Two Massachusetts men were arrested and charged this week for employing SIM swapping in attacks aimed at stealing cryptocurrency from their victims’ accounts.The two, Eric Meiggs, 21, of Brockton, and Declan Harrington, 20, of Rockport, were charged in an 11-count indictment, the United States Department of Justice announced.The men are charged with conspira

Backend operation services provider InfoTrax Systems has reached a settlement with the U.S. Federal Trade Commission (FTC) over a data breach discovered in 2016, the agency announced this week.Utah-based InfoTrax provides multi-level marketers with a variety of services, including compensation, inventory, accounting, and training, as well as data security, i

In most cases malware is associated with theft. From keyloggers that collect passwords and credit card details to sophisticated tools for breaking into secure company networks, malware has many uses – mostly for committing crime. However, a new use has emerged in recent months – citizen surveillance. Political activists and journalists under investigation Me

A new JavaScript skimmer targets data entered into the payment forms of ecommerce merchant websites, Visa Payment Fraud Disruption (PFD) warns.Dubbed Pipka, the skimmer was discovered on an ecommerce website previously infected with the JavaScript skimmer known as Inter, but it has infected at least sixteen other merchant websites as well.What sets Pipka apa

"The retail industry is experiencing more breaches than any other industry in 2019," starts a new report on threats to the retail industry. This is somewhat surprising to those accustomed to see healthcare, education, manufacturing and finance at the head of breach statistics. Nevertheless, retail as a breach sector is growing rapidly.Earlier this month, Ris

Facebook on Wednesday said it has taken down some 5.4 billion fake accounts this year in a sign of the persistent battle on social media against manipulation and misinformation.Amid growing efforts to create fraudulent accounts, Facebook said it has stepped up its defenses and often removes the accounts within minutes of being created."We have improved our a

A Russian accused of running a website that helped people commit more than $20 million in credit-card fraud has been extradited to Virginia to face criminal charges.Twenty-nine-year-old Aleksei Burkov made an initial appearance in Alexandria Tuesday after being extradited from Israel. Russian officials objected to his extradition.The federal indictment says

A newly discovered piece of ransomware written in PureBasic has been linked to a Malware-as-a-Service (MaaS) provider that has been used by Cobalt Gang, FIN6, and other threat groups.Dubbed PureLocker, the malware comes with evasion methods and features that have allowed it to remain undetected for months. The use of PureBasic, a rather uncommon programming

Mexican state-owned oil company Petróleos Mexicanos (Pemex) on Sunday suffered a ransomware attack that took down parts of its network.The attack, the company claims, was quickly neutralized and only impacted less than 5% of the computers in its network.In an attempt to stop any rumors related to the suffered attack, the company also pointed out that it is o

ASP.NET hosting provider SmarterASP.NET is currently working on recovering customer data after being hit by a ransomware attack over the weekend.Operating since 1999, SmarterASP.NET has datacenters in the United States and Europe and serves over 440,000 customers worldwide.On Saturday, the company fell victim to a ransomware attack that resulted in its custo

Mozilla is working on addressing a Firefox bug that has been exploited by tech support scammers to lock the browser when users visit specially crafted websites.Attacks were spotted recently by Jérôme Segura of Malwarebytes, who told SecurityWeek that there are currently two known Firefox bugs that have been abused in tech support scams.Exploitation only requ

Ecommerce fraud prevention solutions provider Riskified has raised $165 million in a Series E funding round at a valuation of over $1 billion.The latest funding round, which brings the total raised by the firm to over $228 million, was led by General Atlantic, with participation from Fidelity Management & Research Company, Winslow Capital Management, and

A newly discovered exploit kit (EK) is being employed in live attacks despite the fact that it’s still in an unfinished state, Trend Micro’s security researchers reveal.Dubbed Capesand, the toolkit was discovered in October 2019, when a malvertising campaign employing the RIG EK to drop DarkRAT and njRAT switched to using it for delivery instead.The new thre

The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines.The BlueKeep vulnerability, officially tracked as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) and it allows an unauthenticated attacker to execute arbitrary cod

A newly discovered backdoor associated with the advanced persistent threat (APT) actor Platinum has a long sequence of dropping, downloading and installing stages, Kaspersky reveals.Active for at least a decade but only detailed in 2016, Platinum is a cyber-espionage group mainly focused on the Asia-Pacific region. The hackers are known for the targeting of