Security News

Pacific City Bank, one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month. The bank is circulating notices to inform its clients of a security breach it identified on August 30, 2021, which they claim to have addressed promptly.

Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks. There are many different types of social engineering schemes but one is area of vulnerability is how social engineering might be used against a helpdesk technician to steal a user's credentials.

The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "Incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache web servers running version 2.4.49 and involved a path normalization bug that could enable an adversary to access and view arbitrary files stored on a vulnerable server.

American media conglomerate Cox Media Group confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The company acknowledged the attack in data breach notification letters sent today via U.S. Mail to over 800 impacted individuals believed to have had their personal information exposed in the attack.

Intuit has warned QuickBooks customers that they are targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges. Intuit also provides information on how customers can protect themselves from phishing attempts on its support website.

Scottish multinational engineering firm Weir Group has disclosed an "Attempted ransomware attack" that led to "Significant temporary disruption" in September. "The Group is currently managing the consequences of a sophisticated attempted ransomware attack that occurred in the second half of September," the firm said in a Q3 trading update published Thursday.

Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia. "Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% - largely agencies involved in foreign policy, national security or defense," said Tom Burt, Microsoft's Corporate Vice President for Customer Security & Trust.

FIN12 is a prolific threat actor with a strong focus on making money that executes ransomware attacks since at least October 2018. FIN12 is characterized by skipping the data exfiltration step that most ransomware gangs have adopted to increase their chances of getting paid.

That lesson was hammered home through a recent phishing attack that stole money from Coinbase customers. The attackers were able to move funds from Coinbase to their own accounts, thus stealing a vast amount of money in the form of cryptocurrency.

The report also revealed a staggering 307% increase in ATO attacks between April 2019-shortly after many COVID-19 stay-at-home orders were enacted-and June 2021. ATO attacks against the fintech sector soared 850% between Q2 2020 and Q2 2021, mainly driven by a concentration on crypto exchanges and digital wallets, where fraudsters would likely try to liquidate accounts or make illicit purchases.