New Extortion Scam Threatens To Damage Sites’ Reputation, Leak Data

Articles of interest from the week of November 14, 2022

New Extortion Scam Threatens To Damage Sites’ Reputation, Leak Data

An active extortion scam is targeting website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data.

The attackers (self-dubbed Team Montesano) are sending emails with “Your website, databases and emails has been hacked” subjects. (Bleeping Computer)

Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign

A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick." (The Hacker News)

World Cup Apps Pose a Data Security and Privacy Nightmare

With mandated spyware downloads to tens of thousands of surveillance cameras equipped with facial-recognition technology, the World Cup in Qatar next month is looking more like a data security and privacy nightmare than a celebration of the beautiful game. Football fans and others visiting Qatar must download two apps: Ehteraz, a Covid-19 tracker, and Hayya, which allows ticket holders entry into the stadiums and access to free metro and bus transportation services. (The Register)

IoT Cyber Rule Covering Federal Buyers About To Take Effect

A December deadline looms for agencies to implement cybersecurity requirements for Internet of Things devices. Under a 2020 law that goes into effect in December, the federal government will leverage its procurement powers to bolster minimum cybersecurity standards for Internet of Things devices. (FCW)

FBI Warns Scammers Now Impersonate Refund Payment Portals

The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy. In today's public service announcement, the federal law enforcement agency said that the fraudsters trick victims (generally someone from within the elderly population) via email or phone calls into giving them access to their computers by impersonating representatives of technical or computer repair services. (Bleeping Computer)

Share :

Sign Up For Network Security News