A phishing campaign is underway that pretends to be from American Express and states that there is a security issue with your credit card. It then prompts you to open an attached HTML phishing form that will send the inputted information back to the scammers.
Numerous variants have been sent since October 2018. All of these variants utilize the same theme of there being a security review of your credit card that found issues that require you to send your information through an attached form and create a new online account. These emails are being sent out from mail domains that are based off of the “American Express” keyword such as AmExpress@amnex.com, AmericanExpress@ampress.com, and AmericanExpress@aemail.com.
Almost 1,000 North Korean defectors have had their personal data leaked after a computer at a South Korean resettlement centre was hacked, the unification ministry said. A personal computer at the state-run centre was found to have been “infected with a malicious code”.
The ministry said this is thought to be the first large-scale information leak involving North Korean defectors. The hackers’ identity and the origin of the cyber-attack is not yet confirmed. The North Gyeongsang resettlement centre is among 25 institutes the ministry runs to help an estimated 32,000 defectors adjust to life in South Korea.
Read more about this disturbing cyberattack on BBC.
In the past, cyber attacks used to be so infrequent that hearing about just one breach in the news would be reason enough to invest in protection. Nowadays, not a day goes by without news of another hack being disseminated around the world. The temptation to roll your eyes, say ‘not another one’, and shut your browser is palpable.
But according to Real Business’s Mike Smith, becoming fatigued and showing complacency is one of the most dangerous things we can do. And if we need any more evidence than is already in the public realm, a recent report by UK’s National Cyber Security Centre revealed the sheer scale of the problem, admitting to thwarting around 10 attacks every single week.
Read more about the problem of “breach fatigue” on RealBusiness.
Bitcoin, Ripple. Ethereum. Monero. BTC, XRP, ETH, and XMR. The names, the jargon, the stream of white papers that proclaim the infinite possibilities of the blockchain, the startups, token sales — also known as Initial Coin Offerings (ICOs) — all culminated in an explosion of interest in virtual currency at the end of 2017.
Unfortunately, the cryptocurrency market was rife with ICO fraud and exit scams last year, as well as with coin thefts from both wallets and exchanges. Little seems to have changed — except that attacks are becoming more novel and malware appears to be becoming a more prevalent threat.
Read about this year’s biggest cryptocurrency disasters and attacks on ZDNet.
A hacker (or hacker group) has made over 200 Bitcoin (circa $750,000) using a clever attack on the infrastructure of the Electrum Bitcoin wallet. The attack resulted in legitimate Electrum wallet apps showing a message on users’ computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.
The attack began last week on Friday, December 21, and appears to have been temporarily stopped yesterday (December 27) after GitHub admins took down the hacker’s GitHub repository. Admins of the Electrum wallet expect a new attack to soon get underway, with either a new GitHub repo or a link to another download location altogether.
Read more about the attack on the Electrum wallet infrastructure on ZDNet.
Cyber security’s 2018 megatrends and myriad emerging threats have created the perfect storm for a tumultuous 2019.
From never-before-seen attacks on newly engineered biometric markers and the broad embrace of blockchain, to expanded risks posed for “new” critical infrastructure and the transfer of trust, organizations must look to the threat horizon, and accelerate and collaborate to out-innovate and out-maneuver the attackers.
Read about five security predictions to prepare for as we head into 2019, on CDO Trends.
There’s no such thing as a quiet year when it comes to security, but 2018 has been particularly eventful. From systemic CPU vulnerabilities to hacks affecting hundreds of millions of people, the last twelve months have been a seemingly non-stop parade of cyber gaffes and security blunders.
Read about some of the year’s biggest and most embarrassing security snafus according to IT PRO staff on IT PRO.
Next year could see cybercrime’s total cost to the world economy rise to more than $2 trillion. We’ll inevitably see new threats emerge and existing threats grow more sophisticated too.
A new infographic by solicitors Cartrwight King sets out some facts and stats about this burgeoning problem, including the states cybercriminals typically hail from and how government’s around the world have punished those caught (though of course few are caught).
If you think hacks are bad now, just wait a few more years– because “the machines” are coming. In the next few years, artificial intelligence, machine learning and advanced software processes will enable cyber attacks to reach an unprecedented new scale, wreaking untold damage on companies, critical systems and individuals.
As dramatic as Atlanta’s March 2018 cyber “hijacking” by ransomware was, this was nothing compared to what is coming down the pike once ransomware and other malware can essentially “think” on their own. This is not a theoretical risk, either. It is already happening.
Read more about the risk of automated cyber attacks on Entrepreneur.
After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations.
Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of hacking their government agencies and local companies. All statements are in regards to the supposed involvement of the Chinese Ministry of State Security (MSS) in supporting the activity of a hacking group known as APT10.