ICYMI: Spam leak; password loss; Privacy Shield; hospital hit; app in iframe

News by SC Staff

In Case You Missed It: Spammer breached; Yahoo/gmail passwords; Privacy Shield concern; malware shuts hospital; 132 apps in iframe malware.

Major spam operation suffers data leak containing 1.4 billion records

A spamming group called River City Media (RCM), led by well known spammers Alvin Slocombe and Matt Ferris, has had its database of 1.4 billion records leaked.

Revealed by MacKeeper Security Researcher, Chris Vickery in cooperation with CSO Online and Spamhaus, the researchers“stumbled upon a suspicious, yet publicly exposed, collection of files. Someone had forgotten to put a password on this repository and, as a result, one of the biggest spam empires is now falling.”

The files leaked contain 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. RCM is believed to have amassed the information through “offers such as credit checks, education opportunities, and sweepstakes.” More...

One million Yahoo and Gmail account passwords for sale on the dark web

More than one million Yahoo and Gmail accounts – including usernames, email addresses and plain text passwords – are reportedly for sale on the dark web. According to the dark web vendor SunTzu583, who posted the sale offer, he has 100,000 Yahoo accounts from the 2012 Last.fm data breach and 145,000 Yahoo accounts from the 2013 Adobe breach and 2008 MySpace hack. The accounts are on sale for between 0.0079 bitcoins and 0.0102 bitcoins each.

SunTzu583 also claims to have 500,000 Gmail accounts that came from the 2008 MySpace hack, the 2013 Tumblr breach and the 2014 Bitcoin Security Forum breach – for a price of 0.0219 bitcoins per account, more than twice the going rate for a Yahoo account. Another 450,000 Gmail accounts were also listed on sale for 0.0199 bitcoins from other data breaches that took place from 2010 to 2016. More...

EU commissioner will 'suspend' Privacy Shield if Trump puts in jeopardy

A senior EU commissioner has said she would suspend the EU Privacy Shield agreement if the current US administration doesn't play ball. Vera Jourova, the European Union's Commissioner for justice, consumers and gender Equality told Bloomberg that, “I will not hesitate to do it. There's too much at stake.”

Jourova is expected to meet with the US president at the end of March; she told Bloomberg, she will want “reconfirmation and reassurances” on the integrity of the Atlantic privacy pact. Privacy Shield is the current data protection regime in the Atlantic Area. More.....

New malware attack shutters London hospital

A previously unseen malware is being blamed for an attack on a London hospital that forced the facility to shut down a segment of its systems for a few days as a precautionary measure. Barts Health NHS Trust, a conglomerate of five hospitals in London employing a staff of 15,000, was hit in January by the malware attack, which managed to circumvent the facility's anti-virus software, according to a report on ZDNet.

Although administrators at Barts Health said patient data was not accessed, the facility's pathology system was offline for a few days. More... 

Researchers find 132 apps on Play Store infected with iFrame malware

Researchers from Palo Alto Networks have discovered 132 Android apps on the Google Play store which were infected with “tiny hidden iFrames that link to malicious domains in their local HTML pages”.  The most popular one had more than 10,000 installs alone; the investigation indicates that the developers of these infected apps are not to blame, but are more likely victims themselves.

Xiao Zhang, Wenjun Hu and Shawn Jin said: “We believe it is most likely that the app developers' development platforms were infected with malware that searches for HTML pages and injects malicious content at the end of the HTML pages it finds.”More...

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews