February 20, 2021 — A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, and security researchers are still trying to understand precisely what it does and what purpose its self-destruct capability serves.
Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met. Source: arstechnica
February 18, 2021, — Australians were the recipients of almost 60,000 online sextortion attempts in January 2021, a leading cybersecurity firm has revealed.
February 11, 2021, — unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system.
February 11, 2021 — MEMPHIS, TN—Many romance scammers promise love, passion, and a lifetime of happiness, but in reality, they are looking for victims to rob of their savings. The FBI Memphis Field Office is continuously working to raise awareness about online romance scams, also called confidence fraud. In this type of fraud, scammers take advantage of people looking for companionship or romantic partners on dating websites, apps, chat rooms, and social networking sites with the sole goal of obtaining access to their financial or personal identifying information. Romance scams are prevalent, especially during this time of year. Increased isolation brought on by the COVID-19 pandemic has also resulted in more people looking for love online. Source: MEMPHIS
February 11, 2021 — ALOR GAJAH: Melaka police have seized 700 computers servers running on stolen electricity to mine cryptocurrency at a two-storey shoplot at Pusat Perniagaan Pulau Sebang here yesterday.
Deputy police chief Shahrul Lalli Masduki said the illegal activity, believed to be going on for about two months, had caused Tenaga Nasional Berhad to suffer losses of about RM648,000.
He said a 35-year-old man was detained. Source: FMT
February 6, 2021 — Aussies have been warned about a Netflix scam doing the rounds, after cyber security firm MailGuard intercepted a malicious email from a hacker purporting to be from the streaming service.
MailGuard said the phishing emails used a display name of ‘Netflix Membership’, and were titled ‘We recently detected an issue with the billing information associated with your Account’.
With 11.9 million Aussies using Netflix, cybercriminals have taken advantage of the popular streaming service’s name in order to trick users into spilling their bank details.
The email uses a Netflix logo, and prompts readers to ‘update their details’ via a button at the end of the email. Source: yahoo!finance
February 6, 2021 — Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner. An app that has 10,000,000+ installs from Google Play! We quickly added the detection, and Google quickly removed the app from its store. Source: MalwarebytesLABS
February 5, 2021 — Eletrobras, the largest power company in Latin America, faces a temporary suspension of some operations.
Two state-owned utility companies in Brazil suffered separate ransomware attacks in the past week, forcing them to shut down some operations and services temporarily, In one case, sensitive data was stolen and dumped online, including network access logins and engineering plans. Source: threat post
February 4, 2021 — GHL Group has launched an investigation into the E-Pay data breach allegations.
Personal details of over 300,000 E-Pay customers appears to have been exposed online through a data breach. A threat actor was spotted selling a database of 380,000 customers on an data sharing forum for USD 300 (about RM1,215). That’s about 0.32 sen per user.