ICYMI: MySQL ransom; Font scam; UK strategy; White Hat; Luxb'g DDoS'd

News by SC Staff

In case you missed it: MySQL dBs ransomed; Chome font scam; UK digital strategy; White Hat careers; Luxembourg DDoS'd

Hackers now hit MySQL databases with ransomware

Hundreds of MySQL databases have been subject to ransomware attacks with hackers deleting data and replacing them with a ransom demand for 0.2 bitcoin.

According to a blog post by Ofri Ziv, who leads the Detecion team at Guardicore, the attacks look like an evolution of the MongoDB ransomware attacks first reported earlier this year by Victor Gevers.  He said that hundreds of databases were affected by the attacks, which began on February 12 and lasted 30 hours, and which were all traced back to one IP address,, hosted by worldstream.nl, a Netherlands-based web hosting company. More...

Google Chrome users targeted with 'missing font' malware scam

Security researcher Mahmoud Al-Qudsi spotted a “drive-by-infection” hack on a compromised WordPress website in which the scam was using JavaScript to change how text was displayed on the website, then urging users to download a fix for the problem.

Al-Qudsi said, “This attack gets a lot of things right that many others fail at. The premise is actually believable: the text doesn't render, and it says that is caused by a missing font, which it then prompts you to download and install.”  Screenshots show a warning box designed by the hacker that appears legitimate. To fix the error and display the text, you have to update the ‘Chrome Font Pack'.” More....

UK post-Brexit Digital Strategy criticised by cyber-security industry

The UK government's new Digital Strategy, which ministers say has been developed in consultation with the tech industry to carry Britain through to the other side of Brexit, has been criticised by some within the security industry for a lack of concrete details when it comes to cyber-security.

The concerns expressed by the cyber-security sector echo the concerns of the broader tech industry which has criticised the strategy as a whole in similar terms. The strategy, unveiled by secretary of state for Culture, Media and Sport Karen Brady, sets out seven areas or ‘strands' which the government will focus on as part of its post-Brexit plans. It builds on the government's Industrial Strategy green paper which is currently open for consultation. More....   

Could you hack into a car? If so, a cyber-security career awaits!

This weekend, Protection Group International (PGI) and Cyber Security Challenge UK, pitted 30 cyber-security amateurs against each other in a simulated cyber-attack on an automotive company, in a bid to find the country's best cyber-talent.

In a red teaming exercise, candidates were tasked with infiltrating Internet-connected GPS tracking devices to find critical vulnerabilities that hackers could exploit, and protect the Internet of Things (IoT) device from future attack. The trackers were installed on a range of prestige vehicles offered by the fictional company, dubbed ‘Premiere Vehicles Limited'. More... 

Luxembourg government servers forced offline by DDoS attack

Authorities in Luxembourg have said that government servers had come under a DDoS attack on Monday.

According to reports from the Luxemburger Wort, the attack started at 9.30 am, forcing the web servers of many state authorities offline or difficult to reach. Just over an hour later, the state-owned IT operator "Centre des Techniques de l'information de l'Etat" (CTIE) sent a message via Twitter, to confirm that the network was the victim of a DDoS attack.

Reports by Luxemburg publication Paperjam said that over a hundred servers had been affected by the attack and that the attack impacted servers for more than 24 hours. More....

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews