Security News > 2020 > October

"We received a report indicating that a payment card security incident may have occurred. We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway. We are currently focused on determining the locations affected and time frames involved. We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks. We understand that payment card network rules generally provide that individuals who timely report unauthorized charges to the bank that issued their card are not responsible for those charges." Alas, cybercrime bazaars like Joker's Stash have continued plying their trade, undeterred by a push from the credit card associations to encourage more merchants to install credit card readers that require more secure chip-based payment cards.

The hotly anticipated release of blockbuster video game FIFA 21 on Oct. 6, along with the return of professional play, are giving soccer fans reason to celebrate. A report from researcher Christopher Boyd at Malwarebytes Labs outlined the various ways scammers are tapping into the oversized audience of FIFA 21 to turn a quick buck, including leveraging in-game goods and rewards.

European and American officials said Thursday that they have arrested 20 people in several countries for allegedly belonging to an international ring that laundered millions of euros stolen by cybercriminals through malware schemes. The international police operation "2BaGoldMule" led by Portuguese investigators and the FBI included 14 more European countries, under the umbrella of Europol.

The TrickBot botnet appears to have resumed normal operations days after Microsoft announced that it managed to take it down using legal means. On October 12, Microsoft and several partners announced that they were able to disrupt the TrickBot infrastructure by legally disabling IP addresses, making servers inaccessible and suspending services employed by the botnet.

Britain's National Crime Agency arrested six men in London on suspicion of laundering "Tens of millions" for the Trickbot and Dridex banking malware gangs, the not-quite-police agency declared today. The six, a mixture of British and Eastern European citizens, were arrested around a year ago, said the NCA as EU police agency Europol jointly boasted of a further 14 arrests in the political bloc, the US and Australia.

Twitter is experiencing a worldwide service disruption preventing users from both sending tweets using Tweetdeck, the social network's apps, and website, or from seeing their notifications. Twitter is currently investigating the issue leading to broken notifications and "Nothing to see here - yet" messages, as reported by countless users starting about an hour ago.

The former roommate of a woman accused of hacking Capital One banking company and at least 30 other organizations has been sentenced to four years in prison for illegally possessing firearms, according to federal prosecutors. Park Quan, 67, was sentenced Wednesday in U.S. District Court in Seattle after pleading guilty to being a felon in possession of guns, according to U.S. Attorney Brian Moran.

Puerto Rico's firefighting department said Wednesday that its database was hacked by unknown people demanding $600,000 in an act of alleged extortion. The department's director, Alberto Cruz, said in a statement the situation has not affected its ability to respond to emergencies.

Or so says Secureworks, which throughout 2020 has, perhaps counterintuitively, insisted there has been minimal uptick in cyber activity from malicious people, stating in its research The Effect of COVID-19 on Incident Response that "Data on confirmed security incidents and genuine threats to customers showed the threat level largely unchanged from before the pandemic." Rather, reckons the company, the near-overnight shift to remote working triggered by the pandemic has created a whole set of poorly understood IT infrastructures lashed together in a hurry and therefore containing large numbers of hidden vulnerabilities - vulns that infosec bods ought to be hunting down, in Secureworks' view.

Microsoft says that customers can now disable JScript execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates. "Blocking Jscript helps protect against malicious actors targeting the JScript scripting engine while maintaining user productivity as core services continue to function as usual," Microsoft explains.