Security News

A ransomware group has now started to run Facebook advertisements to pressure victims to pay a ransom. Yesterday, the ransomware operators behind Ragnar Locker took it to the next level by hacking into a Facebook advertiser's account and creating advertisements promoting their attack on Campari Group.

According to findings published by Check Point Research, the threat actors - believed to be located in the Palestinian Gaza Strip - have targeted Sangoma PBX, an open-sourced user interface that's used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol servers. "One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Making calls is a legitimate feature, therefore it's hard to detect when a server has been exploited."

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants.

Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump's campaign website. According to WordPress security solutions provider Defiant, which develops the Wordfence product, the hackers most likely used compromised credentials for access, supposedly targeting the underlying Expression Engine content management system, which is an alternative to WordPress.

Spanish financial giant Santander has downplayed claims its international money transfer startup PagoFX was compromised. At the end of last week, The Register was contacted by an anonymous source who claimed "Database schemas, infrastructure docs, digital risk assessments, customer security checks, and Salesforce training material" belonging to PagoFX had been stolen and put up for sale on an underground hacking forum.

The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was "a shocking act." Distressed patients flooded victim support services over the weekend as Finnish police revealed hackers accessed records belonging to private company Vastaamo, which runs 25 therapy centres across Finland.

The European Union has imposed sanctions on a Russian military malware developer and the commander of Russia's MI6 equivalent, a mere five years after the two targeted Germany's parliament with a cyberattack. The pair, an admiral commanding the GRU spy agency and a malware dev already on international sanctions lists for targeting the MH17 mass murder investigation, are now subject to yet another travel ban.

The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense. The New York State Department of Financial Services made the determination in a lengthy report on the Twitter hack in July after the Justice Department said two teenagers and a 22-year-old took over more than 100 prominent Twitter accounts, including the accounts of former President Barack Obama and former Vice President Joe Biden.

I think my husband's arrived at like, 1:30 or something in the morning, Thursday morning, so they kind of sent this out under cover of darkness, which I'm sure they want to minimize the publicity around it, but that's not going to happen because it's Barnes and Noble. Over the weekend, the Nook e-book reader - which my mom has one of those and they're kind of awesome - but the syncing feature for that went down and there was this outage that continued and it just kind of trended on a low level, nobody really knew what was going on.

Britain's information commissioner has fined British Airways 20 million pounds for failing to protect personal data for some 400,000 customers, the largest fine the agency has ever issued. The ICO said in a statement Friday that the airline was processing personal data without adequate security measures.