Security News

American insurance giant CNA reportedly pays $40m to ransomware crooks
2021-05-22 10:22

CNA Financial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back. All CNA systems are now back up and running though it appears that the company didn't manage this themselves and instead coughed up a widely reported $40m to the extortionists for the means to decrypt the scrambled files.

UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times
2021-05-20 13:45

American Express has been fined 0.009 per cent of its annual profits by the Information Commissioner's Office after spamming people who opted out of its marketing emails with 4.1 million unwanted messages. "Between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially. It was a deliberate action for financial gain by the organisation. Amex also did not review its marketing model following customer complaints," said the ICO in a statement.

70 European and South American Banks Under Attack By Bizarro Banking Malware
2021-05-18 03:04

A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. The campaign consists of multiple moving parts, chief among them being the ability to trick users into entering two-factor authentication codes in fake pop-up windows that are then sent to the attackers, as well as its reliance on social engineering lures to convince visitors of banking websites into downloading a malicious smartphone app.

Experian API Leaks Most Americans’ Credit Scores
2021-04-29 18:42

A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Demirkapi was surprised and decided to take a peek at the code, which showed that an connection to an Experian API was behind the tool, he said.

Experian API Exposed Credit Scores of Most Americans
2021-04-28 20:47

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Peering at the code behind this lookup page, he was able to see it invoked an Experian Application Programming Interface or API - a capability that allows lenders to automate queries for FICO credit scores from the credit bureau.

Experts uncover a new Banking Trojan targeting Latin American users
2021-04-06 22:38

Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. "These pop-ups contain fake forms, aiming to trick the malware's victims into entering their banking credentials and personal information that the malware captures and exfiltrates to its servers," ESET researchers Facundo Muñoz and Matías Porolli said in a write-up.

Hornetsecurity acquires Zerospam to extend its reach in the North American market
2021-03-28 23:15

Zerospam is a fast-growing business that serves more than 4,000 small, midsized and enterprise customers worldwide via an ecosystem of 400+ partners focused primarily on Canada and the US. It is a recognized leader in providing cloud-based email security solutions to the SMB market across North America, helping them block unwanted emails and combat cybercriminals. "Becoming part of the Hornetsecurity Group is a critical step in Zerospam's progression, as we believe it will greatly benefit our customers and partners, as well as our entire team."

Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors
2021-03-10 16:03

A bill introduced in the House of Representatives this week could allow United States citizens to seek monetary damages if cyber-attacks by foreign threat actors harm them in any way. Per the bill, Americans would be able to make claims in federal or state courts if they are in any way affected by cyber-attacks that foreign states have conducted against them.

Disruptions at Pan-American Life Likely Caused by Ransomware Attack
2021-03-08 13:45

Recent service disruptions at the Pan-American Life Insurance Group were likely caused by a cyberattack conducted by a threat actor known for using the REvil ransomware. The official website of PALIG currently only displays some contact information and the following message: "Pan-American Life Insurance Group is currently experiencing a disruption to some of our services and we are working to restore them. To facilitate communication during this time, we have created temporary email accounts as an official communication channel."

Hit block caller: 75% of Americans were targeted by scammers
2021-02-10 11:00

While it's logical to assume seniors would be primary targets, a new report revealed that millennials were actually the most targeted demographic group of the more than 50 billion spam calls made in 2020. The increase in calls has enabled scammers to go ham on the unsuspecting, as they steal money and damage trust.