Data Breach Nabs HSBC Account Info

HSBC has been monitoring some unauthorized access occurring over a ten-day period on their customer’s online accounts. During this time, attackers used credentials that were likely part of prior breaches to access numerous accounts. HSBC worked quickly to disable online access to any accounts that showed suspicious activity. The bank also began notifying potential victims of the incident and have taken additional steps in securing their online access points.

Latest Chrome Iteration Cracks Down on Annoyances

With the rollout of Google’s Chrome 71, the company is looking to enhance the user experience by blocking all advertisements on sites that have continued to allow the hosting of offensive material. Chrome 71 will also be more efficient at blocking phishing attacks and misleading pop-up notifications that may redirect users. Fortunately, sites that are flagged can check their status and are given 30 days to correct for offending content.

University Shuts Down Network Over Cryptomining

A Canadian University was forced to shut down its entire network after IT staff discovered a cryptocurrency miner operating illicitly on several university systems. While they are still unsure who installed the cryptominer, they have removed the software from the systems and brought the remainder of the networks back online. Along with slowly restoring the remaining services taken offline, the university also forced a password change for all current users.

Cardless ATMs Lead to Rise in Phishing Attacks

Several arrests in Ohio have recently revealed a new scam that leverages SMS phishing attacks to withdraw money from ATMs that don’t require the use of a bank card. By sending a victim’s smartphone an SMS message containing a link to “unlock” their accounts, they are redirected to a phony site that steals their credentials. The scam has netted the attackers nearly $68,000 over a two-week period.

Twitter Bitcoin Scammers Take Over Verified Accounts

Even as Twitter-based Bitcoin scams have slowed, a new Elon Musk spoof account has popped up with the usual offer to multiply any amount of Bitcoins received and return the inflated amount. This scammer may have the benefit of taking over a verified account, but modifications to the profile name and obvious spelling errors reveal its clearly not legitimate, though it does leave raise questions regarding the verification system’s security.

Connor Madsen

About the Author

Connor Madsen

Threat Research Analyst

As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.

Share This