News: US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.PKfail Vulnerability: Impact on System Boot Security.Cyber Siege: DDoS Attacks Disrupt Services of Russian Banks.Stargazer Goblin’s GitHub Malware: Cybersecurity Wake-Up Call.Unveiling APT45: North Korea’s Elite Cyber Force in Global Espionage and Ransomware Attacks.Hamster Kombat’s 250M players with malicious software, installing spyware and malware on devices.Philippines Shuts Down Online Gambling to Combat Scams and Human Trafficking.Strategic Pivot in Russian Cyber Warfare: Intensified Targeting of Ukrainian Frontline Operations for Summer Offensive.Spanish Police Arrest Three Linked to DDos Attacks Group NoName057(16) Pro-Russian Hacker SyndicateUnveiling the Advanced Multi-OS Capabilities of the Macma macOS Backdoor by Chinese Hackers.Evaluating the Fallout: Alphabet’s $23B Bid for Wiz Collapse.The Dark Truth: Vigorish Viper’s Illegal Online Gambling Syndicate and Human Trafficking.Cybercriminals increasingly pursue single careers following major ransomware crackdowns, losing trust in large networks, reports Europol.UK’s NCA cracks down on DigitalStress DDoS-for-hire, arresting a key suspect on July 2 with PSNI aid.Explore how the rise of cloud services increases container use in cloud infrastructure, highlighting benefits and risks like container escapes.SocGholish malware delivers AsyncRAT and BOINC, targeting systems via deceptive updates.Fake CrowdStrike Hotfixes Install Remote Access Tools and Distribute Data Wiper.Microsoft reports 8.5M Windows devices affected by a CrowdStrike update error; releases a recovery tool following global disruptions.CrowdStrike’s Crisis Management: Lessons in Chaos Recovery.Discover how the Port Shadow attack exploits shared VPN server ports, allowing attackers to shadow victims’ data.Cryptocurrency Exchange WazirX Hit by $230M Cyber Heist.Protecting ESXi Environments from Play Ransomware Attacks.Global Microsoft 365 Tech Outage Disrupts Flights, Banks, and Media.Impact of Interpol’s Operation Jackal: 300 Arrests, $3M SeizedBoost Your Cybersecurity with SubSnipe: Subdomain ProtectionStay Protected: Enhancing Cybersecurity for Software Updates.Beavertail Malware Update: MacOS Users at Risk.Australian Data Breach: MediSecure Struggles to Identify Victims.AvNeutralizer: FIN7’s Cybersecurity Evasion Tool Exposed.Protecting Networks: Strategies to Prevent 75% of IntrusionsChinese APT Group Evades Detection with 9002 RAT Malware in ItalyWP Time Capsule Plugin Update Urged After Critical Security FlawPatient Trust at Risk: Addressing MNGI Digestive Health BreachProtecting Yourself After the Trello Data LeakNATO’s NICC: Strengthening Alliance Against Cyber Threats.Kaspersky’s US Departure: A Blow to Cybersecurity Industry.Protect Your Privacy: mSpy Data Leak Exposes Millions.AT&T Data Breach Response: Paying the Price to Protect Data.Infostealer Malware: The Invisible Threat Explained.Secure the Cloud: Alphabet’s Potential $23 Billion Deal with Wiz.Brain Cipher Ransomware Threat: Indonesia’s Cybersecurity Challenge.IRacing DDoS Attack: Disrupting Online Racing SimulationsHardBit Ransomware 4.0: Passphrase Protection & ObfuscationAdvance Auto Parts Snowflake Data Breach: Result of No MFA.CDK Global Ransomware Attack: $25 Million Payment Details.Rapid Legal Data Leak Exposes 38TB Unsecured Database Online.Consumer Trust at Risk: The Fallout of the FBCS Data Breach.Cybersecurity Alert: AT&T Data Breach Impacts Millions of Customers.PowerShell-Based Malware: The Kematian Stealer Explained.Fortinet VPN Breach: Impact on Over 50 US Organizations.The Rise of Smishing Triad: India Post Cyber