Weekly Recap of Cybersecurity News 12/8

Cybersecurity News

In case you missed it, here are some of the biggest cybersecurity news stories from the past week!


New PayPal Scam Wants You To Verify Bogus Transactions
It’s holiday time, and shoppers around the globe are snapping up deals wherever they can be found online. That includes millions of PayPal users, who cybercriminals are targeting with a fresh round of email attacks. Read More


National Credit Federation leaked US citizen data through unsecured AWS bucket
The National Credit Federation (NCF) has become the latest in a long list of companies to leave the sensitive, private data of customers exposed for all to see online. According to Chris Vickery, UpGuard Director of Cyber Risk Research, the Tampa, Fla.-based credit repair firm left 111GB of internal customer information on an Amazon Web Services S3 cloud storage bucket configured to allow public access without restriction. Read More


Uber paid 20-year-old man to hide hack, destroy data
Uber reportedly paid a hacker from Florida $100,000 under the guise of a bug bounty program to keep quiet about a data breach which exposed information belonging to 57 million users. Read More


Iranian Hackers Have Been Infiltrating Critical Infrastructure Companies
The international intelligence agency always has a keen interest in Iran’s hacking activity. And new research published by the security firm FireEye on Thursday indicates the country’s efforts show no signs of slowing. Read More


Bitcoin exchange NiceHash hacked, $68 million stolen
Users are watching the attacker’s wallet address like hawks, waiting for any movement of their stolen coins after Bitcoin mining platform and exchange NiceHash has been hacked, leaving investors short of close to $68 million in BTC. Read More


Phishing Schemes are Using Encrypted Sites to Seem Legit
On Tuesday, the phishing research and defense firm PhishLabs published new analysis showing that phishers have been adopting HTTPS more and more often on their sites. When you get a phishing email or text, the sites they lead to—that try to trick you into entering credentials, personal information, and so on—implement web encryption about 24 percent of the time now, PhishLabs found. Read More


Quant Trojan upgrade targets Bitcoin, cryptocurrency wallets
It isn’t that surprising that cyberattackers have taken note of the recent surge in value when it comes to Bitcoin. Now researchers have noticed that the Quant Trojan has been given a significant update designed to target cryptocurrency wallets and the Bitcoin they hold. Read More


Ashley Madison Caught Exposing Cheaters’ Private Photos
Despite the catastrophic 2015 hack that hit the dating site for adulterous folk, people still use Ashley Madison to hook up with others looking for some extramarital action. For those who’ve stuck around, or joined after the breach, decent cybersecurity is a must. Except, according to security researchers, the site has left photos of a very private nature belonging to a large portion of customers exposed.
Read More


A popular virtual keyboard app leaks 31 million users’ personal data
Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app’s developer failed to secure the database’s server. The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalized on-screen keyboard, which boasts more than 40 million users across the world. Read More


PayPal’s TIO Networks reveals data breach impacted 1.6 million users
PayPal’s recently-acquired payment processor TIO Networks has revealed that up to 1.6 million customers have had their information stolen in a recent data breach. Last week, the Vancouver, Canada-based TIO Networks said that following the suspension of operations, evidence has been uncovered of a data breach due to “unauthorized access.” Read More


NSA employee pleads guilty after stolen classified data landed in Russian hands
A former National Security Agency hacker has admitted to illegally taking highly classified information from the agency’s headquarters, which was later stolen by Russian hackers. Nghia Pho, 67, a Maryland resident who worked for the NSA’s Tailored Access Operations, the agency’s elite hacking unit, entered a guilty plea on Friday to charges of willful retention of national defense information. Read More


Like our content?
Subscribe to our blog above and get content delivered straight to your inbox or follow us on LinkedIn, Twitter, and Facebook to stay up to date on the latest news in cybersecurity!