ransomware as their final payload. In their operations, the attackers used brute force attacks against […]… Read More

The post PonyFinal Ransomware Delivered by Extended Human-Operated Attacks appeared first on The State of Security.

[F]Unicorn Ransomware Masquerading as COVID-19 Contact Tracing App

A new ransomware family called “[F]Unicorn” masqueraded as a COVID-19 contact tracing app in order to target Italian users. On May 25, the the Computer Emergency Response Team (CERT) from the Agency for Digital Italy (AgID) revealed in an advisory that it had received a sample of [F]Unicorn from security researcher JamesWT_MHT. The sample analyzed […]… Read More

The post [F]Unicorn Ransomware Masquerading as COVID-19 Contact Tracing App appeared first on The State of Security.

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation. This process gave the malware the ability to load JavaScript files. The AnarchyGrabber version flexed this new capability when its […]… Read More

The post Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends appeared first on The State of Security.

MilkmanVictory Ransomware Created for Purpose of Attacking Scammers

A hacking group claimed that it developed a new ransomware strain called “MilkanVictory” for the purpose of attacking scammers. Collectively known as “CyberWare,” the group announced their creation on Twitter in mid-May. This is a ransomware i made to send to scammers. MAY I ASK WHY YOU ARE MAKING THINGS ABOUT ANTI-SCAMMER RANSOMWRE — CyberWare […]… Read More

The post MilkmanVictory Ransomware Created for Purpose of Attacking Scammers appeared first on The State of Security.

Scattered Canary Behind Hundreds of Fraudulent Unemployment Claims

Security researchers discovered that the Scattered Canary group had filed hundreds of fraudulent unemployment claims in the wake of COVID-19. According to Agari Cyber Intelligence Division, at least some of the threat actors who took part in a large-scale fraud campaign targeting dozens of states’ unemployment insurance programs belonged to a Nigerian digital crime group […]… Read More

The post Scattered Canary Behind Hundreds of Fraudulent Unemployment Claims appeared first on The State of Security.

Attacks Targeting ICS & OT Assets Grew 2000% Since 2018, Report Reveals

The digital threat landscape is always changing. This year is an excellent (albeit extreme) example. With the help of Dimensional Research, Tripwire found out that 58% of IT security professionals were more concerned about the security of their employees’ home networks than they were before the outbreak of coronavirus 2019 (COVID-19). Slightly fewer percentages of […]… Read More

The post Attacks Targeting ICS & OT Assets Grew 2000% Since 2018, Report Reveals appeared first on The State of Security.

Around 9 Million easyJet Customers’ Details Stolen in Hacking Incident

British low-cost airline group easyJet revealed that an hacking incident had exposed approximately nine million customers’ information. On May 19, easyJet issued a “Notice of cyber security incident” in which it revealed that it had fallen victim to a digital attack from a “highly sophisticated source.” An investigation revealed that those responsible for the security […]… Read More

The post Around 9 Million easyJet Customers’ Details Stolen in Hacking Incident appeared first on The State of Security.

‘Glitch’ in Illinois’ PUA System Blamed for Exposing SSNs, Private Data

Government officials said that a glitch in the State of Illinois’ Pandemic Unemployment Assistance (PUA) program exposed thousands of people’s Social Security Numbers (SSNs) and other private data. Jordan Abudayyeh, a spokesperson for Illinois Governor J. B. Pritzer, sent a statement to WBEZ on May 16. In it, she revealed that the Illinois Department of […]… Read More

The post ‘Glitch’ in Illinois’ PUA System Blamed for Exposing SSNs, Private Data appeared first on The State of Security.

UK Power Grid Network Middleman Struck by Digital Attack

A middleman organization in the United Kingdom’s power grid network suffered a digital attack that affected its internal IT systems. Electricity trading arrangements provider Elexon publicly disclosed the attack in a bulletin posted to its website on May 14: We are advising you that today that ELEXON’s internal IT systems have been impacted by a […]… Read More

The post UK Power Grid Network Middleman Struck by Digital Attack appeared first on The State of Security.

U.S. Marshals Announced Data Breach of Prisoners’ Information

The United States Marshals Service announced a data breach involving the personal information of its former and current prisoners. In a data breach notification letter obtained by ZDNet, the U.S. Marshals Service revealed that it had first learned of the security incident in late 2019. On December 30, 2019, the United States Marshals Service (USMS), […]… Read More

The post U.S. Marshals Announced Data Breach of Prisoners’ Information appeared first on The State of Security.

COVID-19 Scam Roundup – May 11, 2020

Digital attacks continue to exploit coronavirus 2019 (COVID-19) as part of their malicious operations. On May 5, 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) along with the United Kingdom’s National Cyber Security Centre (NCSC) published a joint alert in which they revealed that they had witnessed APT actors targeting […]… Read More

The post COVID-19 Scam Roundup – May 11, 2020 appeared first on The State of Security.

Spike in Snake Ransomware Activity Attributed to New Campaign

Security researchers attributed a spike in Snake ransomware activity to a new campaign that’s targeted organizations worldwide. Snake ransomware first attracted the attention of malware analysts in January 2020 when they observed the crypto-malware family targeting entire corporate networks. Shortly after this discovery, the threat quieted down. It produced few new detected infections in the […]… Read More

The post Spike in Snake Ransomware Activity Attributed to New Campaign appeared first on The State of Security.

Digital Fraudsters Masquerading as FINRA in Phishing Emails

The Financial Industry Regulatory Authority (FINRA) warned that digital fraudsters are impersonating it in an ongoing phishing email campaign. In a regulatory notice published on its website, FINRA revealed that malicious actors had sent out fraudulent emails in which they had impersonated officers at the regulatory authority including Bill Wollman and Josh Drobnyk. All of […]… Read More

The post Digital Fraudsters Masquerading as FINRA in Phishing Emails appeared first on The State of Security.

Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi

The Ryuk and Sodinokibi ransomware families both contributed to an increase in the ransom amounts demanded by attackers over the past quarter. Coveware found that the average ransom amount demanded by ransomware attacks in Q1 2020 was $111,605. This amount was a third higher than what it had been in the final quarter of the […]… Read More

The post Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi appeared first on The State of Security.

COVID-19 Scam Roundup – May 4, 2020

Malicious actors continue to abuse coronavirus 2019 (COVID-19) as a lure to profit off of innocent people. Indeed, Arkose Labs found that 26.5% of all transactions recorded in Q1 2020 were fraud and abuse attempts—a 20% increase over the previous quarter and the highest attack rate ever observed by the security firm’s researchers. It’s therefore […]… Read More

The post COVID-19 Scam Roundup – May 4, 2020 appeared first on The State of Security.

Phishers Increasingly Incorporating reCaptcha API into Campaigns

Security researchers observed that digital attackers are increasingly incorporating the reCaptcha API into their phishing campaigns. Barracuda Networks explained that malicious actors are starting to outfit their phishing attempts with reCaptcha walls so that they can shield their landing pages from automated URL analysis tools as well as add a sense of legitimacy to their […]… Read More

The post Phishers Increasingly Incorporating reCaptcha API into Campaigns appeared first on The State of Security.