Researchers this year discovered a pair of malicious campaigns that attempted to distribute the recently discovered Amavaldo banking trojan to Brazilians and Mexicans, respectively. Amavaldo is one of 10 malware families that researchers at ESET’s lab in Prague are claiming to have discovered since 2017, when they first launched an in-depth investigation into Latin American banking trojans. The trojan, whose name means “Lovable,” is anything but.
Proofpoint’s Threat Insight Team began to track the malware, called SystemBC, on June 4 when it was observed being distributed via Fallout EK. Two days later, the researchers spotted more Fallout activity that resulted in the delivery of both SystemBC and the Danabot banking trojan. The then July, SystemBC was seen being distributed by the Amadey Loader, which in turn, was delivered by RIG.
Honda Motor Company database leaking the data of 134 million rows, roughly 40GB, of employee information. The researcher discovered the database July 4, 2019 and then began trying to contact Honda, which was accomplished early on July 6, 2019. By that evening the database had been secured, according to a July 31 blog post.
Researchers say they discovered a technique for exploiting Visa contactless cards that could allow attackers to bypass certain a pair of anti-fraud “payment checks” that normally require a purchaser’s verification. Positive Technologies researchers Leigh-Anne Galloway and Tim Yunusov successfully tested the exploit on five major banks in the U.K., according to a company blog post this week. The attack works regardless of the terminal used, and is effective outside of the U.S. as well, the researchers note.
Several thousand school children in Alabama had their summer vacation extended by two weeks as the Houston County School District was forced for the second time to delay opening day due to a cyberattack. Houston County Schools Superintendent David Sewell told families the first day of school will now be August 12, instead of the originally scheduled Aug. 1, according to a WTVY report. Initially, Sewell had pushed the start back from August 1 to August 5, but this required an additional adjustment.
By hacking into the aircrafts’ CAN bus system, threat actors can take control of key navigation systems and easily manipulate telemetry data potentially resulting in loss of control of the airplane, according to a July 30 US-CERT advisory.