Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast Blog_Security News: LinkedIn attachments carrying malware sent by espionage gro
#1
Information 
Quote:
[Image: TVDumYE.png]

Plus Equifax pays out up to $700 million in data breach damages, teen hackers are given a second chance, and a WordPress plugin flaw lets in malvertising.

An espionage ring is targeting key infrastructure and government services with malware-infected files sent as LinkedIn message attachments, SC Magazine reported. The fraudulent LinkedIn messages from the group APT34 supposedly come from a member of Cambridge University offering business opportunities. The targeted victim is told the attachment is an application form to fill out and send back. Once the target opens it, though, a new strain of malware called TONEDEAF downloads onto the victim’s system and creates a “backdoor” – a secret portal into the system for the hacker to use remotely.

Researchers have identified two other new families of malware used in the campaign: VALUEVAULT, a tool used to steal login credentials, and LONGWATCH, a keylogger that records and keeps everything the user types. APT34 has been an active cyber espionage group since 2014 and has historically used phishing campaigns centered on academic or professional career themes. “LinkedIn is the perfect place to find targets in the professional world,” commented Avast Security Evangelist Luis Corrons. “Malware is not that common there, so victims have more confidence in the content they receive on the platform. At the same time, all the victims’ professional information is right there, which makes it easier for cybercriminals to target a specific company or industry.”

This week’s stat

Can a browser help your computer’s battery stay charged? Yes. The new release of Avast Secure Browser prolongs your laptop battery life by up to 20% by suspending inactive browser tabs.

FTC orders Equifax to compensate breach victims

Equifax will pay up to $700 million in restitution and fines for the 2017 data breach that affected approximately 147 million consumers, the U.S. Federal Trade Commission (FTC) announced in a recent press release. The global settlement had been reached amongst the Commission, the Consumer Financial Protection Bureau (CFPB), the U.S. states and territories, and credit reporting agency Equifax. The settlement resolves a complaint filed by the FTC that Equifax failed to properly secure the personal information of its customers, which led to the massive breach. Millions of names, birthdates, Social Security numbers, addresses, and other personal information that could be subjugated for identity theft were vulnerable in the breach.

As part of the settlement, Equifax will pay $300 million to a fund that will compensate victims and pay for credit protection. The settlement stipulates that if $300 million is not enough to compensate all the victims who step forward, Equifax will pay up to an additional $125 million to cover the remainder. On top of those payments, Equifax will also pay $175 million in restitution to U.S. states and territories, as well as $100 million in penalties to the CFPB. “While it might look like a huge amount of money, the truth is that it could have been worse,” Avast’s Corrons observed. “Especially considering the negligence of Equifax and the way some of their officials behaved when they learned about the data breach. Patching systems is critical, and this is a great example of what can happen if companies do not take it seriously.” In addition to the financial penalties, the settlement also requires Equifax to re-tool its security practices per the specific direction of the FTC and CFPB.
Continue Reading
[-] The following 2 users say Thank You to harlan4096 for this post:
  • ismail, jasonX
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>