Industry Intel

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click? That’s what we wanted...

Key Considerations When Selecting a Web Classification Vendor

Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of...

4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy

Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now...

Ransomware: The Bread and Butter of Cybercriminals

Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have? Substitute your digital...

Cyber News Rundown: Magecart Massive Attack

Reading Time: ~ 2 min.

Magecart Launches Largest E-commerce Attack to Date

Roughly 2000 e-commerce sites were compromised in the latest Magecart campaign targeting an out-of-date version of Magento software. It’s believed an additional 95,000 sites that haven’t patched to the latest Magento version could also be targeted by the payment skimming malware. The campaign began last Friday and by Monday had stolen data from over 1,900 stores serving tens of thousands of customers.

Staples Delivery System Responsible for Data Breach

Nearly two weeks after being contacted by a cybersecurity firm regarding their use of unsecured VPN servers, Staples has released a statement about a data breach that stemmed from a flaw in their delivery systems. Because Staples’ delivery tracking system required only an order number to pull up the entire order summary, customers were able to enter any number around their own order and access payment and other sensitive information belonging to other Staples customers. While the company has since resolved the flaw, it seems they have not yet contacted victims whose information was exposed.

Staffing Firm Suffers Second Ransomware Attack in 2020

Artech Information Systems, a global IT staffing firm, has recently fallen victim to their second ransomware attack of the year. Following a January attack by the REvil ransomware group, which released a small portion of company data after not receiving a ransom payment, Artech has now been infiltrated by the MAZE group, likely using a prior backdoor to the systems. Secondary ransomware attacks typically stem from improper resolution of the initial attack that leaves a system an easy target for another group.

Misconfigured Elasticsearch Exposes Over 100,000 Razer Customers

A security researcher found an unsecured Elasticsearch cluster late last month containing highly sensitive information for over 100,000 Razer customers. The exposed data contained personally identifiable information and order details with everything but the actual payment card data. Fortunately, Razer was quick to resolve the issue after being notified and set up an email worried customers could contact for more information.

SunCrypt Ransomware Targets University Hospital New Jersey (UHNJ)

Over 240GB of data was allegedly stolen from the University Hospital New Jersey after a SunCrypt ransomware attack. The attack was likely initiated against university systems shortly after a TrickBot infection last month compromised systems. The owners of SunCrypt have already released 1.7GB of the stolen data, which equates to roughly 48,000 documents containing highly sensitive personal information on patients and employees.

Cyber News Rundown: Android Giveaway Fraud

Reading Time: ~ 2 min.

Thousands of Android Users fall Victim to Giveaway Fraud

Upwards of 65,000 Android users were potentially compromised after installing a malicious app promising free giveaways. Over the year the scam was in effect, roughly 5,000 apps were spoofed to lure victims into downloading in exchange for a phony giveaway. In reality, the infection pushes silent background ads which generate ad revenue for the scammers and decrease device performance.

North American Real Estate Firm Hit by Ransomware

A new ransomware variant known as DarkSide claimed its first victim, Brookfield Residential,  after operating for nearly two weeks. The North American real estate developer recently noticed unauthorized access to several systems and was left a ransom note stating that over 200GB of data had been stolen. The data has since been published to DarkSide’s leak site, which has prompted many to speculate the ransom was not paid by Brookfield Residential.

Cryptominers Caught Using AI

Researchers have been at work creating an AI algorithm to detect malicious cryptocurrency miners while avoiding legitimate ones. The detection method compares currently running miners to graphs of both legitimate and illegitimate miners and monitors changes between the processes being used and the scheduling of mining activity. This type of detection may be put to use to decrease the overall use of malicious code that can often tax the system’s CPU usage to max capacity.

Los Angeles School District Suffers Cyber Attack

Just weeks after the FBI issued a warning about the threat of cyberattacks against school districts, the Rialto School District in California has fallen victim to just such an attack. These setbacks have made the return to online schooling particularly difficult. The extent of the attack remains unclear and officials are still working to determine the effects on the 25,000 enrolled students.

Maze Ransomware Cartel Adds New Variant Team

The authors of the lesser-known ransomware variant SunCrypt have recently joined forces with the Maze ransomware cartel. It’s believed the new cartel members were brought in to assist with the high volume of attacks that the Maze Group is handling and are being paid with a portion of its profits. In addition to new revenue streams from its partnership with the organization, cartel members also benefit from access to the Maze Group’s resources including obfuscation techniques and posting cartel member’s stolen data to their dedicated leak site.

Cyber News Rundown: Ransomware Targets Major Cruise Line

Reading Time: ~ 2 min.

Ransomware Attack Targets Major Cruise Line

Officials for Carnival Cruises have confirmed that a portion of their IT systems were encrypted following a cyberattack identified over the weekend. The company also revealed that sensitive information for both employees and customers was illicitly accessed, though they did not admit to what extent.

Millions of Social Media Profiles Exposed

More than 235 million social media profiles belonging to several major platforms, which contained personally identifiable information including names, locations and contact data, were publicly exposed due to a misconfigured database. Social Data, an online data marketing broker, seems to be the owner of the data, though it is unclear how they obtained it since data scraping for profit is generally not tolerated by Facebook or other platforms. According to Social Data, the database was exposed for up to three hours after initially spotted. It remains unknown how long the data was accessible without authentication.

Wine and Spirits Conglomerate Suffers Ransomware Attack

Brown-Forman, the parent company of many major liquor brands, recently fell victim to a ransomware attack that appears to be the work of the REvil ransomware authors. While the company was able to detect and thwart the attack before encryption, upwards of 1TB of highly sensitive internal information on employees, clients, and financial statements was stolen. Though no formal ransom was delivered, the attackers are likely to auction the data imminently.

File-less Worms Creates Linux Crypto-mining Botnet

Linux systems are on the lookout for a new infection that has been silently creating a botnet to employ ­­target machines as crypto miners. Since the start of the year, over 500 SSH servers have been infected around the world by a worm creating additional backdoors to allow attackers to return to the systems later. Due to the file-less nature of this infection, a simple reboot of the system can temporarily remove the malicious processes, but because the login credentials have already been exported the system can be quickly re-infected.

Canadian COVID-19 Relief Sites Breached

Several Canadian government websites connected to healthcare relief funds were breached with the intent to steal COVID-19 relief fund payments. Though only a small portion of the 12 million total accounts, 9,000 GCKey accounts were directly affected after being breached via credential-stuffing. Credential-stuffing uses brute force attacks with employs previously leaked credentials in the hopes victims use the same login info for multiple sites. Since the websites affected don’t use multi-factor authentication, the odds of a successful credential-related attack were increased.

Cyber News Rundown: Ransomware Strikes Colorado Town

Reading Time: ~ 2 min.

Colorado Town Suffers Ransomware Attack

The town of Lafayette, Colorado, fell victim to a ransomware attack last week without the capability to recover from the attack without paying a ransom of $45,000 in cryptocurrency. The attack disabled many city services for a number of days until officials determined they would not be able to recover without paying for systems to be decrypted. This attack was another example of how having data backed up, even if somewhat dated, is less expensive and more secure in the long run.

Illinois Healthcare Data Breach

The Illinois healthcare system suffered a multi-month data breach stemming from several compromised email accounts earlier this year. The breach does not affect all IHS clients, but those who were affected had much of their sensitive information, including social security numbers and personal health documents, leaked. The breach began in early February, but victims were not informed until the end of July, when they were offered credit and identity monitoring services to protect against illicit use of their data.

Cyberattack Strikes InfoSec Training Organization

One of the largest cybersecurity training organizations was recently targeted by a phishing attack against an internal email account. The compromised account was then used to install an illicit Office365 add-on to maintain control of the account and to forward over 500 emails to a third-party account, many of which contained sensitive information on customers. Affected customers have been contacted and warned to be vigilant against future phishing attacks.

Pace Center Data Compromised Following Blackbaud Breach

Some donor data for the Florida-based non-profit Pace Center for Girls was leaked after a data breach targeted its software provider, Blackbaud, in May. The breach affected over 200 organizations relying on Blackbaud for cloud-computing services and contained personally identifiable information on thousands of donors. Fortunately, no payment card data was included in the breach and the Pace organization has begun improving security protocols to avoid further attacks. ­­

Payment Card Data Stolen from MSU Website

At least 2,600 individuals were possibly affected by a payment card leak after the Michigan State University online shop was infiltrated through a known website vulnerability. The attack used a card-skimming technique and remained active on the site for nearly a year, leaving many customer’s data vulnerable to other possible attacks. This would be the second cybersecurity-related incident to target MSU in the last year. In May, the university was hit with a ransomware attack that resulted in the publishing of stolen data.

Cyber News Rundown: Twitter Hack Arrests

Reading Time: ~ 2 min.

Multiple Individuals Charged for Twitter Hack

Three people were charged with last month’s Twitter hack, which generated over $100,000 in bitcoin by hijacking high-profile accounts. Of the 130 accounts used to spread the Bitcoin scam, major names included Elon Musk and Bill Gates, who have been portrayed in similar past scams. The FBI was apparently able to identify the perpetrators through a known hacking forum offering Twitter account hacking services for a fee.

Kentucky Unemployment Faces Second Breach in 2020

Kentucky’s unemployment system suffered its second data breach of the year last week. The breach came to light after a user reported being able to view another’s sensitive information while attempting to review their own. Officials are still uncertain how the breach occurred or the exact contents of the information available to the person who reported the incident.

Canon Suffers Ransomware Attack

Several services related to Canon, including its cloud storage systems, fell victim to a ransomware attack that knocked them offline for nearly a week. In addition to the offline systems, more than 10TB of customer data were allegedly stolen and a ransom note pertaining to the Maze Ransomware variant was identified. A large number of Canon’s website domains were also taken offline, with an internal server error being displayed to site visitors.

Havenly Interior Design Breach

A data trove containing roughly 1.4 million Havenly user accounts were posted for sale on a Dark Web marketplace last week. It included personally identifiable information of customers including names, physical addresses and emails. The company’s official statement stated no financial information was lost in the breach. While Havenly has recommended all customers update their login credentials, the breach occurred well over a month ago, enough time for affected customers to be subjected to identity theft or attacks aimed at compromising further accounts.

Massive VPN Server Password Leak

The credentials for over 900 enterprise-level VPN servers from Pulse Secure recently appeared on a hacker forum known to be frequented by ransomware groups. The plain-text information contains enough information to take full control of the servers that are currently running a firmware with known critical vulnerabilities identified within the past two months. The vulnerability that allowed this breach, CVE-2019-11510, was identified and a patch was released late last year. Many of the attack’s victims had neglected to implement the patch.

Cyber News Rundown: WasteLocker Ransomware

Reading Time: ~ 2 min.

Garmin Hit with WastedLocker Ransomware

Nearly a week after the company announced they had suffered a system outage, Garmin has finally admitted to falling victim to a ransomware attack, likely from the increasingly popular WastedLocker variant. As is the norm for WastedLocker, the attack was very specific in its targeting of the company (even mentioning Garmin by name in the ransom note) and took many of their services offline. Though Garmin has confirmed that no customer data was affected, they are still unsure when their services will return to full functionality.

Israeli Marketing Firm Suffers Data Breach

More than 14 million user accounts held by the Israeli marketing firm Promo were compromised in a recent breach. Subsequently, at least 1.4 million decrypted user passwords were found for sale on a Dark Web forum, along with 22 million records containing highly sensitive information. The company has since contacted affected customers and is pushing a forced password reset.

Netwalker Ransomware Targets U.S. Government Organizations

The FBI has released a security statement concerning Netwalker ransomware attacks, which have targeted both U.S. and foreign government agencies in recent months. Netwalker is known for exploiting remote desktop utilities to compromise major enterprise networks. It also offers ransomware-as-a-service to other cybercriminals. The best methods for blocking these types of attacks is setting up two-factor authentication (2FA) and creating offline data backups to protect in case of a successful breach.

Lazarus Hacking Group Branches Out to Ransomware

The North Korean state-sponsored hacking group Lazarus has added ransomware to their latest attacks. Unfortunately for the group, the ransomware variant they’ve chosen is inefficient at encrypting data, sometimes taking up to 10 hours to fully encrypt a single system. These attacks are similar to those targeting Sony Pictures in 2014 and those that affected the 2018 Winter Olympic games, both of which are suspected to have been conducted by state-backed actors.

Nefilim Ransomware Begins Publishing Dussman Groups Data

At least 14GB of data belonging to a subsidiary of Dussmann Group, a major German MSP, is being leaked by the operators of the Nefilim ransomware variant. The operators have confirmed they were able to obtain roughly 200GB of data from the subsidiary after discovering a still-unknown method for compromising the network. Customers affected by the leak have already been notified.

Cyber News Rundown: ATM Jackpotting Attacks Rise

Reading Time: ~ 2 min.

