Security News > 2020 > December
A "Malwareless" ransomware campaign delivered from UK IP addresses targeting weak security controls around internet-facing SQL servers successfully pwned 83,000 victims, according to Israeli infosec biz Guardicore. "The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers" said Guardicore's Ophir Harpaz in a technical advisory today, estimating that there around five million MySQL servers accessible from the public internet.
Security company GreatHorn shared some of the latest ways cybercriminals are trying to take your money. Here's how to avoid them.
Exploiting weak credentials on MySQL servers connected to the Internet, an ongoing ransomware campaign has compromised more than 250,000 databases to date, according to a warning from security vendor Guardicore. With more than five million Internet-facing MySQL servers on the internet, the attacks are expected to continue against those with weak authentication credentials.
The Finnish psychotherapy clinic Vastaamo was the victim of a data breach and theft. The criminals tried extorting money from the clinic. When that failed, they started extorting money from the...
Some apps in the Google Play Store are impersonating legitimate apps and stealing users' money.
Private equity firm Thoma Bravo on Thursday announced a strategic growth investment in machine identity solutions provider Venafi. Exact terms of the deal have not been disclosed, but SecurityWeek has been told that Thoma Bravo has acquired a majority stake in Venafi.
Ransomware attacks in the education sector have increased at the beginning of the school year, with cybercriminals stealing data and threatening to leak it unless the ransom was paid. The three U.S. agencies say that the reason behind the increased incidence of these attacks is the availability of DDoS-for-hire services that enable "Any motivated malicious cyber actor conduct disruptive attacks regardless of experience level."
Why does machine learning matter? Machine learning systems are able to quickly apply knowledge and training from large data sets to excel at facial recognition, speech recognition, object recognition, translation, and many other tasks. What machine learning tools are available? Businesses like IBM, Amazon, Microsoft, Google, and others offer tools for machine learning.
A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients. Ledger is a hardware cryptocurrency wallet that allows you to store, manage, and sell cryptocurrency.
The MoleRats advanced persistent threat has developed two new backdoors, both of which allow the attackers to execute arbitrary code and exfiltrate sensitive data, researchers said. The DropBook backdoor uses fake Facebook accounts or Simplenote for C2, and both SharpStage and DropBook abuse a Dropbox client to exfiltrate stolen data and for storing their espionage tools, according to the analysis, issued Wednesday.