Fraud Alerts.CISA and FBI Alert: Hackers Targeting OS Command Injection Flaws.Data Breach Alert: Lulu Hypermarket’s Response and Next StepsPatch Tuesday – Microsoft Fixes 140+ Security Flaws.Cyber Espionage: Australia on High Alert for Chinese Hacker Attacks.NATO’s 75th Anniversary: Facing Chinese Cyberthreats Head On.Ticket Scalpers Bypass ‘Nontransferable’ Digital Tickets.Eldorado Ransomware: Threatening Windows and Linux Systems.Protecting Data: Risks Posed by CloudSorcerer APT’s Tactics.Microsoft’s iPhone Mandate: Enhancing Security in China.Avoiding Coinbase Scams: Tips to Safeguard Your Crypto Assets.Mekotio Trojan Threatens Latin American Financial Institutions.Apple Compliance with Russian VPN App Ban: A Controversial Move.Roll20 Security Breach: How to Safeguard Your Personal Data.Record-Breaking 840 Mpps DDoS Attack: OVHcloud’s Response.HealthEquity Data Breach: What You Need to Know.ShinyHunters Leaks Ticket Data For Taylor Swift’s Concerts, Demands Ransom.Defend Against Turla Malware: Weaponized LNK Files & Phishing Emails.Understanding the Dangers of AitM Phishing Attacks.Unveiling Volcano Demon: A New Threat to Windows Systems.Ghostscript Vulnerability: Potential Breach Risk for Users.Unveiling the Motives of Team ARXU’s Cyber Attacks on Schools and Banks.Safety Alert: Malicious QR Reader App in Google Play Store.Twilio Authy Breach Response: Safeguarding Your Mobile Security.Operation Morpheus and First Light: Combating cybercrime and protecting individuals globally.Donut and Sliver: Tools Used in Israeli Cyber Attack.Discover how FakeBat Loader Malware infiltrates systems via drive-by downloads, posing a widespread cybersecurity threat.Understanding the New Side-Channel Attack on Intel’s CPUs: What You Need to Know.In-Flight Cybersecurity Alert: Australian Man’s Wi-Fi Scam Exposed.Understanding Phishing, Identity Theft, and Ransomware Cyber Crimes.Brain Cipher Ransomware: The Rising Menace to Global Data Security.LockBit Ransomware Attack: 6M Individuals’ Data Breached at Infosys McCamish Systems.Fortifying the 2024 Olympics: Cybersecurity Measures in Place.Legal Practitioners Fidelity Fund hacked in South Africa, CEO informs stakeholders of cyber incident.Indonesia hit by major cyber attack, disrupting immigration services and airport operations.“Rafel RAT, an open-source Android remote administration tool (RAT), is being exploited by multiple threat actors to target Android devices.”CoinStats suffers breach, 1,590 crypto wallets compromised by threat actors.New Caesar Cipher Skimmer targets WordPress, Magento, and OpenCart, compromising CMS security.Indonesia’s national data center hacked, $8M ransom demanded, ransom payment refused.Levi Strauss & Co. data breach exposes 72K customers’ personal info.Winnti: Chinese-backed cyber group targeting tech, healthcare, and pharma industries for espionage and financial gain.Hackers exploit pkfacebook module flaw to deploy card skimmer on e-commerce sites, stealing credit card details.CDK Warns of Scammers Posing as Support, Calling Customers.Change Healthcare Lists Medical Data Stolen back in February.UNC3886 Hackers Deploy Linux Rootkits to Stealthily Operate on VMware ESXi Virtual Machines.Intel’s CET: Advanced CPU Protection Against Cyber Threats.Kaspersky Antivirus Software Banned in US Over Kremlin Links.SquidLoader: The Stealthy Malware Targeting Chinese Organizations with Evasive Phishing Tactics.Midnight Blizzard: Russia’s Cyber Threat to French Diplomacy.Fickle Stealer malware can be delivered through four methods: VBA dropper, VBA downloader, link downloader, and executable downloader.
Sat. Jul 27th, 2024
