minute read
Share this article:
Reports say that the agency in charge of managing Spain’s unemployment benefits has been hit by the Ryuk ransomware.
The Spanish State Employment Service (SEPE) in Spain has been hit by a cyberattack, suspending its communications systems across hundreds of offices and delaying thousands of appointments.
SEPE is an “autonomous body” in Spain that manages and controls unemployment benefits. The cyberattack hit during an already strenuous time for the agency, which is dealing with an overflow of requests for unemployment benefits as the coronavirus pandemic has forced companies globally to make cuts to their workforces.
The financial cyber-gang is running limited attacks ahead of broader offensives on point-of-sale systems.
The FIN8 cyberattack group has resurfaced after a period of relative quiet, researchers have found. The gang is using new versions of the BadHatch backdoor to compromise companies in the chemical insurance, retail and technology industries.
The attacks have been seen hitting organizations around the world, mainly in Canada, Italy, Panama, Puerto Rico, South Africa and the United States, according to an analysis from Bitdefender this week.
FIN8 is a financially motivated threat group whose typical mode of attack has been to steal payment-card data from point-of-sale (PoS) environments, particularly those of retailers, restaurants and the hotel industry. The group has been active since at least 2016, but its activity is characterized by periods of dormancy.
minute read
Share this article:
Researchers have identified two vulnerabilities in the company’s crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.
Two vulnerabilities in a crowdsourced location-tracking system that helps users find Apple devices even when they’re offline could expose the identity of users, research claim.
Offline Finding, a proprietary app introduced by Apple in 2019 for its iOS, macOS and watchOS platforms, enables the location of Apple devices even if they aren’t connected to the internet. While this capability in and of itself is not unique to the company, Apple promised that the technology could conduct its task in a way that preserves user privacy.
minute read
Share this article:
Surveillance footage from companies such as Tesla as well as hospitals, prisons, police departments and schools was accessed in the hack.
Hackers claim to have breached Silicon Valley startup Verkada to gain unauthorized access to live feeds of 150,000 security cameras. They claim, the hack gave them widespread access to surveillance footage within companies such as Tesla and Cloudflare, as well as hospitals, companies, law-enforcement departments, schools and prisons.
The group provided video footage from cameras managed by San Mateo, Calif.-based Verkada to Bloomberg to prove the success of their breach, according to a report published on the news outlet’s website. Verkada provides and manages a web-based network of security cameras to customers and claims to be a more secure and scalable alternative to on-premises solutions for video surveillance.
minute read
Share this article:
Spear-phishing emails are spreading the NimzaLoader malware loader, which some say may be used to download Cobalt Strike.
The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails.
While previous Twitter analysis identified this loader as a mere variant of TA800’s existing BazaLoader malware, new research cites evidence that NimzaLoader is a disparate strain with its own separate string-decryption methods and hashing algorithm techniques.
The malware loader is unique in that it is written in the Nim programming language. The use of Nim is uncommon for malware in the threat landscape, except in rare cases, such as a Nim-based downloader recently seen being used by the Zebrocy threat group. Because of this, researchers say malware developers may be using Nim to avoid detection by defense teams who may not be familiar with the language.