New Extortion Scam Threatens To Damage Sites’ Reputation, Leak Data
Ingalls Information Security
Enabling Innovation Through Better Cyber Risk Management
Check out recent news and resources to stay informed about what's happening in cybersecurity.
FEATURED ARTICLE
An active extortion scam is targeting website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data.
The attackers (self-dubbed Team Montesano) are sending emails with “Your website, databases and emails has been hacked” subjects. (Bleeping Computer)
EXPERT TAKE
“Unfortunately, there's evidence that some victims may have already paid these threat actors, but the extortion scams described in this article are just a new twist on low-effort scareware extortion scams with empty threats that have been around for a long time. We recommend that anyone who receives these emails to report them as junk and not to interact with them or to make “ransom” payments.”
–?Cyrus Robinson, SOC Director at?Ingalls Information Security
领英推荐
NEWS ROUNDUP
A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick." (The Hacker News)
With mandated spyware downloads to tens of thousands of surveillance cameras equipped with facial-recognition technology, the World Cup in Qatar next month is looking more like a data security and privacy nightmare than a celebration of the beautiful game. Football fans and others visiting Qatar must download two apps: Ehteraz, a Covid-19 tracker, and Hayya, which allows ticket holders entry into the stadiums and access to free metro and bus transportation services. (The Register)
A December deadline looms for agencies to implement cybersecurity requirements for Internet of Things devices. Under a 2020 law that goes into effect in December, the federal government will leverage its procurement powers to bolster minimum cybersecurity standards for Internet of Things devices. (FCW)
The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy. In today's public service announcement, the federal law enforcement agency said that the fraudsters trick victims (generally someone from within the elderly population) via email or phone calls into giving them access to their computers by impersonating representatives of technical or computer repair services. (Bleeping Computer)