Reading Time: ~ 2 min.
Adult Website Leaks Trove of Sensitive Data
An recently discovered unsecured database belonging to the
adult streaming site Cam4
was found to contain nearly 11 billion unique records amounting to seven terabytes
of data. For a site with billions of visitors each year, the exposed data could
affect millions who have visited the site since March 16 of this year, and could
be used to further harm individuals whose connection to the site could be
politically or socially sensitive. While the database was quickly taken
offline, an analysis of the data showed that, though much of the data belonged
to U.S. citizens, millions of others were from South America and Europe.
Hundreds of COVID-19 Scam Sites Taken Down by HMRC
Her Majesty’s Revenue & Customs (HMRC)
has recently taken down nearly 300 COVID-related scam sites and domains. Hackers
are opportunistic and have taken to preying on people trying to get information
on the current pandemic but are finding themselves as victims of financial scams
and phishing attempts. Fortunately, many organizations have taken up the cause
of identifying and removing these harmful sites.
Nearly One Million WordPress Sites Under Attack
At least 24,000 unique IP addresses have been identified in
a series of on-going attacks targeting vulnerabilities in more than 900,00 WordPress
sites. Many vulnerabilities have been patched in recent months, but some sites
have yet to update their plugins and remain at risk. The attacks inject malicious
scripts into website headers when the WordPress user is logged in. Otherwise,
the victim is redirected to another malicious advertisement, in hopes of
gaining some profitable information.
Tokopedia Breach Leaves 91 Million User Records Up for Grabs
Over 91 million user records belonging to Tokopedia,
a major Indonesian e-commerce firm, were recently found for sale on a dark web.
The sale offered records for 15 million individual, likely stolen during a
security incident in March, for $5,000. With millions of users and merchants
using the site regularly, the company has issued a notice for users to change passwords
as they investigate the breach.
Ransomware Demanding More as Corporations Continue to Payout
In recent fiscal quarters, the earnings for Sodinokibi and Ryuk ransomware have been rising steadily as SMBs and corporations are increasingly paying ransoms for data. Over the first quarter of 2020, the average ransom payout hovered around $111,000. A year prior, the average neared only $12,000 for large companies, typically very willing to pay for the quick return of their data, so limiting the amount of downtime an attack may cause. The top earning ransomware variants, Ryuk and Sodinokibi, both have shifted their focus from service providers to carefully targeted large corporations and have even pushed ransom demands over $1 million in some instances.
The post Cyber News Rundown: HMRC Takes Down COVID-19 Scam Sites appeared first on Webroot Blog.