Security News

A group of Romanians operating an ATM company in Mexico and suspected of bribing technicians to install sophisticated Bluetooth-based skimmers in cash machines throughout several top Mexican tourist destinations have enjoyed legal protection from a top anti-corruption official in the Mexican attorney general's office, according to a new complaint filed with the government's internal affairs division. As detailed this week by the Mexican daily Reforma, several Mexican federal, state and municipal officers filed a complaint saying the attorney general office responsible for combating corruption had initiated formal proceedings against them for investigating Romanians living in Mexico who are thought to be part of the ATM skimming operation.

Britain will reduce Chinese tech giant Huawei's controversial involvement in its 5G network in the wake of the coronavirus outbreak, the Daily Telegraph reported Saturday. Prime Minister Boris Johnson gave the green light to Huawei's participation in January, despite widespread domestic opposition and pressure from the United States.

Attackers use the ongoing coronavirus pandemic as a lure, as well as malicious Excel documents, to convince victims to execute the RAT. Researchers with Microsoft's security intelligence team said this week that that the ongoing campaign started on May 12 and has used several hundred unique malicious Excel 4.0 attachments thus far - a trend that researchers said they've seen steadily increase over the past month. The emails are titled "WHO COVID-19 SITUATION REPORT" and claim to give an update on the confirmed cases and deaths related to the ongoing pandemic in the U.S. The attached malicious Excel 4.0 document opens with a security warning and shows a graph of supposed coronavirus cases in the U.S. If a victim enables it, the macro is downloaded and the NetSupport Manager RAT is executed.

According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in. The news comes as Facebook alleges that NSO Group has been using U.S.-based infrastructure to launch espionage attacks.

The State of Software Security: Open Source Edition analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries. The idea was to define the risk that a single flaw in one library can pose to all applications that leverage that code.

While DoS attacks use differing tactics, they most commonly involve sending junk network traffic to overwhelm and crash systems. Cyber espionage attacks meanwhile have seen a downward spiral, dropping from making up 13.5 percent of breaches in 2018 to a mere 3.2 percent of data breaches in 2019.

The report shows that sometimes even paying a ransom does not guarantee a company will recover data encrypted in an attack, according to researchers. Though ransomware attacks in the public sector-which is believed to be one of the hardest hit by these attacks-are high profile, the report shows that actually that sector is less affected by ransomware attacks than the private sector.

Britain's Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to 100,000 employee details were stolen, dating back across a number of years.

Ransomware might be a dreadful enterprise, but nobody could accuse the criminals behind these attacks of being weak on customer service. Now you can see why ransomware attacks almost always send back encryption keys when paid - any doubt in the mind of victims would quickly destroy the whole extortion racket as companies knuckled down to do the hard work themselves.

SophosLabs just published an informative report entitled Maze ransomware: extorting victims for 1 year and counting. Sadly, Maze has been in the news quite frequently in recent months, notably because the gang who created it have been in the vanguard of a new wave of "Double-whammy" ransomware attacks.