Landry’s, a popular restaurant chain in the United States, has announced a malware attack on its point of sale (POS) systems that allowed cybercriminals to steal customers’ payment card information. Landry’s owns and operates more than 600 bars, restaurants, hotels, casinos, food and beverage outlets with over 60 different brands such as Landry’s Seafood, Chart House, Saltgrass Steak House, Claim Jumper, Morton’s The Steakhouse, Mastro’s Restaurants, and Rainforest Cafe. According to the breach notificationpublished this week, the malware was designed to search for and likely steal sen ..read more

Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one such recent privacy mishap, smart IP cameras manufactured by Chinese smartphone maker Xiaomi found mistakenly sharing surveillance footage of Xiaomi users with other random users without any permission. The issue appears to affect Xiaomi IP cameras only when streamed through connected Google’s Nest Hub, which came into light ..read more

The web crawlers and scanners mostly concentrate on HTML and JavaScript files and often ignore media files. Threat actors are particularly using WebSockets to provide a more covert way to exchange data than typical HTTP request-responses. Steganography has long been used by malware authors to hide malicious data within legitimate-looking images and currently, it is being used by cybercriminals to spread credit card skimmers. What is the matter? According to a report from Malwarebytes Lab, a new steganography-based credit card skimmer has been spotted that targets online retail shops. To t ..read more

A 22-year-old man who claimed to have access to over 300 million iCloud accounts and threatened to factory reset all accounts unless Apple pays ransom has pleaded guilty in London for trying to blackmail Apple. In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the “Turkish Crime Family” and in possession of 319 million iCloud accounts. Albayrak gave Apple a deadline until April 7, 2017, to pay up $75,000 in crypto-currency or $100,000 worth of iTunes gift cards in return for deleting the copy of stolen database, the U.K. National Crime Agency ..read more

The web crawlers and scanners mostly concentrate on HTML and JavaScript files and often ignore media files. Threat actors are particularly using WebSockets to provide a more covert way to exchange data than typical HTTP request-responses. Steganography has long been used by malware authors to hide malicious data within legitimate-looking images and currently, it is being used by cybercriminals to spread credit card skimmers. What is the matter? According to a report from Malwarebytes Lab, a new steganography-based credit card skimmer has been spotted that targets online retail shops. To t ..read more

The seized web domains were used to send phishing emails and host phishing pages. The victims included government employees, think tanks, university staff members, members of organizations related to human rights and that worked on nuclear proliferation issues. In a major crackdown, Microsoft has announced that it successfully took down 50 web domains operated by the North Korea-based Thallium hacking group. These domains were used to launch cyberattacks from the group. The APT group has been active since at least 2010 and Microsoft revealed that the hackers launched spear-phishing usi ..read more

The Internet of Things vendor confirmed that customer data was left unsecured on an Elasticsearch database.  An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers. Wyze makes smart home cameras and connected devices like connected bulbs and plugs, which can be integrated with smart home assistants like Amazon Alexa and Google Assistant. The database, which was exposed on Dec. 4 until it was secured on Dec. 26, contained customer emails along with camera nicknames, WiFi SSIDs ..read more

Cloud services and networking are driving the concept of digital businesses, yet traditional networking and cybersecurity architectures are far from meeting the demands of the digital business. Gartner’s “The Future of Network Security Is in the Cloud” report spells out the potential for the transformation of networking and security in the cloud, built upon a new networking and security model. That model is called Secure Access Service Edge (SASE), a term coined by Gartner’s leading security analysts Neil MacDonald, Lawrence Orans, and Joe Skorupa. Gartner claims that SASE has the pot ..read more

Skyrocketing data breaches bring incalculable losses to organizations and can cost cybersecurity executives their jobs. Here we examine the top five places in 2019 where cybercriminals are stealing corporate and government data without ever getting noticed and then learn how to avoid falling victim to unscrupulous attackers. 1. Misconfigured Cloud Storage 48% of all corporate data is stored in the cloud compared to 35% three years ago, according to a 2019 Global Cloud Security Study by cybersecurity company Thales that surveyed over 3,000 professionals across the globe. Contrastingly, only 32 ..read more

Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state. And when we say this, Signal Private Messenger—promoted as one of the most secure messengers in the world—isn’t any exception. Google Project Zero researcher Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could allow malicious caller to force a call to be answered at the receiver’s end without requiring his ..read more