ATM Jackpotting Attacks on the Rise

ATM manufacturer Diebold Nixdorf has identified a malicious campaign that uses proprietary software to “jackpot” the machines. The attack requires malicious actors to breach the ATM manually and then use the software to force the machine to dispense cash at a rapid rate, known within the industry as jackpotting. While these attacks don’t seem to affect customer data or finances, the company is unsure how the attackers obtained the proprietary software used in the scam.

Ransomware Locks Down Telecom Argentina

Telecom Argentina is being extorted for over $7.5 million following a ransomware attack last week. The hacker group REvil is believed to be behind the attack, which may mean the stolen data is set to be posted on the group’s auction site. Officials are still unsure of how the intrusion occurred, but it’s likely to have stemmed from a compromised remote access point.

Maryland Health Services Breach Affects Thousands

More than 40,000 individuals may have had personal information leaked after a ransomware attack on Lorien Health Services in Maryland. The breach was discovered in June, but after the healthcare provider refused to pay the ransom the hackers began publishing the stolen data, which includes Social Security Numbers and other highly sensitive information. Lorien was quick to notify affected clients and had begun offering credit monitoring services to those affected within two days of the attack being confirmed.

University of York Data Breach

The University of York in the UK has learned of a data breach that occurred in May and could affect a considerable number of students and staff. The breach itself was enabled by a third-party service provider and contained personally identifiable information on an unknown number of victims. While there is little the university can do to contain this type of attack, it comes as another reminder of the importance of supply chain data security and the knock-on effect of such attacks.

Meow Attacks Target Vulnerable Databases

Dozens of unsecured databases from Elasticsearch and MongoDB were wiped in a new malicious campaign that seems to attack indiscriminately. Discovered within the last week, the Meow attacks as they’re known appear to use an automated script to overwrite any data in vulnerable databases and destroy any remaining data. This string of attacks may encourage stronger security policies among previously lax database administrators, but the lesson is costly for affected businesses.

Cyber News Rundown: GoldenSpy

Reading Time: ~ 2 min.

Malware Discovered in Chinese Tax Software

As part of an official Chinese tax initiative, researchers have found multiple backdoors into mandatory tax software installed on all Chinese business systems. The new malware is called GoldenHelper, in a nod to the command-and-control domain tax-helper.ltd, and has been in active development and use since 2018. The latest campaign, dubbed GoldenSpy, is adept at avoiding detection and began within months of the old command-and-control servers going offline.

Texas Collections Company Suffers Data Breach

The Texas billing and collection company Benefits Recovery Specialists Inc. has announced that a breach containing data on over 250,000 customers occurred in April. The breach leaked personally identifiable information including Social Security Numbers, birthdates and physical addresses, that could all be used to launch additional attacks. Affected clients began receiving notifications about the breach in June, though the company has still not shared what malware was installed by the perpetrators.

Microsoft Fixes 17-Year-Old DNS Flaw

After nearly 17 years of being active and exploitable, Microsoft has finally identified and resolved a major vulnerability involving a worm-like transmission that requires no human interaction. With the help of a third-party security firm Microsoft was able to patch the vulnerability before it caused significant damage, though the time was certainly there for malicious actors to use the flaw to execute any number of malicious executables onto an endless string of compromised machines.

UK Ticket Provider Leaves 4.8 Million Logins Unsecured

A collection of roughly 4.8 million login credentials have been found in a leaked database belonging to a major UK ticker provider serving customers around the world. Among the credentials were domains belonging to several government agencies along with millions of consumer webmail users. The site has also been targeted in the past by attackers looking to deface the website and has been called vulnerable to SQL injection should attackers pursue that method.

Wattpad Database Compromises Millions of Users

Officials have been working over the past week to remediate a data breach that could affect over 200 million users of Wattpad. The compromised database was listed for $100,000 on a Dark Web sale site, but was later re-listed with no price. Its owners claim to hold records for over 271 million users. Wattpad has stated that, though personally identifiable information was revealed in the breach, no financial information was accessible since Wattpad doesn’t store it directly on its servers.

Cyber News Rundown: Ragnar Locker

Reading Time: ~ 2 min.

Ragnar Locker Attacks Portuguese Energy Producer

It was recently confirmed that Energias de Portugal (EDP), one of the largest energy producers in the world, has fallen victim to the Ragnar Locker ransomware variant. The original attack took place in April but was only discovered in May after nearly three weeks of being active on their systems. After contacting affected customers, the company also revealed it was subject to a Bitcoin ransom of roughly $10 million to ensure the stolen data wasn’t publicly released.