News: US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.PKfail Vulnerability: Impact on System Boot Security.Cyber Siege: DDoS Attacks Disrupt Services of Russian Banks.Stargazer Goblin’s GitHub Malware: Cybersecurity Wake-Up Call.Unveiling APT45: North Korea’s Elite Cyber Force in Global Espionage and Ransomware Attacks.Hamster Kombat’s 250M players with malicious software, installing spyware and malware on devices.Philippines Shuts Down Online Gambling to Combat Scams and Human Trafficking.Strategic Pivot in Russian Cyber Warfare: Intensified Targeting of Ukrainian Frontline Operations for Summer Offensive.Spanish Police Arrest Three Linked to DDos Attacks Group NoName057(16) Pro-Russian Hacker SyndicateUnveiling the Advanced Multi-OS Capabilities of the Macma macOS Backdoor by Chinese Hackers.Evaluating the Fallout: Alphabet’s $23B Bid for Wiz Collapse.The Dark Truth: Vigorish Viper’s Illegal Online Gambling Syndicate and Human Trafficking.Cybercriminals increasingly pursue single careers following major ransomware crackdowns, losing trust in large networks, reports Europol.UK’s NCA cracks down on DigitalStress DDoS-for-hire, arresting a key suspect on July 2 with PSNI aid.Explore how the rise of cloud services increases container use in cloud infrastructure, highlighting benefits and risks like container escapes.SocGholish malware delivers AsyncRAT and BOINC, targeting systems via deceptive updates.Fake CrowdStrike Hotfixes Install Remote Access Tools and Distribute Data Wiper.Microsoft reports 8.5M Windows devices affected by a CrowdStrike update error; releases a recovery tool following global disruptions.CrowdStrike’s Crisis Management: Lessons in Chaos Recovery.Discover how the Port Shadow attack exploits shared VPN server ports, allowing attackers to shadow victims’ data.Cryptocurrency Exchange WazirX Hit by $230M Cyber Heist.Protecting ESXi Environments from Play Ransomware Attacks.Global Microsoft 365 Tech Outage Disrupts Flights, Banks, and Media.Impact of Interpol’s Operation Jackal: 300 Arrests, $3M SeizedBoost Your Cybersecurity with SubSnipe: Subdomain ProtectionStay Protected: Enhancing Cybersecurity for Software Updates.Beavertail Malware Update: MacOS Users at Risk.Australian Data Breach: MediSecure Struggles to Identify Victims.AvNeutralizer: FIN7’s Cybersecurity Evasion Tool Exposed.Protecting Networks: Strategies to Prevent 75% of IntrusionsChinese APT Group Evades Detection with 9002 RAT Malware in ItalyWP Time Capsule Plugin Update Urged After Critical Security FlawPatient Trust at Risk: Addressing MNGI Digestive Health BreachProtecting Yourself After the Trello Data LeakNATO’s NICC: Strengthening Alliance Against Cyber Threats.Kaspersky’s US Departure: A Blow to Cybersecurity Industry.Protect Your Privacy: mSpy Data Leak Exposes Millions.AT&T Data Breach Response: Paying the Price to Protect Data.Infostealer Malware: The Invisible Threat Explained.Secure the Cloud: Alphabet’s Potential $23 Billion Deal with Wiz.Brain Cipher Ransomware Threat: Indonesia’s Cybersecurity Challenge.IRacing DDoS Attack: Disrupting Online Racing SimulationsHardBit Ransomware 4.0: Passphrase Protection & ObfuscationAdvance Auto Parts Snowflake Data Breach: Result of No MFA.CDK Global Ransomware Attack: $25 Million Payment Details.Rapid Legal Data Leak Exposes 38TB Unsecured Database Online.Consumer Trust at Risk: The Fallout of the FBCS Data Breach.Cybersecurity Alert: AT&T Data Breach Impacts Millions of Customers.PowerShell-Based Malware: The Kematian Stealer Explained.Fortinet VPN Breach: Impact on Over 50 US Organizations.The Rise of Smishing Triad: India Post Cyber Fraud Alerts.CISA and FBI Alert: Hackers Targeting OS Command Injection Flaws.Data Breach Alert: Lulu Hypermarket’s Response and Next StepsPatch Tuesday – Microsoft Fixes 140+ Security Flaws.Cyber Espionage: Australia on High Alert for Chinese Hacker Attacks.NATO’s 75th Anniversary: Facing Chinese Cyberthreats Head On.Ticket Scalpers Bypass ‘Nontransferable’ Digital Tickets.Eldorado Ransomware: Threatening Windows and Linux Systems.Protecting Data: Risks Posed by CloudSorcerer APT’s Tactics.Microsoft’s iPhone Mandate: Enhancing Security in China.Avoiding Coinbase Scams: Tips to Safeguard Your Crypto Assets.Mekotio Trojan Threatens Latin American Financial Institutions.Apple Compliance with Russian VPN App Ban: A Controversial Move.Roll20 Security Breach: How to Safeguard Your Personal Data.Record-Breaking 840 Mpps DDoS Attack: OVHcloud’s Response.HealthEquity Data Breach: What You Need to Know.ShinyHunters Leaks Ticket Data For Taylor Swift’s Concerts, Demands Ransom.Defend Against Turla Malware: Weaponized LNK Files & Phishing Emails.Understanding the Dangers of AitM Phishing Attacks.Unveiling Volcano Demon: A New Threat to Windows Systems.Ghostscript Vulnerability: Potential Breach Risk for Users.Unveiling the Motives of Team ARXU’s Cyber Attacks on Schools and Banks.Safety Alert: Malicious QR Reader App in Google Play Store.Twilio Authy Breach Response: Safeguarding Your Mobile Security.Operation Morpheus and First Light: Combating cybercrime and protecting individuals globally.Donut and Sliver: Tools Used in Israeli Cyber Attack.Discover how FakeBat Loader Malware infiltrates systems via drive-by downloads, posing a widespread cybersecurity threat.Understanding the New Side-Channel Attack on Intel’s CPUs: What You Need to Know.In-Flight Cybersecurity Alert: Australian Man’s Wi-Fi Scam Exposed.Understanding Phishing, Identity Theft, and Ransomware Cyber Crimes.Brain Cipher Ransomware: The Rising Menace to Global Data Security.LockBit Ransomware Attack: 6M Individuals’ Data Breached at Infosys McCamish Systems.Fortifying the 2024 Olympics: Cybersecurity Measures in Place.Legal Practitioners Fidelity Fund hacked in South Africa, CEO informs stakeholders of cyber incident.Indonesia hit by major cyber attack, disrupting immigration services and airport operations.“Rafel RAT, an open-source Android remote administration tool (RAT), is being exploited by multiple threat actors to target Android devices.”CoinStats suffers breach, 1,590 crypto wallets compromised by threat actors.New Caesar Cipher Skimmer targets WordPress, Magento, and OpenCart, compromising CMS security.Indonesia’s national data center hacked, $8M ransom demanded, ransom payment refused.Levi Strauss & Co. data breach exposes 72K customers’ personal info.Winnti: Chinese-backed cyber group targeting tech, healthcare, and pharma industries for espionage and financial gain.Hackers exploit pkfacebook module flaw to deploy card skimmer on e-commerce sites, stealing credit card details.CDK Warns of Scammers Posing as Support, Calling Customers.Change Healthcare Lists Medical Data Stolen back in February.UNC3886 Hackers Deploy Linux Rootkits to Stealthily Operate on VMware ESXi Virtual Machines.Intel’s CET: Advanced CPU Protection Against Cyber Threats.Kaspersky Antivirus Software Banned in US Over Kremlin Links.SquidLoader: The Stealthy Malware Targeting Chinese Organizations with Evasive Phishing Tactics.Midnight Blizzard: Russia’s Cyber Threat to French Diplomacy.Fickle Stealer malware can be delivered through four methods: VBA dropper, VBA downloader, link downloader, and executable downloader.
Sat. Jul 27th, 2024

Wyndham Hotels Consumer-grade Spyware app found on Check-in Systems

Wyndham Hotels Consumer-grade Spyware app found on Check-in Systems

“pcTattletale: Exposing Sensitive Information with Security Flaws”

Wyndham Hotels Consumer-grade Spyware app found on Check-in Systems

Consumer-grade spyware app found on check-in systems of Wyndham hotels

A consumer-grade spyware app called pcTattletale has been discovered running on the check-in systems of at least three Wyndham hotels in the United States, according to TechCrunch. This app, which operates covertly, has been continuously capturing screenshots of the hotel booking systems, containing sensitive guest details and customer information. However, due to a security flaw in the spyware, these screenshots are not only accessible to the intended users but are also available to anyone on the internet. This incident highlights yet another case of consumer-grade spyware compromising the security of sensitive information. Remarkably, this is not the first time that pcTattletale has exposed screenshots of the devices on which it is installed.

The discovery of pcTattletale on the check-in systems of Wyndham hotels raises serious concerns about the security measures in place within the hospitality industry. Hotels are entrusted with safeguarding their guests’ personal information, and any breach of this trust can have severe consequences. In this case, the spyware app has managed to infiltrate the hotel’s systems, capturing screenshots that contain sensitive data such as names, addresses, and credit card details. The fact that these screenshots are accessible to anyone on the internet is deeply troubling and highlights the urgent need for improved security protocols.

This incident also sheds light on the growing trend of consumer-grade spyware being used to exploit security vulnerabilities. Consumer-grade spyware refers to software that is readily available to the general public and is typically marketed as a tool for monitoring children or employees. However, these apps can be easily repurposed for malicious activities, as demonstrated by pcTattletale. The fact that this spyware has been found on the check-in systems of multiple hotels suggests that it may be more widespread than initially thought.

Furthermore, this is not the first time that pcTattletale has been implicated in compromising the security of devices on which it is installed. This raises questions about the effectiveness of the app’s security measures and the potential risks associated with its use. It is crucial for consumers to be aware of the potential dangers posed by consumer-grade spyware and to exercise caution when installing such apps on their devices.

The incident involving pcTattletale and the Wyndham hotels serves as a stark reminder of the importance of robust cybersecurity measures. Organizations must prioritize the implementation of comprehensive security protocols to protect sensitive information from unauthorized access. This includes regularly updating software, conducting thorough security audits, and educating employees about potential threats. Additionally, consumers should be vigilant when using public Wi-Fi networks and ensure that their devices are protected with strong passwords and up-to-date security software.

The discovery of pcTattletale on the check-in systems of Wyndham hotels highlights the risks associated with consumer-grade spyware and the need for improved security measures within the hospitality industry. The incident serves as a reminder of the importance of robust cybersecurity protocols and the potential consequences of failing to adequately protect sensitive information. It is crucial for both organizations and individuals to remain vigilant and take proactive steps to safeguard against cyber threats.

 

 

    • Related Posts

    US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.
    US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.

    “Up to $10 Million Reward: Help Thwart Cyber Threats, Report on Rim Jong Hyok of APT45.” Exploring the

    Read more

    PKfail Vulnerability: Impact on System Boot Security.
    PKfail Vulnerability: Impact on System Boot Security.

