The Federal Bureau of Investigation has issued a warning to healthcare organizations using File Transfer Protocol ( FTP ) servers . Medical and dental organizations have been advised to ensure FTP servers are configured to require users to be properly authenticated before access to stored data can be gained . Many FTP servers are configured to allow anonymous access using a common username such as ‘ FTP ’ or ‘ anonymous ’ . In some cases , a generic password is required , although security researchers have discovered Vulnerability-related.DiscoverVulnerability that in many cases , FTP servers can be accessed without a password . The FBI warning Vulnerability-related.DiscoverVulnerability cites research conducted by the University of Michigan in 2015 that revealed Vulnerability-related.DiscoverVulnerability more than 1 million FTP servers allowed anonymous access to stored data The FBI warns that hackers are targeting these anonymous FTP servers to gain access Attack.Databreach to the protected health information of patients . PHI carries a high value on the black market as it can be used for identity theft and fraud . Healthcare organizations could also be blackmailed Attack.Ransom if PHI is stolen Attack.Databreach . Last year , the hacker operating under the name TheDarkOverlord conducted a number of attacks Attack.Databreach on healthcare organizations . The protected health information of patients was stolen Attack.Databreach and organizations were threatened with the publication of data if a sizable ransom payment Attack.Ransom was not made . In some cases , patient data were published online when payment was not received Attack.Ransom . There are reasons why IT departments require FTP servers to accept anonymous requests ; however , if that is the case , those servers should not be used to store any protected health information of patients . If PHI must be stored on the servers , they can not be configured to run in anonymous mode . The FBI suggests all healthcare organizations should instruct their IT departments to check the configuration of their FTP servers to ensure they are not running in anonymous mode and to take immediate action to secure those servers and reduce risk if they are .

A series of phishing campaigns Attack.Phishing is targeting airline consumers with messages crafted Attack.Phishing to trick Attack.Phishing victims into handing over personal or business credentials . A wave string of phishing campaigns Attack.Phishing is targeting airline consumers with messages crafted Attack.Phishing to trick Attack.Phishing victims into handing over personal or business credentials . The phishing messages pretend to be sent from Attack.Phishing a travel agency or a someone inside the target firm , they include a weaponized document or embed a malicious link . “ Over the past several weeks , we have seen a combination of attack techniques . One , where an attacker impersonates a travel agency or someone inside a company . Recipients are told an email contains an airline ticket or e-ticket , ” explained Asaf Cidon , vice president , content security services at Barracuda Networks . According to Barracuda Networks , aviation-themed phishing attacks Attack.Phishing contain links to spoofed Attack.Phishing airline sites , threat actors personalize Attack.Phishing the phishing page in a way to trick Attack.Phishing victims into providing business information . The attackers show a deep knowledge of the targets , hackers are targeting logistic , manufacturing and shipping industries . “ It ’ s clear there is some degree of advanced reconnaissance that takes place before targeting individuals within these companies , ” Cidon added . Recently the U.S. Computer Emergency Readiness Team issued an alert of phishing campaigns Attack.Phishing targeting airline consumers . “ US-CERT has received reports of email-based phishing campaigns Attack.Phishing targeting airline consumers . Systems infected through phishing campaigns Attack.Phishing act as an entry point for attackers to gain access Attack.Databreach to sensitive business or personal information. ” reads the US-CERT warning . “ US-CERT encourages users and administrators to review an airline Security Advisory ( link is external ) and US-CERT ’ s Security Tip ST04-014 for more information on phishing attacks Attack.Phishing . ” The US-CERT specifically references the security advisory published by Delta Air Lines that warned its consumers of fraudulent activities . “ Delta has received reports of attempts by parties not affiliated with us to fraudulently gather customer information in a number of ways including : fraudulent emails , social media sites , postcards , Gift Card promotional websites claiming to be Attack.Phishing from Delta Air Lines and letters or prize notifications promising free travel , ” states the Delta Air Lines warning . Barracuda confirmed that these campaigns have a high success rate : “ Our analysis shows that for the airline phishing attack Attack.Phishing , attackers are successful over 90 percent of the time in getting employees to open airline impersonation emails , ” concluded Cidon . “ This is one of the highest success rates for phishing attacks Attack.Phishing . ”

On January 20 , an email from Lynn Jurich , CEO of San Francisco-based solar firm Sunrun , popped up in a payroll department employee 's inbox . The CEO was requesting copies of all employee W-2 forms , which were about to be sent out in preparation for tax season . The employee responded quickly as requested , not realizing the W-2 forms — containing the addresses , social security numbers , and salary information for Sunrun 's nearly 4,000 employees — were actually being delivered Attack.Databreach to a scam artist . Tax season is always a busy time for scammers seeking to gain access Attack.Databreach to sensitive information , but this year attacks are coming earlier and in greater numbers than usual . The uptick has caused the IRS to release an urgent alert warning employers to be on the lookout for what they 're refering to as `` one of the most dangerous email phishing scams Attack.Phishing we ’ ve seen in a long time . '' By using email spoofing techniques , criminals are able to draft Attack.Phishing emails that look as though they are coming directly from Attack.Phishing a high-level executive at your organization . They send Attack.Phishing the message to an employee in the payroll department or HR and include a request for a list of the organization 's employees along with their W-2 forms . Their initial goal is to use the W-2 information to file fraudulent tax returns and claim refunds . But not all criminals are stopping there . Once they 've found a responsive victim , a portion are also following up with additional email requesting a wire transfer be made to an account they provide . Also referred to as business email compromise (BEC) Attack.Phishing , these attacks Attack.Phishing have claimed more than 15,000 victims and cost organizations more than $ 1 billion over the past three years . More than 100 organizations have already fallen victim to W-2 phishing scams Attack.Phishing in 2017

Hacker group “ Charming Kitten ” used false identities to ferret out information , says Israel-based cybersecurity firm ClearSky An Iranian cyber espionage group known as Charming Kitten is believed to be behind a campaign targeting academic researchers , human rights activists , media outlets and political advisors focusing on Iran , according to a report published earlier this week by Israel-based threat intelligence company ClearSky Cyber Security . The group has also set up Attack.Phishing a news outlet called The British News Agency to lure Attack.Phishing targets in . Most of the group 's targets are in Iran , the U.S. , Israel and the U.K. , the report said , but some come from countries including France , Germany , Switzerland , Denmark , India , Turkey and the United Arab Emirates . The report detailed the various methods used to gain access Attack.Databreach to computers and private social accounts . Those include false identities , the impersonation Attack.Phishing of real companies , the insertion of malicious code into a breached website , also known as `` watering hole attacks , '' and spear phishing Attack.Phishing , the process of pretending to be Attack.Phishing service providers like Gmail or Facebook to trick Attack.Phishing people into giving out personal information . A significant mainstay of the group 's activity was the establishment of a media outlet called The British News Agency . Much effort went into creating Attack.Phishing a seemingly legitimate website , including details about the agency and a contact list of the management team . The purpose of the site was to attract Attack.Phishing the targets and infect them with malware . According to the report , multiple Israeli researchers of Iran and the Middle East were sent Attack.Phishing emails and Twitter direct messages from accounts registered with seemingly Jewish Israeli names . Messages coming from Attack.Phishing one such account were presented as if coming from Attack.Phishing a journalist and political researcher at KNBC News . Other messages were presented as if coming from Attack.Phishing an Israeli political researcher raised in California who needed help with an article and also wanted to apply for a position at an Israeli university . Another message was described as coming from Attack.Phishing a Jewish girl living in Iran . These messages often linked to phishing pages . ClearSky can not estimate how many accounts were successfully infiltrated , but the success rate for such attacks is usually around 10 % , said Mr. Dolev .

If you sell items online , beware scammers who are hacking into websites and taking over real users ' accounts . Casundra Venable told FOX59 she has sold on eBay for five years with no problems , but recently she fell victim to a scam . Venable was selling a Samsung phone with accessories on the website . Her sale closed , she received a $ 227 payment , and then a message that she thought was from the buyer . `` Thanks so much for ( an ) interesting auction . It was hard to choose the present for my friend . I think my friend will love this , '' Venable said , reading the message . The writer sent her supposed friend 's address , and Venable sent the package to that address . A few days later , she received a message from eBay saying the buyer had not received the package . It was then that she realized the message had been a fake . `` I thought , you know , 'How stupid ( was I ) for doing it ? '' Venable said . Venable said she was on the lookout for scams , but only those that come from people outside the eBay website . She assumed that because the message came through a real account , it was legitimate . It turns out , the scammer hacked into a real user 's account and used it to find a closing sale , then pretended to be Attack.Phishing the buyer . `` If they ask you to send it somewhere besides their registered address , say no , '' Venable said . FOX59 spoke with the Better Business Bureau 's Tim Maniscalo , who said that while he had not heard of this specific type of eBay scam , it did n't surprise him . `` Well over 50 percent of the scams ( we see ) now are perpetrated in some way , shape , or form through the internet , '' Maniscalo said . Venable tried to get her package back , but she could not get it from the warehouse in Brooklyn , New York where it ended up . `` ( A man on the phone ) said it ’ s off to the country of Georgia , '' Venable said . An eBay spokesperson confirmed this scam to FOX59 , saying a hacker was involved . The company also sent an alert to Venable , but it was too late . The spokesperson sent this statement : `` This incident was a scam and was the result of an unauthorized takeover of another user ’ s account . Unfortunately , scam artists will gain access Attack.Databreach to eBay member accounts through phishing emails in order to defraud other members . Criminals often exploit well-known , trusted brand names like eBay to attract Attack.Phishing consumers and then lure Attack.Phishing them into fraudulent transactions . We always encourage all our shoppers to be cautious and vigilant when executing a transaction on eBay . Members can prevent account takeovers from occurring by having frequent virus and spyware scans done on their account , regularly updating their passwords , and confirming a message was sent by eBay by checking their “ My Messages ” within their eBay account . ''

BT MAIL users should be on alert as a new email scam Attack.Phishing is discovered which could be used to gain access Attack.Databreach to personal details . Users of BT ’ s popular email service should be aware of a new scam which is targeting customers across the UK . The latest threat , which was unleashed over the weekend , suggests that customers ’ bills are overdue and need to be paid as soon as possible . The full message reads , “ Your latest bill is now overdue . You can view it online at My BT or on the app . To log in , you 'll need your BT ID . This is usually your email address . “ You need to pay it as soon as possible to avoid service intreruption ! ” This scam then attempts to trick Attack.Phishing users by suggesting they should click a link to pay their outstanding bill . There ’ s plenty of warning signs about this message including obvious spelling errors and the fact there ’ s no official BT branding on the email . Another reason why this is clearly a fake is that it 's been sent Attack.Phishing to people who do n't even use BT as their email provider . One person hit by the scam told Express.co.uk that they received Attack.Phishing the email on Sunday and have never had a BT broadband or BT email account . UK Police have also sent out an alert warning BT customers about this latest scam Attack.Phishing and advising them not to be cautious when clicking in links embedded within emails . In a tweet Warwickshire Police said they had “ received an email from BT re an outstanding bill today - there are links on it to pay the bill . `` This is an obvious scam , '' the message on Twitter continued . `` Please if you receive a similar one DO NOT CLICK ON THE LINKS - BT have been made aware . '' Express.co.uk has contacted BT for comment on this latest scam . BT has plenty of advice on its website about staying safe online . The broadband supplier states that internet scams can take many forms , from ' phishing Attack.Phishing ' , where a fake email or web site will try to get you to part with your bank account information , to scams pretending to be Attack.Phishing from online auction , job or other websites that try to collect your personal data . Not sure if an email you 've received is genuine ? Do n't click on it , and never give out your account or bank details . Stay safe by being aware of `` phishing Attack.Phishing `` and other scams that might find their way into your inbox .

About 33 million records belonging to Dun & Bradstreet have been leaked Attack.Databreach , placing a large portion of the US corporate population at risk . According to independent researcher Troy Hunt , the database is about 52 gigabytes in size and contains just under 33.7 million unique email addresses and other contact information from employees of thousands of large enterprises and government entities . While details are unfolding , the leak Attack.Databreach is thought to be from a database D & B acquired from NetProspex in 2015 . The file is a “ list rental ” file that D & B offers marketers for use for their own email campaigns . It ’ s believed that one of these marketing firms is the source of the leak Attack.Databreach itself having been compromised Attack.Databreach in some way . `` We 've carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day , ” D & B said in a media statement . “ Dun & Bradstreet maintains that neither they or NetProspex suffered a breach Attack.Databreach or caused the leak Attack.Databreach , ” said Stephen Boyer , co-founder and CTO of third-party risk management and security ratings firm BitSight . “ If true and the leak Attack.Databreach stemmed from one of their customers , which represents a new dimension of third-party risk . While customers do n't have ongoing relationships in the way that vendors and suppliers do , they still can pose risk when licensing and buying data in bulk. ” As originally reported by ZDNet , Hunt said in a blog post that he was able to determine that the most records in the database come from the US Department of Defense , with other government and large enterprises following . The worrisome part is the deep bench of information that the records contain . For Wells Fargo , for example , the information is for the C-suite and 45 vice presidents , senior vice presidents , assistant vice presidents and executive vice presidents , all with names and email addresses alongside job titles . `` The market for stolen personal identifiable information continues to be lucrative for attackers to steal and sell Attack.Databreach data , ” said Lee Weiner , chief product officer at Rapid7 , via email . “ Individuals affected by this breach Attack.Databreach should continue to be vigilant for piggy-back attacks that can ensue from attackers using this information to engage in phishing tactics with this information to steal Attack.Databreach passwords and gain access Attack.Databreach to accounts . '' Those follow-on threats can include business email compromise ( BEC ) . “ This leak Attack.Databreach allows cyber-criminals to carry out whaling attacks Attack.Phishing for large enterprises , ” said Boyer . “ Some organizations have over 100,000 employee records compromised Attack.Databreach in this breach Attack.Databreach and may witness an uptake in targeted phishing attacks Attack.Phishing and fraud schemes. ” Hunt noted that the leak is an example of an endemic problem in data management and society . “ We 've lost control of our personal data and…we often do not have any way of feeding back to companies what data we ’ d rather not share , ” he noted . “ Particularly when D & B believe they 're operating legally by selling this information , what chance do we have—either as individuals or corporations—of regaining control of data like this ? Next to zero and about the only thing you can do right now is assess whether you 've been exposed . ”

“ Over the past several weeks , we have seen a combination of attack techniques . One , where an attacker impersonates a travel agency or someone inside a company . Recipients are told an email contains an airline ticket or e-ticket , ” said Asaf Cidon , vice president , content security services at Barracuda Networks . Attachments , he said , are documents rigged with malware or are designed to download it from a command and control server . Cidon said other aviation-themed phishing attacks Attack.Phishing contain links to spoofed Attack.Phishing airline sites . In these types of attacks , adversaries go to great lengths to spoof Attack.Phishing the airline ’ s site . “ It ’ s clear there is some degree of advanced reconnaissance that takes place before targeting individuals within these companies , ” Cidon said . Recent phishing campaigns Attack.Phishing , he said , are targeting logistic , shipping and manufacturing industries . Barracuda ’ s warning comes a week after the U.S. Computer Emergency Readiness Team issued an alert of similar attacks targeting airline consumers . It warned email-based phishing campaigns Attack.Phishing were attempting to obtain credentials as well . “ Systems infected through phishing campaigns act as an entry point for attackers to gain access Attack.Databreach to sensitive business or personal information , ” according to the US-CERT warning . Delta said some victims were sent Attack.Phishing emails that claimed to contain invoices or receipts inside attached documents . When asked about the warning , Delta declined to comment . More troubling to Barracuda researchers was the success rate adversaries are having with phishing campaigns Attack.Phishing it is tracking Attack.Phishing . “ Our analysis shows that for the airline phishing attack Attack.Phishing , attackers are successful over 90 percent of the time in getting employees to open airline impersonation emails , ” Cidon wrote in a research note posted Thursday . “ This is one of the highest success rates for phishing attacks Attack.Phishing ” . In June , Microsoft Malware Protection Center reported a resurgence in the use of Office document macro attacks . Researchers say crooks attempting to install malware and perpetrate credential-harvesting attacks Attack.Databreach are more likely to use social engineering to trick Attack.Phishing people into installing malware than to exploit vulnerabilities with tools such as exploit kits .

Northrop Grumman has admitted one of its internal portals was broken into , exposing Attack.Databreach employees ' sensitive tax records to miscreants . In a letter [ PDF ] to workers and the California Attorney General 's office , the aerospace contractor said that between April 18 , 2016 and March 29 , 2017 , crooks infiltrated the website , allowing them to access Attack.Databreach staffers ' W-2 paperwork for the 2016 tax year . These W-2 forms can be used by identity thieves to claim tax rebates owed to employees , allowing the crims to pocket victims ' money . The corp sent out its warning letters on April 18 , the last day to file 2016 tax returns . `` The personal information that may have been accessed Attack.Databreach includes your name , address , work email address , work phone number , Social Security number , employer identification number , and wage and tax information , as well as any personal phone number , personal email address , or answers to customized security questions that you may have entered on the W-2 online portal , '' the contractor told its employees . The Stealth Bomber maker says it will provide all of the exposed workers with three years of free identity-theft monitoring services . Northrop Grumman has also disabled access to the W-2 portal through any method other than its internal single sign-on tool . The aerospace giant said it farmed out its tax portal to Equifax Workforce Solutions , which was working with the defense giant to get to the bottom of the intrusion . `` Promptly after confirming the incident , we worked with Equifax to determine the details of the issue , '' Northrop told its teams . `` Northrop Grumman and Equifax are coordinating with law enforcement authorities to assist them in their investigation of recent incidents Attack.Databreach involving unauthorized actors gaining access Attack.Databreach to individuals ’ personal information through the W-2 online portal . '' According to Equifax , the portal was accessed Attack.Databreach not by hackers but by someone using stolen login details . `` We are investigating alleged unauthorized access Attack.Databreach to our online portal where a person or persons using stolen credentials accessed Attack.Databreach W-2 information of a limited number of individuals , '' an Equifax spokesperson told El Reg on Monday . `` Based on the investigation to date , Equifax has no reason to believe that its systems were compromised Attack.Databreach or that it was the source of the information used to gain access Attack.Databreach to the online portal . ''

Vanilla Forums open source software suffers Vulnerability-related.DiscoverVulnerability from vulnerabilities that could let an attacker gain access to user accounts , carry out web-cache poisoning attacks , and in some instances , execute arbitrary code . Popular open source forum software suffers Vulnerability-related.DiscoverVulnerability from vulnerabilities that could let an attacker gain access to user accounts , carry out web-cache poisoning attacks , and in some instances , execute arbitrary code . Legal Hackers ‘ Dawid Golunski found Vulnerability-related.DiscoverVulnerability the vulnerabilities , a host header injection and an unauthorized remote code execution vulnerability–in software which is developed by Vanilla Forums . Golunski reported Vulnerability-related.DiscoverVulnerability the issues to Vanilla Forums in January and while a support team acknowledged his reports Vulnerability-related.DiscoverVulnerability , he ’ s experienced five months of silence from the company since , something that prompted him to finally disclose Vulnerability-related.DiscoverVulnerability the vulnerabilities Thursday via his ExploitBox.io service . The researcher confirmed Vulnerability-related.DiscoverVulnerability the vulnerabilities exist in Vulnerability-related.DiscoverVulnerability the most recent , stable version ( 2.3 ) of Vanilla Forums . He presumes Vulnerability-related.DiscoverVulnerability older versions of the forum software are also vulnerable Vulnerability-related.DiscoverVulnerability . When reached Thursday , Lincoln Russell , a senior developer at Vanilla Forums stressed the vulnerabilities , which are in the middle of being fixed Vulnerability-related.PatchVulnerability , only affect Vulnerability-related.DiscoverVulnerability the company ’ s free and open source product . Golunski says Vulnerability-related.DiscoverVulnerability the most concerning vulnerability , the RCE ( CVE-2016-10033 ) stems from a PHPMailer vulnerability he disclosed Vulnerability-related.DiscoverVulnerability last December . An attacker could remotely exploit Vulnerability-related.DiscoverVulnerability the same vulnerability in Vanilla Forums by sending a web request in which a payload is passed within the HOST header . Until a fix is pushed Vulnerability-related.PatchVulnerability Golunski is encouraging users to preset the sender ’ s support email address to a static value to prevent the dynamic creation of an email address , or the use of the HOST header , as a temporary mitigation . Golunski says Vulnerability-related.DiscoverVulnerability the second issue , the host header injection vulnerability ( CVE-2016-10073 ) also affects Vulnerability-related.DiscoverVulnerability version 2.3 of the software . The issue stems from the fact that the forum software uses user-supplied HTTP HOST header when sending emails from the host on which the forum was installed . That means an attacker could use HTTP HOST header to set the email domain to an arbitrary host . It would require user interaction but if exploited Vulnerability-related.DiscoverVulnerability , it ’ s possible the bug could help an attacker intercept Attack.Databreach a password reset hash and gain access Attack.Databreach to a victim ’ s account . An attacker would have send Attack.Phishing the victim an email tricking Attack.Phishing them into clicking through a password reset link , he says . “ The resulting email will have the sender ’ s address set to noreply @ attackers_server . The password reset link will also contain the attacker ’ s server which could allow the attacker to intercept the hash if the victim user clicked on the malicious link , ” Golunski wrote Thursday . It ’ s possible the vulnerability could also lead to web-cache poisoning if the HOST header is used to form links in web responses Golunski says Vulnerability-related.DiscoverVulnerability . According to Russell , when Vanilla Forums responded to Golunski in January it told him the issue would take some time to fix Vulnerability-related.PatchVulnerability due to the “ complexity of unwinding the use of this server variable without breaking the myriad scenarios it can be used for in open source environments. ” Golunski hinted Vulnerability-related.DiscoverVulnerability at the vulnerabilities in Vanilla Forums back in December but didn ’ t name the software . When he disclosed Vulnerability-related.DiscoverVulnerability the initial PHPMailer bug the researcher mentioned that he had developed an unauthenticated RCE exploit for “ a popular open-source application ( deployed on the Internet on more than a million servers ) as a PoC for real-world exploitation. ” Both the Vanilla Forums vulnerabilities and a similar RCE vulnerability in WordPress 4.6 Golunski disclosed Vulnerability-related.DiscoverVulnerability last week both relate to PHPMailer and PHP mail ( ) function injection . “ The exploits and techniques prove that these type of vulnerabilities could be exploited Vulnerability-related.DiscoverVulnerability by unauthenticated attackers via server headers such as HOST header that may be used internally by a vulnerable application to dynamically create a sender address , ” Golunski told Threatpost Thursday , “ This adds to the originally presented attack surface of contact forms that take user input including From/Sender address . ”

A breach of the Clash of Clans creator has exposed credentials for forum users . Supercell , the force behind that popular mobile game and others , said Vulnerability-related.DiscoverVulnerability that a vulnerability in the software it uses to run its forums allowed third-party hackers to gain illegal access to some forum user information , including a number of emails and encrypted passwords . To provide its forum service , it uses software from vbulletin.com . The company said that its preliminary investigation suggests that the breach happened in September 2016—and that it has since been fixed . “ We take any such breaches very seriously and we follow very strict policies when it comes to security , ” Supercell said in a statement . “ Please note that this breach only affects our Forum service . Game accounts have not been affected. ” Avast Threat Labs senior malware analyst Jan Sirmer commented via email on the danger of attacks like these . “ The forum administrators in this case do bear some responsibility—the vBulletin software being used to host the Supercell forum was out-of-date , and it ’ s up to the administrators to keep software like that up-to-date , ” he said . “ Online gamers are vulnerable to these kind of hacks because they provide their data to third parties—but the same is true for everyone who uses any online service. ” Users should change the password they ’ re using on the forum as soon as possible , along with the password in any other systems they ’ re using with the same login . “ The information the hackers obtained Attack.Databreach can either be used by the hackers themselves or sold on the darknet for other hackers to abuse , ” Sirmir said . “ As many people use the same login credentials to log in to online services , hackers try to use login credentials they get to gain access Attack.Databreach into other accounts . ”

