The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21. The agency’s IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before reintroducing PCs into its network. DOT officials told local press [1, 2] that crucial systems were not affected, such as those managing road surveillance cameras, traffic alerts, message boards, and others. The agency’s Twitter feed continued to show traffic alerts after the agency shut down much of its employees’ IT network.
Punjab National Bank is reeling under great stress due to the Rs 11,400 crore banking fraud that happened recently. To add to the problems, a new data breach has been reported by The Asia Times. Allegedly, data of some 10,000 credit and debit card holders has been compromised due to this leak. The report suggests that the data includes names, expiry dates, personal identification numbers and even card verification values of around 10,000 bank account holders. The leaked data had two sets of packages one with CVV numbers and the other without.
Hackers are using malicious emails disguised as important Swift messages to spread the cross-platform remote access trojan (RAT) Adwind. According to Comodo Group’s Threat Research Lab, the spam messages claim to contain important information regarding a “wire bank transfer to your designated bank account” from the Swift network, the global banking industry’s payments messaging system. The phishing email prompts users to review an attached document to check the details and make sure there are no discrepancies regarding the transfer. The seemingly secure document, however, actually contains the Adwind malware that is capable of exfiltrating data from the infected computer, modifying the system registry and more.
A new campaign involving suspected Lebanese hackers has been uncovered, which involves cybercriminals creating fake Facebook profiles and using social engineering to lure potential victims into downloading an Android spyware. According to security researchers at Avast, who uncovered the new attacks, the hackers spread the spyware, dubbed Tempting Cedar, via fake Facebook profiles that engaged with potential victims. The targets were persuaded by the hackers operating the fake profiles to download the spyware, which was disguised as the Kik Messenger app.