Sophos describes what appears to be a strain of vigilante malware apparently designed to prevent infected computers from visiting pirate sites. The malware has been distributed through Bittorrent and Discord, disguised as pirated copies of games and other software products. "Vigilante" is a reasonable first guess, but the operators' ultimate purpose remains murky.
Hot for Security, reminding readers that almost three-quarters-of-a-million customers of the hardware wallet Ledger had their email and physical addresses compromised last December, thinks we now know why. It appears to have been the onset of an elaborate phishing effort. Some Ledger users have received what appear to be replacement wallet hardware units. They are, however, bogus, and represent an attempt to steal keys and cryptocurrency. BleepingComputer has pictures of the devices and an account of the poorly written scam text that accompanied them.
Cruise ship line Carnival disclosed that it sustained a data breach in March. The company told BleepingComputer that the attackers accessed “limited portions of its information technology systems.” Some customer, employee, and crew information is believed to have been exposed, but Carnival thinks the probability that the data have been misused is low.
Two unsecured cloud databases used by the US grocery chain Wegmans may have exposed customers' names, home and email addresses, phone numbers, birth dates, Shoppers Club numbers, and hashed passwords to their store accounts, WCVB reports.
Russian national Oleg Koshkin has been convicted in the US for operating crypter websites, including Crypt4U, to help malware evade detection by antivirus programs.