Security News

A threat actor has posted data of 10,000 American Express credit card holders on a hacker forum for free. In the same forum post, the actor claims to sell even more data of Mexican banking customers of American Express, Santander, and Banamex.

The United States Department of Homeland Security has published a guide to the terrifying risks that businesses will expose themselves to if they use tech created in the Peoples' Republic of China or engage in any business activity with the Middle Kingdom. The fifteen-page "Data Security Business Advisory" [PDF] opens by warning "Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located in the PRC, or use equipment and software developed by firms with an ownership nexus in the PRC.".

A new global report on phishing attempts shows how the workforce has responded to security threats since COVID-19, and the new vulnerabilities that have resulted from the remote work landscape. Terranova Security's new "2020 Gone Phishing Tournament," part of its Phishing Benchmark Global Report, looks at the impact of phishing attacks on the remote workforce, citing an increase in phishing simulation clicks, as well as compromised data.

More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals. The organization noticed last week that 52 dormant networks in the ARIN area were resurrected concurrently, and that each of them has been announced by a different autonomous system number, also inactive for a significant period of time.

More than fifty networks in the North American region suddenly burst to life after being dormant for a long period of time, Spamhaus reveals. The Geneva-based international nonprofit organization...

Dubbed Chaes, the new threat is a multi-stage piece of malware designed to harvest sensitive information such as login credentials, credit card numbers, and additional financial details. The malware has been designed to specifically target MercadoLivre's payment page MercadoPago and harvest customer financial information from it.

Despite ongoing unsubstantiated claims of fraud from the outgoing Trump administration, senior election officials charged with securing the 2020 vote on Thursday said they had done so successfully. "The November 3rd election was the most secure in American history," said the Elections Infrastructure Government Coordinating Council and the Election Infrastructure Sector Coordinating Council Executive Committees in a joint statement, along with the US government's Cybersecurity and Infrastructure Security Agency and other organizations.

Menacing emails to Democratic voters, telling them to vote for Donald Trump in the upcoming US elections or else, were sent by Iran, US intelligence claimed on Wednesday night. At a press conference tonight, Uncle Sam's Director of National Intelligence John Ratcliffe said the messages were actually sent by Iranian agents, who had obtained US voter records, including contact details, seemingly to intimidate Americans.

The front man for the notorious Dark Overlord hacker gang, which threatened to leak stolen confidential information unless paid off, has been sentenced to five years behind bars in America. Wyatt was among a crew of miscreants who since 2016 operated under the Dark Overlord brand: they would hack people and organizations, and threaten to dump their victims' private documents onto the web unless payment - typically between $75,000 and $350,000 in Bitcoin - was coughed up.

The American Payroll Association says user information was stolen after attackers managed to inject a skimmer on its website. A payroll education, publications, and training provider, APA helps professionals increase their skill, offering payroll conferences and seminars, resources, and certification.