Security News > 2020

Though Tupperware never responded to multiple attempts at contact by researchers, as of March 25, after research was publicly disclosed detailing the card skimmer, the malicious code was removed from the homepage. Researchers first came across the card skimmer during a web crawl, when they identified a suspicious iframe - responsible for displaying the payment form fields presented to online shoppers - that was loaded on the Tupperware[.

A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong - infecting website visitors with a newly developed custom surveillance malware. Despite the deep level of surveillance afforded by the malware, researchers said that the campaign doesn't appear to be a targeted effort, apart from focusing on Hong Kong residents.

Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. In a statement released this week, the Russian Federal Security Service said 25 individuals were charged with circulating illegal means of payment in connection with some 90 websites that sold stolen credit card data.

The attackers are changing DNS settings on Linksys routers to redirect users to a malicious website promising an informative COVID-19 app, says security provider BitDefender. Phony coronavirus maps are being created with malware as the payload. And as more people work from home, a new type of attack is targeting home routers to spread a malicious coronavirus-themed app, according to a blog post published Wednesday by BitDefender.

A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports. The attack involved the use of malicious links posted on forums popular in Hong Kong, which led users to real news sites where a hidden iframe would load and run malware.

The developers of the online video-conferencing service cautioned users to avoid sharing Zoom meeting links publicly and widely on social media and to use some simple management tools within the system to help avoid scenarios in which uninvited participants disrupt meetings in unpleasant and threatening ways. The company posted in response to numerous reports of threat actors upending Zoom meetings with hate speech such as racist messages, threats of sexual harassment, and pornographic images that drive meeting participants offline or force the meeting to be abruptly cancelled.

Join Sophos experts for the latest cybersecurity news and advice.

AMD has confirmed that a hacker has stolen files related to some of its graphics products, but the company says it's not too concerned about the impact of the leak. A hacker who uses the online moniker "Palesa" claims to have obtained source code files related to several AMD graphics processing units, including the Navi 10 architecture, which is used in some Radeon RX 5000-series graphics cards, the upcoming Navi 21, and Arden.

If you're sitting at home right now, sheltering from the coronavirus pandemic - and there's a good chance you are - then you are probably either thinking about a home delivery, or waiting for one. Highlighted above is the fact that the certificate was created on 2020-03-24, the very same day that this scam campaign went out.

Cybercriminals are hijacking routers and changing Domain Name System settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic.