Pilots for both American and Southwest Airlines have started being notified of a data breach that occurred in early May at a third-party vendor, Pilot Credentials. The breach itself occurred at the end of April and could impact personally identifiable information (PII) on almost 9,000 current and former pilots for both airlines. Officials for these airlines have confirmed that none of their internal systems were compromised during this incident and they are moving away from third-party portals in favor of pilots and applicants using the airline’s portals instead.
Super Mario Bros installer carries trojan payload
Researchers have been tracking a malware campaign that is utilizing a legitimate Super Mario Bros game installer to drop malicious payloads of Umbral Stealer and cryptocurrency miners. The attack begins with users downloading and executing a legitimate game installer, which silently launches an XMR crypto miner before launching the Umbral Stealer info-stealing malware, which gathers all user data from the infected device.
Data from 67 organizations published to 8Base ransomware leak site
Over the past year, the 8Base ransomware group have made a prominent name for itself by targeting and successfully exfiltrating data on 67 unique organizations from across the globe. While 8Base seems to share a lot of similarities with RansomHouse ransomware group, they both use a variety of ransomware variants to carry out their attacks but use ransom notes that are almost identical. 8Base is not known for producing their own ransomware variants, but instead using ransomware-as-a-service variants that are available from a wide range of dark web marketplaces and employ slightly different tactics.
Anatsa Android banking trojan claims international victims
Researchers have discovered a new campaign from the notorious Android banking trojan, Anatsa, that has affected over 30,000 victims around the world. The previous campaign from Anatsa netted over 300,000 installations, by impersonating a variety of fitness and productivity apps to increase the likeliness of being downloaded. After installing an inert app, the user is met with an external request to connect with a GitHub repository, and subsequently pulls down the malicious payload. The Anatsa payloads are disguised as Adobe Illustrator add-ons, but quickly begin the process of gathering and exfiltrating any sensitive data stored on the device.
Suncor Energy confirms major cybersecurity attack
Early this week, officials for Canada’s largest energy company, Suncor Energy confirmed that their subsidiary, Petrol-Canada, had fallen victim to a cyberattack that was impacting the operation of several thousand gas stations across the country. It is believed that the attack was targeted as Petrol-Canada's point-of-sale systems and will make customer transactions more difficult until the full investigation is completed. Fortunately, the company has revealed that no employee or customer data appears to have been compromised during this incident.