It is particularly worrying for banks that the disruption lasted three days . Lloyds revealed little at the time , despite a flood of Twitter complaints . But it has emerged that the National Cyber Security Centre is working with the bank on the attack . Despite speculation that a number of banks may have been targeted , it appears that the internet gang concentrated its fire on Lloyds . In the past , denial of service attacks have been perpetrated by customers with a grudge or by blackmailers , but there is no indication from Lloyds that a ransom demand Attack.Ransom was received . At the time , the bank was adamant that the `` vast majority '' of users were able to gain access Attack.Databreach to their accounts and move money around as normal . It 's likely that systems engineers blocked all internet traffic from overseas locations where the attacks seemed to be coming from , halting the disruption at least temporarily before the attackers switched their activity elsewhere . In contrast to the hacking of Tesco Bank in November , in which £2.5m was taken , there is no indication that criminals got their hands on cash in Lloyds bank accounts . However , the new National Cyber Security Centre , part of GCHQ and the UK 's authority on cyber-security , is understood to be working with Lloyds on security after the attack . Lloyds Banking Group issued the following statement : `` We experienced intermittent service issues with internet banking between Wednesday morning and Friday afternoon the week before last and are sorry for any inconvenience caused . `` We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems . We will not speculate on the cause of these intermittent issues .

According to Darin Stanchfield , KeepKey founder and CEO , the attack took place on Christmas Day , December 25 , when an unknown attacker had activated a new phone number with Stanchfield 's Verizon account . This allowed the attacker to request a password reset for his Verizon email account , but receive the password reset details on the newly activated phone number . A few minutes later , the attacker had taken over Stanchfield 's email account and proceeded to request password resets for several services where the KeepKey founder had used that email address to register profiles . In no time , the attacker had taken over several of Stanchfield 's accounts on other sites , such as KeepKey 's official Twitter account , and several of KeepKey 's side services , such as accounts for sales distribution channels and email marketing software . In less than an hour after the attack started , the KeepKey CEO had discovered what happened and started working with his staff to regain access to the hijacked accounts , while also blocking the intruder from reaching other KeepKey services . The attacker also contacted the KeepKey staff , offering to provide details about how he hacked Attack.Databreach the Verizon email account and what he stole Attack.Databreach . The attacker had also promised to return the stolen data and keep quiet about the hack Attack.Databreach if KeepKey would agree to pay Attack.Ransom him 30 Bitcoin ( ~ $ 30,000 ) . Instead of paying the ransom demand Attack.Ransom , the KeepKey team managed to stall the attacker for two more hours , during which time they regained access to all but one account , the company 's Twitter profile . Since the night of the hack , the company has filed a complaint with the FBI and is now offering the 30 Bitcoin ransom Attack.Ransom as a reward for any clues that lead to the attacker 's arrest . KeepKey was adamant about the attacker not being able to access any of its customers ' Bitcoin access keys stored on its devices . KeepKey is known in the Bitcoin market for manufacturing hardware devices that allow users to store the access keys used to authenticate on Bitcoin wallets . The device , which is a modified USB storage unit , works offline and the keys on it can be accessed only with physical access to the device . In the Christmas security breach , the attacker would have only managed to steal Attack.Databreach home addresses , emails , and phone numbers from users that have bought KeepKey devices in the past , and not the content of those devices . It is unknown at the time of writing if the attacker used the access over these accounts to steal Attack.Databreach any KeepKey customer data . Nevertheless , as a precautionary measure , the company is offering a 30-day refund policy to all customers that had their details stored in the sales distribution channels and email marketing software accounts that the attacker managed to gain access Attack.Databreach to . At the start of December , someone had taken over the mobile number of Bo Shen , the founder of Bitcoin venture capital firm Fenbushi Capital , and had stolen at least $ 300,000 worth of Augur and Ether cryptocurrency . Two weeks later , the same hacker took over a mobile number for one of the Ethereum Project 's admins and used it to reset the passwords for various accounts , eventually downloading a copy Attack.Databreach of Ethereum forum database backup , dated to April 2016 . At the time of writing , there are no clues that link the first two attacks with the security breach at KeepKey , despite the similar hacking methods

