Reading Time: ~ 2 min.
MedusaLocker Ransomware Spotted Worldwide
While it’s still unclear how MedusaLocker
is spreading, the victims have been confirmed around the world in just the last
month. By starting with a preparation phase, this variant can ensure that local
networking functionality is active and maintain access to network drives. After
shutting down security software and deleting Shadow Volume copies, it begins
encrypting files while setting up self-preservation tasks.
Bargain Website Server Exposes Customer Data
Several websites used by UK
customers to find bargains have left a database filled with customer data belonging
to nearly 3.5 million users completely unprotected and connected to the
internet. Along with the names and addresses of customers, the database also
included banking details and other sensitive information that could be used to
commit identity fraud. The researchers who initially discovered the breach
notified the site owners, but received no response or any indication the leak would
be resolved until nearly six weeks after the database was left exposed.
Arrests Made Following Major BEC Scam
At least three individuals have been arrested in Spain for
their connection to a business
email compromise (BEC) scam that netted over 10 million euros and affected
12 companies across 10 countries. It appears the operation began in 2016 and involved
the cooperation of multiple law enforcement agencies. By creating a web of fake
companies and bank accounts, the group was able to successfully launder money into
various investments, including real estate, in an attempt to remain undetected.
LA Court System Hacked
The perpetrator of a 2017 spear phishing attack on the LA
court system was sentenced to 145 months in prison following convictions on
charges of wire fraud, unauthorized access to a computer, and identity theft. The
individual was able to compromise employee email accounts and use them to
launch a malspam campaign that distributed over 2 million emails.
Pennsylvania School District Hacked
Multiple students are being questioned after school district
officials noticed unauthorized access to the student assistance site Naviance,
a hack which appears to have been an attempt “to gain a competitive edge in a
high-stakes water gun fight.” Access to the site would have also given them
access to other student’s personal data, though no financial or social security
information is stored on the site. District officials determined the security
practices for the site lacking but have not currently released plans for improvement.