Hackers are targeting the growing population of third-party sellers on Amazon, using stolen credentials to “post fake deals and steal cash.” Hackers have gone into active seller accounts and changed the bank-deposit information to steal tens of thousands of dollars from each. They have also posted fake listings at high prices with big discounts in order to pocket the cash. The fraud was made possible largely due to email and password credentials that were stolen from previously hacked accounts and were then sold on the dark web. Read more.
Hackers reportedly turned on 156 of Dallas’ emergency alarm systems at once on Friday, despite the fact that there was no sign of any natural emergency. The mayor of Dallas noted that “this is another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure,” and highlights how critical infrastructure systems are vulnerable to attack. Read more.
“Booby-trapped documents exploiting a critical zero-day vulnerability in Microsoft Word have been sent to millions of people around the world in a blitz aimed at installing Dridex, currently one of the most dangerous bank fraud threats on the Internet,” reports Ars Technica. Read more.
Federal prosecutors say they’ve dealt a fatal blow to Kelihos, a network of more than 10,000 infected computers that was used to deliver spam, steal login passwords and deliver ransomware and other types of malware since 2010. Reuters reported that the takedown was announced on Monday, one day after authorities in Spain reportedly arrested alleged Kelihos operator Pyotr Levashov. Read more.
According to ZDNet, several popular travel routers are at risk of a number of vulnerabilities including easily exploitable flaws. One of the routers studied could be tricked into turning over its plaintext admin credentials and wireless network address, which run as root, with a text message containing a simple line of code. Read more.