Security News > 2020

Indian banks are once again facing a fraudster field day as more stolen payment card data appears for sale on cybercrime markets. Three months after a massive batch of card data that traced to Indian banks appeared on the notorious Joker's Stash cybercrime marketplace, a fresh "Dump" of data is being offered for sale.

One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could lead to code execution. While no user interaction is required for the attack to be successful, the adversary needs to know the target device's Bluetooth MAC address and Bluetooth has to be enabled.

Researchers at Ben-Gurion University of the Negev have made a name for themselves figuring out how to get data out of air-gapped computers. Now, they've figured out a way to retrieve data from a disconnected computer by altering its LCD display's pixel density just enough for a nearby camera to pick it up.

Malicious optimizer, booster, and utility applications hosted on Google Play gathered nearly half a million downloads before being taken down, Trend Micro reports. Four of the apps gathered more than 100,000 downloads each before Google removed them from the official storefront.

A few weeks ago, Twitter told Clearview to stop collecting its data and to delete whatever it's got. Facebook has also demanded that Clearview stop scraping photos because the action violates its policies, and now Google and YouTube are likewise telling the audacious startup to stop violating their policies against data scraping.

What requires more explanation is why Wacom think it's acceptable to record every time I open a new application, including the time, a string that presumably uniquely identifies me, and the application's name. Heaton even uncovered a killswitch function that Wacom could use to remotely turn Google Analytics collection off and on.

A trio of Australians has been charged with identity theft that netted AU$11 million - ill-gotten loot they allegedly ripped off by hacking into businesses and modifying their payrolls, pension payments and credit card details. New South Wales police reportedly said that the unidentified 31-year-old man allegedly stole more than 80 personal and financial profiles so as to use them in identity fraud in South Australia from early 2019, and then in NSW from August 2019.

UPDATE. A faction of the Magecart threat group, Magecart group 12, has been linked to a recent digital card skimmer attack bent on stealing payment data from a slew of websites, including ones selling anything from Olympic tickets to emergency preparation kits. Researchers also found the group's same skimming code used to target popular emergency preparedness sites; BePrepared.com, which sells survival kits and gear, and Augason Farms, which sells emergency food supplies.

The latest edition of the ISMG Security Report offers an analysis of the missteps that led to problems with the app used in this week's Democratic presidential caucuses in Iowa. Also featured:...

Japanese defense contractors Pasco and Kobe Steel this week disclosed cyber intrusions they suffered back in 2016 and 2018. Pasco is Japan's largest geospatial service provider and Kobe Steel is a major steel manufacturer.