Security News

Passengers planning to make their way over to the islands of Martha's Vineyard or Nantucket on Wednesday could see delays due to a ransomware attack, The Steamship Authority said Wednesday. The Steamship Authority is the largest ferry service to the Massachusetts Islands of Martha's Vineyard and Nantucket from Cape Cod.

Phishing emails try to entrap people by pushing subjects designed to exploit their fears, interests, anxieties and curiosity. For its latest research, GreatHorn discovered that phishing attacks are increasingly using X-rated material in emails aimed at corporate employees.

This week, a Trustwave security researcher disclosed a privilege escalation flaw in Huawei's USB LTE dongles. Huawei LTE driver autoruns with maximum permissions.

DDoS attacks increase the pressure on the victim to pay the ransom by adding another threat to combat, says NETSCOUT. Ransomware attackers are always looking for new ways to persuade their targets to pay the ransom. One tactic increasingly being added to a traditional ransomware campaign is a DDoS attack.

The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development to distribute malware and gain access to internal networks. Com and were used to receive data exfiltrated from victims of the targeted phishing attacks and send further commands malware to execute on infected machines.

The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. JBS only hinted that a ransomware group caused the incident on Monday, stating that "The company's backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible."

A ransomware attack on the world's largest meat company is disrupting production around the world just weeks after a similar incident shut down a U.S. oil pipeline. JBS has not stated publicly that the attack was ransomware.

A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say. While analysts from Amnesty International and Citizen Lab said they were unable to say who targeted Malcolm Bidali, the phishing attack mirrored others previously carried out by Gulf Arab sheikhdoms targeting dissidents and political opposition.

An alert released on Friday by the FBI and the DHS's Cybersecurity and Infrastructure Security Agency revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported. Microsoft reported last week that the Russia-linked threat actor it tracks as Nobelium, which is believed to be responsible for the SolarWinds supply chain attack, had been abusing a legitimate mass email service named Constant Contact to target government and other types of organizations in the United States and a dozen other countries.

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment. The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks.