Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations. Yesterday, the Emotet trojan roared back to life after a 3-week vacation with strong spam campaigns that targeted countries throughout the world. Source: Bleeping Computer Source: http://www.itsecurityguru.org

The oil & gas company is at the heart of the ongoing US presidential impeachment case. Burisma Holdings, a Ukrainian oil & gas company, has been hit with a phishing campaign that began in early November 2019 and is ongoing, according to Area 1 Security, which spotted the campaign it says came out of the Main Intelligence Directorate of the General Staff of the Russian Army (GRU). Source: Dark Reading…

US President Donald Trump has launched a fresh attack on Apple. He tweeted that the company was refusing to unlock iPhones “used by killers, drug dealers and other violent criminal elements”. On Monday US Attorney General William Barr accused Apple of not being helpful in an inquiry into a shooting that is being treated as a terrorist act. Source: BBC Source: http://www.itsecurityguru.org

The US National Security Agency (NSA) has discovered a major flaw in Windows 10 that could have been used by hackers to create malicious software that looked legitimate. Microsoft has issued a patch and said it had seen no evidence of the bug being exploited by hackers. The issue was revealed during an NSA press conference. It was not clear how long it had known about it before revealing it…

Dating apps Grindr, OkCupid, and Tinder are allegedly spreading user information like sexual preferences, behavioural data, and precise location to advertising companies in ways that may violate privacy laws, according to a study conducted by the Norwegian Consumer Council (NCC). The study tracked the activity of 10 popular apps during the period June to November 2019 in order to identify how personal data is transmitted from these apps to commercial third…

Five major US wireless carriers – AT&T, T-Mobile, Verizon, Tracfone and US Mobile – are susceptible to SIM swap scams, a danger apparently looming large especially over prepaid accounts, a study by Princeton University researchers has found. SIM swapping attacks, also known as port-out or SIM swap scams, have been a serious and growing problem of late, with its victims including Twitter CEO Jack Dorsey. It has previously been shown that attackers can,…

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them. Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is…

A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. Aging reports (aka schedule of accounts receivable) are collections of outstanding invoices designed to help a company’s financial department to keep track of customers who haven’t yet paid for goods or services they bought on credit. Source: Bleeping Computer Source:…

The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. A new tactic started by the Maze Ransomware and now used by Sodinokibi ​​​​​​is to steal files from companies before encrypting them. If a victim does not pay the ransom, then the stolen data will be leaked little-by-little until payment has been made or it has all been…