Xchanging MSP Falls Victim to Ransomware

An MSP known as Xchanging, which primarily serves the insurance industry, was hit with a ransomware attack over the weekend that forced it to take many of its systems offline. Though the attack was largely confined to Xchanging’s systems and only affected a small number of customers, it is still unclear how long the infection was active before discovery. In a statement, the company says it’s working to restore access to customer operating environments as quickly as possible.

Fitness Firm Exposes Customer Info

Nearly 1.3 million customer files and photos were compromised after the fitness firm V Shred was breached, potentially affecting up to 100,000 clients. The data was stored on an improperly configured Amazon S3 bucket that was discovered as a part of a larger mapping project that had already located several similar leaks. While V Shred confirmed much of the data was publicly available, it originally denied that the dataset itself contained full names, addresses, and other highly sensitive personal information that could be used maliciously.

Magecart Group Surpasses 570 Victim Sites

In the three years since Magecart Group 8’s initial foray onto the card-skimming scene, it has successfully compromised over 570 e-commerce sites around the world. More than 25 percent of the attacks targeted US domains and stemmed from 64 unique attack domains that were able to distribute injected JavaScript software with relative ease. Many were nearly identical to legitimate domains. It’s believed the group has netted over $7 million from selling stolen payment card information since April 2017.

Clubillion Casino App Leak Could Affect Millions

A database containing personally identifiable information on millions of users of the casino app Clubillion was compromised in late March. The breach was discovered and secured within five days, though heavy traffic to the site may have enabled the compromise of hundreds of thousands more individuals in that time. These types of apps are common targets of cyberattacks because they hold such large quantities of sensitive data that can be used for further attacks by leveraging the stolen data.

Cyber News Rundown: WastedLocker Shuts Down US News Sites

Reading Time: ~ 2 min.

WastedLocker Shuts Down US News Sites

Over 30 news sites were compromised in the latest WastedLocker attack that affected many sites under a single parent company. Of the more than 30 companies targeted, eight belong to the Fortune 500 group and were in the early stages of a experiencing a fully encrypting ransomware attack. Luckily, security teams monitoring these sites acted quickly and were able to block attacks against some sites while mitigating extensive damage to others. The infiltration of these sites was caused by employees accessing previously injected websites and compromising themselves in the process.

UCSF Pays Hefty Ransom

Following a ransomware attack on the University of California San Francisco (UCSF) last month, officials have decided to pay a ransom of $1.14 million to decrypt several vital systems. The ransom amount was decided upon after negotiations between the university and the attackers. The original ask was around $3 million but was cut to less than half and was paid the following day. UCSF is one of three universities targeted with ransomware by the Netwalker hacker group in June that decided to pay a ransom to restore normal network function.

EvilQuest Wiper Targets MacOS

A new malicious actor has taken aim at MacOS with an info-stealer disguised as a ransomware attack that goes by the name of EvilQuest. Upon execution of the malicious installer, the malware begins encrypting files indiscriminately and displays a ransom note demanding only $50 in Bitcoin for decryption. The notice of encryption, however, is merely a cover for the damage occurring behind the scenes: sensitive files removed from the system with no way to retrieve them.

Fake DNS Update Looks to Steal Login Credentials

Researchers have spotted a new malicious email campaign that spoofs security companies and claims to offer a DNS update if the domain admin enters their credentials. Using a surprisingly accurate landing page, which mocks the real login sites convincingly, the site user is instructed to log in to update. To make matters worse, the attackers can scan for the site’s hosting service and customize the fake landing page to their specific victim, thus ensuring a higher probability of gaining their login info.

Passports Compromised in COVID19 Scam

In the continuing saga of COVID19 HMRC scams, attackers in Great Britain have begun focusing on the passport details of self-employed individuals in hopes of attaining personal or banking information. The scam itself originates as a text message with an urgent warning for the recipient to access a legitimate looking Her Majesty’s Revenue and Customs site to receive a tax refund. Dozens of victims have been identified across London. With these login credentials alone, attackers could access much of the victims’ data.

Cyber News Rundown: Knoxville Rocked by Ransomware

Reading Time: ~ 2 min.

Ransomware Knocks Out Knoxville, TN

Knoxville, Tennessee officials have been working over the past week to secure systems and determine if any sensitive information was stolen after a ransomware attack was identified. Fortunately, city IT staff were able to quickly implement security protocols and shut down critical systems before the infection could spread. Within the day, many of the targeted city domains were redirected to new sites, allowing city services to operate normally.

