Italy targeted by Ursnif banking Trojan
Over 100 banks in Italy have fallen victim to the Ursnif banking trojan, which has stolen thousands of login credentials since it was first discovered in 2007. The attack may have compromised up to 1,700 additional pairs of banking credentials through a payment processor, some of which were already confirmed to be legitimate by multiple Italian banks. The attack likely began as a malicious email using social engineering to trick users into clicking links.
Telemarketer leaves thousands of records exposed
A California-based telemarketing firm was recently alerted to an exposed Amazon AWS bucket containing over 100,000 records and requiring no authentication to access. Among the records were hours of customer phone calls and text-based communications. These contained sensitive information that could be used to launch further social engineering attacks, endangering the identities of thousands of clients. The AWS bucket has remained unsecured for more than two months since the company was notified.
Third party exposes decade of Malaysia Airlines customer data
Officials for Malaysia Airlines have announced that a third-party IT service provider had suffered a data breach that may have exposed information belonging to the airline’s Enrich frequent flyer program members for nearly a decade. While it remains unclear how many members had their information leaked, the airline has reached out to all members regarding updating their login credentials. None of their internal systems have been reported compromised.
Microsoft releases patches for multiple zero-day vulnerabilities
Microsoft has pushed out fixes for at least seven known vulnerabilities related to Exchange Servers in an off-cycle release. Four of the zero-day exploits are being actively targeted by malicious actors. These vulnerabilities were believed to have been compromised for nearly two months and are being used to steal sensitive information from within the affected systems. Users looking to deploy the patches should note that it will not cleanse already compromised systems, but would only prevent future exploitation.
Cyberattack takes PrismHR offline
Officials for PrismHR are working to restore functionality to their payroll platform after a suspected ransomware attack. IT workers were able to shut down the remainder of their unaffected systems before the attack could spread further, though the attack occurred over a weekend. The company has also confirmed that no customer information was stolen during the attack and that it is working to restore functionality from backups.
About the Author
Connor Madsen
Threat Research Analyst
As a Threat Research Analyst, Connor is tasked with discovering and identifying new malware variants, as well as testing current samples to ensure efficacy. Don’t miss the latest security news from around the world in his weekly Cyber News Rundown blog.