An active extortion scam is targeting website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data.
The attackers (self-dubbed Team Montesano) are sending emails with “Your website, databases and emails has been hacked” subjects. (Bleeping Computer)
A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals. "These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick." (The Hacker News)
With mandated spyware downloads to tens of thousands of surveillance cameras equipped with facial-recognition technology, the World Cup in Qatar next month is looking more like a data security and privacy nightmare than a celebration of the beautiful game. Football fans and others visiting Qatar must download two apps: Ehteraz, a Covid-19 tracker, and Hayya, which allows ticket holders entry into the stadiums and access to free metro and bus transportation services. (The Register)
A December deadline looms for agencies to implement cybersecurity requirements for Internet of Things devices. Under a 2020 law that goes into effect in December, the federal government will leverage its procurement powers to bolster minimum cybersecurity standards for Internet of Things devices. (FCW)
The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy. In today's public service announcement, the federal law enforcement agency said that the fraudsters trick victims (generally someone from within the elderly population) via email or phone calls into giving them access to their computers by impersonating representatives of technical or computer repair services. (Bleeping Computer)