Security News
A "Debt management company" is itself facing a bill from Britain's data regulator for sending hundreds of thousands of text messages to households that opted not to receive marketing junk mail. Misery loves company, and another entry in the ICO hall of shame this week is MCP Online, which is nursing a £55,000 penalty for making an unspecified number of "Unsolicited financial services calls about pensions," the ICO said.
A new malware threat named Squirrelwaffle has emerged in the wild, supporting actors with an initial foothold and a way to drop malware onto compromised systems and networks. The new malware tool spreads via spam campaigns dropping Qakbot and Cobalt Strike in the most recent campaigns.
Each of these packages is posted by a unique pseudonymous maintainer account, making it challenging for PyPI to remove the packages and spam accounts all at once. PyPI is being flooded with spam packages named after popular movies in a style commonly associated with torrent or "Warez" sites that provide pirated downloads: watch-(movie-name)-2021-full-online-movie-free-hd-.... The discovery came to light when Adam Boesch, senior software engineer at Sonatype was auditing a dataset and noticed a funny-sounding PyPI component named after a popular TV sitcom.
Spammers have started using a tricky URL obfuscation technique that sidesteps detection - and ultimately infects victims with the LokiBot trojan. When the PowerPoint file is opened, the document attempts to access a URL via a Windows binary, and this leads to various malware being installed onto the system.
Microsoft has taken legal action to seize web domains being used to launch coronavirus-themed phishing attacks. "Microsoft's Digital Crimes Unit first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise Microsoft customer accounts," said the mega-corp in a blog post this week.
More than 240 website subdomains belonging to organizations large and small, including household names, were hijacked to redirect netizens to malware, X-rated material, online gambling, and other unexpected content. Even Microsoft accidentally allowed some of its own long-forgotten subdomains to slip into the hands of spammers.
A security researcher looked into the buyers behind more than 130 "Reopen America" domain names and found a gun rights activist, a Florida businessman, and anonymous buyers in Asia. The April 8 group looks to be linked to a gun rights activist Aaron Dorr who runs the American Firearms Coalition.
A most entertaining piece of threat research from Check Point gives a unique insight into the "Working" life of a Nigerian email spammer who made thousands of dollars from stolen credit cards alone in recent years. Behind that facade of respectability, "Dton" was in fact an email spammer - a spammer working as part of a Nigerian cybercrime syndicate that generates its ill-gotten gains through buying and using stolen credit card details.
In its 2020 Global Threat Report, CrowdStrike found that bad actors are disabling endpoint protection and compromising WordPress sites to steal data and credentials. CrowdStrike's eport includes a threat landscape overview, ransomware threat assessment, e-crime trends and activity, and an update on intrusions from Iran, North Korea, China, Russia and other countries.
Kaspersky fingers pro-G filters for letting cyber-muck through Spammers are abusing the preferential treatment Google affords its own apps to score free passes through Gmail's spam filters, it was...