Google Raises Award Amounts for Chromium Bug Bounty Program

Google Raises Award Amounts for Chromium Bug Bounty Program

Google has raised the award amounts for security researchers who submit eligible vulnerability reports under its Chromium bug bounty program. On 18 July, Natasha Pabrai and Andrew Whalley of the Chrome Security Team announced that the Chromium Vulnerability Reward Program would now reward security researchers as much as $15,000 for ... Read More
Microsoft Observed Nation-State Attacks Targeting 10,000 of Its Customers

Microsoft Observed Nation-State Attacks Targeting 10,000 of Its Customers

Microsoft has notified approximately 10,000 of its customers that they were the targets of nation-state attacks over the past year. On 17 July, Microsoft’s Corporate Vice President of Customer Security & Trust Tom Burt revealed that 84 percent of those attacks had targeted the tech giant’s enterprise customers. The remaining ... Read More

Ransomware Attack Disrupts Some Services at Onondaga County Libraries

A crypto-ransomware attack has disrupted some services at all library locations across Onondaga County in New York State. On 16 July, the Onondaga County Public Library system published a tweet in which it explained that many of its public services were unavailable. 07/16/19 UPDATE: Library services continue to be unavailable ... Read More
Evite Reveals Security Incident Potentially Involving Unauthorized Access

Evite Reveals Security Incident Potentially Involving Unauthorized Access

Social-planning website Evite has revealed a security incident that potentially involved unauthorized access to its systems. Evite first became aware of the security incident back in April 2019. It responded by retaining a data forensics firm to launch a thorough investigation into the event. This effort uncovered malicious activity that ... Read More
Free Decryptor Released for Ims00rry Ransomware

Free Decryptor Released for Ims00rry Ransomware

Security researchers have released a free decryption utility which victims of Ims00rry ransomware can use to recover their files. On 12 July, anti-virus and anti-malware solutions provider Emsisoft made the decryptor available to the public. The firm published a follow-up post about is tool two days later. In its research, ... Read More
Mayors Say They’ll No Longer Pay Ransoms Connected to Security Events

Mayors Say They’ll No Longer Pay Ransoms Connected to Security Events

Mayors in the United States have collectively declared that they’ll no longer meet attackers’ ransom demands in connection to a digital security event. At its 87th annual meeting, the U.S. Conference of Mayors approved a resolution entitled, “Opposing Payment To Ransomeware Attack Perpetrators.” This decree makes clear that the Conference, ... Read More
Magecart Actors Using Spray and Pray Tactics to Find Misconfigured Buckets

Magecart Actors Using Spray and Pray Tactics to Find Misconfigured Buckets

Magecart actors are using spray and pray tactics to discover misconfigured Amazon S3 buckets and deploy their payment card skimmers. In April 2019, RiskIQ began tracking a Magecart group campaign in which threat actors took to automatically scanning for publicly accessible S3 buckets. The digital security company found that the ... Read More
Malvertising Campaign Redirects to RIG Exploit Kit, ERIS Ransomware

Malvertising Campaign Redirects to RIG Exploit Kit, ERIS Ransomware

A malvertising campaign is redirecting users to the RIG exploit kit for the purpose of loading ERIS ransomware onto vulnerable machines. Over the 5-7 July weekend, security researcher nao_sec discovered a malvertising campaign that was abusing the popcash ad network to redirect users to a landing page for the RIG ... Read More
Misconfigured ElasticSearch Cluster Exposed Over 90 Million Records

Misconfigured ElasticSearch Cluster Exposed Over 90 Million Records

A security researcher found a misconfigured ElasticSearch cluster that exposed over 90 million personal and businesses data records. On 1 July, GDI Foundation member and an independent security researcher Sanyam Jain found that the unprotected ElasticSearch server lacked proper configuration in that it sent anyone to the “Create index pattern ... Read More
National Trade Association Discloses Data Breach Tied to Alleged Phishing Attack

National Trade Association Discloses Data Breach Tied to Alleged Phishing Attack

A national trade association has disclosed a data breach that allegedly took place following a successful phishing attack. On 3 July, the American Land Title Association (ALTA) said that the security incident affected title and settlement company usernames and passwords. It also noted that it first learned about the data ... Read More