    “PKfail: Exposing the Core, Compromising the Boot” Exploring PKfail: Understanding Its Impact on UEFI Bootkits and System Security

    Read more

    You Missed

    1
    US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.
    CyberCrime CyberCrimminals CyberEspionage CyberSecurity CyberThreats Hackers
    US offers $10M reward for info on Rim Jong Hyok of North Korean hacking group APT45.
    2
    PKfail Vulnerability: Impact on System Boot Security.
    Alert CyberSecurity Spyware UEFI
    PKfail Vulnerability: Impact on System Boot Security.
    3
    Unpatched Docker Vulnerability: Exploring CVE-2024-41110.
    Alert
    Unpatched Docker Vulnerability: Exploring CVE-2024-41110.
    4
    Cyber Siege: DDoS Attacks Disrupt Services of Russian Banks.
    CyberAttacks CyberSecurity DDoS Russia
    Cyber Siege: DDoS Attacks Disrupt Services of Russian Banks.
    5
    Stargazer Goblin’s GitHub Malware: Cybersecurity Wake-Up Call.
    CyberSecurity Malware Phishing
    Stargazer Goblin’s GitHub Malware: Cybersecurity Wake-Up Call.
    6
    BlackMeta used InfraShutdown to target a UAE bank in a 100-hour DDos cyber attack.
    Alert
    BlackMeta used InfraShutdown to target a UAE bank in a 100-hour DDos cyber attack.
    7
    Unveiling APT45: North Korea’s Elite Cyber Force in Global Espionage and Ransomware Attacks.
    CyberCrime CyberEspionage CyberSecurity CyberThreats
    Unveiling APT45: North Korea’s Elite Cyber Force in Global Espionage and Ransomware Attacks.
    8
    California Court Chaos: Phone Services Disrupted by Ransomware Attack.
    Alert
    California Court Chaos: Phone Services Disrupted by Ransomware Attack.
    9
    Hamster Kombat’s 250M players with malicious software, installing spyware and malware on devices.
    CyberCrimminals CyberSecurity CyberThreats
    Hamster Kombat’s 250M players with malicious software, installing spyware and malware on devices.
    10
    Philippines Shuts Down Online Gambling to Combat Scams and Human Trafficking.
    CyberSecurity Human Trafficking
    Philippines Shuts Down Online Gambling to Combat Scams and Human Trafficking.
    11
    Strategic Pivot in Russian Cyber Warfare: Intensified Targeting of Ukrainian Frontline Operations for Summer Offensive.
    CyberAttacks CyberSecurity Russia
    Strategic Pivot in Russian Cyber Warfare: Intensified Targeting of Ukrainian Frontline Operations for Summer Offensive.
    12
    Spanish Police Arrest Three Linked to DDos Attacks Group NoName057(16) Pro-Russian Hacker Syndicate
    CyberCrime CyberCrimminals CyberSecurity DDoS Hackers
    Spanish Police Arrest Three Linked to DDos Attacks Group NoName057(16) Pro-Russian Hacker Syndicate
    13
    Unveiling the Advanced Multi-OS Capabilities of the Macma macOS Backdoor by Chinese Hackers.
    China CyberEspionage CyberSecurity CyberThreats Hackers
    Unveiling the Advanced Multi-OS Capabilities of the Macma macOS Backdoor by Chinese Hackers.
    14
    Evaluating the Fallout: Alphabet’s $23B Bid for Wiz Collapse.
    CyberSecurity
    Evaluating the Fallout: Alphabet’s $23B Bid for Wiz Collapse.
    15
    The Dark Truth: Vigorish Viper’s Illegal Online Gambling Syndicate and Human Trafficking.
    CyberCrime CyberSecurity Human Trafficking Malware
    The Dark Truth: Vigorish Viper’s Illegal Online Gambling Syndicate and Human Trafficking.
    16
    Cybercriminals increasingly pursue single careers following major ransomware crackdowns, losing trust in large networks, reports Europol.
    CyberCrime CyberCrimminals CyberSecurity
    Cybercriminals increasingly pursue single careers following major ransomware crackdowns, losing trust in large networks, reports Europol.