Magecart Attacks Multiple Online Retailers

Malicious Magecart scripts have been identified in recent months on multiple domains belonging to online retailers. Following the registration of a fake domain related to Claire’s in March, several weeks of inactivity passed before code was again spotted on Claire’s websites being used to intercept payment card transactions. It was finally removed from the company’s domains in the second week of June, but not before leaving thousands of customers potentially compromised.

Maze Ransomware Infiltrates US Chipmaker

The computer systems of MaxLinear, a U.S. computer chip maker suffered a Maze ransomware attack that forced them to take their remaining systems offline. Officials discovered that for more than a month there was unauthorized access resulting in the leak of over 10GB of stolen data from an alleged trove of over 1TB of total data. MaxLinear has since refused to pay the ransom and been in contact with affected customers. The manufacturer does not believe future operations will be delayed.

Over 100 NHS Email Accounts Compromised

Within the last two weeks a phishing campaign hit the National Health Service (NHS), successfully accessing over 100 internal email accounts. The affected accounts make up an extremely small portion of total NHS email accounts, of which there are nearly 1.4 million in total. The hacked accounts were used to distribute a malicious spam campaign designed to steal credentials through a fake login page.

DraftKings Announces Ransomware Attack Amidst Merger

Following the multi-way merger that resulted in the formation of DraftKings Inc., DraftKings revealed that one of the subsidiaries, SBTech, suffered a ransomware attack within weeks of the merger being finalized. While it is still not known what variant of ransomware was used in the cyberattack, officials have determined that no information was compromised. Rather, the attack was focused on taking their online systems down. Though SBTech was required to create a significant emergency fund preceding the merger, the deal seems to have been unaffected by the attack.

Cyber News Rundown: Nintendo Accounts Breached

Reading Time: ~ 2 min.

Nintendo Accounts Breached

Stemming from a cyber-attack back in April, Nintendo has just announced that roughly 300,000 user accounts have been compromised, though most belong to systems that are now inoperable. From the excessive unauthorized purchases, the attackers likely used credential-stuffing methods to access accounts and make digital purchases through PayPal accounts that were already logged in. Nintendo has since contacted the affected customers and has begun pushing out mandatory password resets.

Kingminer Botnet Locks Down Entry Points Behind Them

After nearly two years of operation, the owners of the Kingminer crypto jacking botnet have taken up a new tactic of patching the very vulnerabilities they used to illicitly access systems. This implementation is likely being used to block any other malicious campaigns from accessing the compromised systems and net them larger profits. By using the EternalBlue exploit and patching it behind themselves, they can brute force their way into any vulnerable system and then keeping their own crypto mining scripts active for an increased amount of time before being discovered.

Honda Shuts Plants After Ransomware Attack

Several Honda plants around the world have recently closed due to a ransomware attack that has targeted several manufacturing systems. The shutdown came only hours after a new Snake ransomware sample was uploaded to Virus Total and was seen attempting to contact an internal site belonging to Honda. Currently, officials for Honda are still working to determine exactly what parts of their systems were affected and if any personally identifiable information was compromised.

Scammers Created Fake SpaceX YouTube Channels to Steal Cryptocurrency

Multiple malicious YouTube accounts have changed their names to keywords relating to SpaceX in order to scam viewers out of Bitcoin cryptocurrency donations. While it should be obvious that these channels are not the legitimate SpaceX account based solely on the number of subscribers, the fake channels have also been livestreaming old recorded SpaceX interviews with Elon Musk, to improve their legitimacy. Unfortunately, during the livestreams, the channels promote cryptocurrency scams in the chat section to entice other viewers to send in a small amount of cryptocurrency with the promise of a significant amount more being sent back.

Florence, Alabama Pays Ransom Demand

In the last week, officials for Florence, Alabama have been working to negotiate with the authors of the DoppelPaymer ransomware attack that took down the city’s email systems. Though the initial ransom amount was 38 Bitcoins, or the equivalent of $378,000, the security team that was brought in was able to drop the demand to 30 Bitcoins, or $291,000, which the city has decided to pay. It is still unclear exactly what information may have been stolen or accessed, the Mayor of Florence concluded that it was best to just pay the ransom and hope their information is returned and their systems are decrypted.