Hummingbad has been replaced as the top mobile malware threat . It has been usurped by Triada , a modular backdoor for Android . According to Check Point Security , Triada grants super-user privileges to downloaded malware , helping it to be embedded into system processes . It has also been seen spoofing URLs loaded in the browser . And in January , based on data from the World Cyber Threat Map , Triada edged past Hummingbad , ending that baddie ’ s year-long reign . Hummingbad is an Android malware that establishes a persistent rootkit on the device , installs fraudulent applications , and with slight modifications , could enable additional malicious activity such as installing a key-logger , stealing Attack.Databreach credentials and bypassing encrypted email containers used by enterprises . It ’ s still in second place in terms of prevalence . Over the summer , Check Point said that it was found to control 85 million devices globally , generating an estimated $ 300,000 per month in fraudulent ad revenue for the criminals behind it , i.e. , Yingmob , a group of Chinese cyber-criminals . Yingmob also happens to operate a legitimate ad network . The No 3 mobile malware threat is Hiddad—an Android malware which repackages legitimate apps and then releases them to a third-party store . Its main function is displaying ads ; however , it is also able to gain access Attack.Databreach to key security details built into the OS , allowing an attacker to obtain Attack.Databreach sensitive user data . In total , mobile malware accounted for 9 % of all recognized malware attacks by Check Point . On the non-mobile front , the Index ranked Kelihos , a botnet used in bitcoin theft and spamming , as the most prevalent malware family overall , with 5 % of organizations globally is impacted by it . It utilizes peer-to-peer communications , enabling each individual node to act as a Command & Control server . It ’ s followed by HackerDefender and Cryptowall in second and third place respectively , with both impacting 4.5 % of companies . Overall , the top 3 malware families revealed that hackers were using a wide range of attack vectors and tactics to target businesses . These threats impact all steps of the infection chain , including spam emails which are spread by botnets , and contain downloaders that place ransomware or a Trojan on the victim ’ s machine .

Last spring , hackers got into Attack.Databreach the system at the ministry , which was then headed by now-Prime Minister Paolo Gentiloni , and the attacks Attack.Databreach carried on for more than four months but did not gain access Attack.Databreach to classified information , the paper said . “ The Italian government had already informed ( the paper ) of what it is reporting today , ” the source said in response to the article , noting that security had since been stepped up . “ These were not attacks on the encrypted computer system which carries the most important and sensitive information , but the email system for staff at the foreign ministry and embassies , ” the source said . Gentiloni , who took over as premier in December , was not affected by the attack , the Guardian quoted a government official as saying . He avoided using email when he was serving as foreign minister , the paper said . According to the Guardian , two people with knowledge of the attack said the Russian state was believed to have been behind it . The source close to the ministry could not confirm this . Cyber crime has come into sharp focus since United States intelligence agencies accused Russia of interfering in last year ’ s U.S. election . The Russian foreign ministry did not immediately respond to a request for comment on Friday ’ s report . The Kremlin has described allegations of Russian interference in the U.S. election as “ fabricated ” and “ a witch hunt ” . An Italian government source told Reuters this year that the foreign ministry had been hacked Attack.Databreach in the past and that Rome suspected the perpetrators were Russian , but that it is impossible to say with certainty where such attacks came from . Last month , an Italian brother and sister were arrested on suspicion of hacking Attack.Databreach into the emails of European Central Bank President Mario Draghi and thousands of others . The police chief who conducted the investigation said there was no evidence they had acted on behalf of foreign states