Security News
An Instagram super-star with 2.3 million followers has been extradited to America accused of conspiring to launder hundreds of millions of dollars obtained via cyber-crime. Abbas allegedly ran so-called business email compromise scams, which typically involve hijacking email accounts, or impersonating strangers in emails, to fool victims into transferring money to the scammer's bank account rather than a legit recipient.
A low-quality batch of malicious tools can sell for as low as $70, while a premium set can go as high as $6,000, according to the security research site Privacy Affairs. At the low end of the list, malware tools aimed at a global audience sell on average for as little as $70. However, this particular batch is sold as low quality, slow speed, and a low success rate.
Google, it seems, is joining Apple in limiting the maximum validity of web security certificates - those digitally signed blobs of data that put the S in TLS and the padlock in your address bar - to just one year. Others ask why a year is seen as "Too long" given that certificate authorities such as Let's Enrcypt are already issuing certificates that are only valid for three months at a time, thanks to a smoothly automated process for renewal.
SQL databases allegedly stolen from 945 websites have emerged on the Dark Web, potentially impacting tens of millions of people, Lucy Security reports. The collection contains information from a variety of sites worldwide, which appear to have been breached by different hackers, but not by the entity offering them on the Dark Web.
A California university which is dedicated solely to public health research has paid a $1.14m ransom to a criminal gang in the hopes of regaining access to its data. The University of California San Francisco paid out in the apparently successful hope that the Netwalker group would send it a decryption utility for its illicitly encrypted files, which it referred to as "Data ... important to some of the academic work we pursue as a university serving the public good".
A group of cybercriminals managed to hide their web skimmer in the EXIF metadata of an image that was then surreptitiously loaded by compromised online stores, Malwarebytes reveals. Although image files have been long used to carry malicious code and exfiltrate data, it's unusual to have web skimmers hidden in image files.
Amazon Web Services, an Amazon.com company, announced Amazon Honeycode, a fully managed service that allows customers to quickly build powerful mobile and web applications - with no programming required. Amazon Honeycode does all of this under the covers by automating the process of building and linking the three tiers of functionality found in most business applications, and then deploying fully interactive web and mobile applications to end users so customers can focus on creating great applications without having to worry about writing code or scaling infrastructure.
Your credit card is worth around $33, your driver's license around $27, and your PayPal account around $42, according to Reviews.org. Why is your debit card worth so much more than your credit card? A debit card quickly draws the necessary funds from your bank account.
Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites. According to several independent reports from PerimeterX, Kaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security.
Credit card details, online banking logins, and social media credentials are available on the dark web at worryingly low prices, according to Privacy Affairs. Online banking logins cost an average of $35. Full credit card details including associated data cost $12-20.