Security
Millions of websites are sitting ducks for hijackers using unresolved method
More than a dozen threat actors connected to Russia are exploiting a powerful attack vector in the domain name system (DNS). Hackers can claim existing domain names without the real owners noticing and use them for malicious purposes, warns the IT automation and security company Infoblox.
Read more about Millions of websites are sitting ducks for hijackers using unresolved method
BangBros unzipped: 12 million records laid bare, users exposed
Miami-based BangBros, a well-known adult film studio and platform, has exposed private user information that includes IPs, usernames, locations, feedback messages, and model performance statistics. Cybernews researchers found a large unsecured online database containing 12 million records.
Read more about BangBros unzipped: 12 million records laid bare, users exposed
Virtual machines at risk as ransomware gangs exploit dangerous VMware vulnerability
VMware’s enterprise-class software for hosting virtual machines (ESXi) contains a bug that hackers are actively exploiting. They gain full administrative permissions by creating a group called “ESX Admins” and adding themselves to it.
Read more about Virtual machines at risk as ransomware gangs exploit dangerous VMware vulnerability
Researchers find new way to steal tokens using cross-site scripting and OAuth
Although cross-site scripting (XSS) attacks might have fallen out of prominence in recent years, researchers have demonstrated a new method that enables bad actors to steal user session tokens.
Read more about Researchers find new way to steal tokens using cross-site scripting and OAuth
Gold rush for data: Paris 2024 Olympic apps are eavesdropping on users
Apps for the Paris Olympic Games 2024 are tracking users, extracting private data, and peddling it to advertisers and big tech. Moreover, their overreaching capabilities exceed what’s being declared.
Read more about Gold rush for data: Paris 2024 Olympic apps are eavesdropping on users
Hundreds of PC models vulnerable to boot-level attacks after vendors copypaste “secret” keys
Attackers could gain the highest possible privilege – boot-level access – to hundreds of PC system models from Gigabyte, Dell, Lenovo, Supermicro, Acer, and others. The vendors did not bother to change the test master keys provided by the UEFI developer, labeled “DO NOT TRUST,” according to a report by security firm Binarly.
Read more about Hundreds of PC models vulnerable to boot-level attacks after vendors copypaste “secret” keys
Chrome now asking for ZIP archive passwords to help detect malicious files
Cybercriminals are increasingly using encrypted and password-protected files to deliver infostealers and other malware while slipping through security defenses. Google Chrome has introduced a solution, which, while not elegant, should still be effective.
Read more about Chrome now asking for ZIP archive passwords to help detect malicious files
European banks gain insight from first-ever cyber stress test
The European Central Bank on Friday released the results from its first-ever cyber resilience stress test on over 100 European banks – declaring there was “room for improvement.”
Read more about European banks gain insight from first-ever cyber stress test
South Carolina's Summerville Police claimed by rumored ALPHV/BlackCat ransomware reboot
The Town of Summerville, South Carolina on Friday announced it was the victim of a recent ransomware attack – and now the cyber gang allegedly responsible for the hit, is claiming to have stolen over 1.7 TB of sensitive information from its local police department.
Read more about South Carolina's Summerville Police claimed by rumored ALPHV/BlackCat ransomware reboot
Thousands of surveilled devices exposed in spyware vendor hack
The Minnesota-based spyware maker Spytech Software and Design, Inc. has allegedly been breached, and “persons with knowledge” exposed the logs of thousands of remotely monitored phones, tablets, and computers, TechCrunch reports.
Read more about Thousands of surveilled devices exposed in spyware vendor hack
Feds warn of North Korean Andariel cyber group, offer $10 million reward
Pyongyang’s global cyber espionage campaign is targeting defense, aerospace, nuclear, and engineering organizations.
Read more about Feds warn of North Korean Andariel cyber group, offer $10 million reward
A secretive phishing network on GitHub is distributing malware
Researchers from Check Point have unveiled a “never seen before” sophisticated malicious operation on GitHub. A phishing ring, dubbed Stargazers Ghost Network, is spreading malware and targeting gamers, social media enthusiasts, and crypto holders via malicious repositories.
Read more about A secretive phishing network on GitHub is distributing malware
Biggest-ever leak of digital pirates: 10 million exposed by Z-Library copycat
Ten million people thought they were accessing an e-book piracy site called Z-Library. Instead, scammers collected their personal information, passwords, crypto addresses, and, possibly, payments. What’s worse, they leaked all their information, exposing users to other cybercriminals and authorities.
Read more about Biggest-ever leak of digital pirates: 10 million exposed by Z-Library copycat
Android Telegram users hit by zero-day exploit masquerading as “xHamster”
Telegram users find their Android phones trying to install malware named “xHamster Premium Mod.” The APK file, disguised as a media, is downloaded by the messaging app itself. Telegram released a patch to fight the complex zero-day, discovered by ESET.
Read more about Android Telegram users hit by zero-day exploit masquerading as “xHamster”
Major Tunisian internet provider leaks data of nearly half a million customers
A massive leak has exposed clients' data and employees' passwords, raising concerns over targeted attacks after the main internet provider in Tunisia failed to set up a password.
Read more about Major Tunisian internet provider leaks data of nearly half a million customers
The CrowdStrike butterfly effect: cyber pros weigh in on the far-reaching disaster
A few hours without flights, medical procedures, or financial transactions. A day or two without less critical services. And a week or two of work restoring every affected system. Yet the ripples caused by CrowdStrike's calamitous software update will be felt far beyond these short term disruptions, cybersecurity experts believe.
Read more about The CrowdStrike butterfly effect: cyber pros weigh in on the far-reaching disaster
CrowdStrike outage turns into playground for threat actors
As more systems come back online in the wake of Friday’s worldwide CrowdStrike IT outage, experts say for many industries, such as the airlines, healthcare, and banking sectors, the process will be lengthy and create a slew of unforeseen security challenges.
Read more about CrowdStrike outage turns into playground for threat actors
Chinese APT41 back in action compromising companies in Italy, Spain, Taiwan, Turkey, UK
Multiple organizations around the world have been compromised by the prolific Chinese state-sponsored threat group known as APT41, Google’s cybersecurity research arm Mandiant warns.
Read more about Chinese APT41 back in action compromising companies in Italy, Spain, Taiwan, Turkey, UK
Cisco, Oracle patch warning covers hundreds of critical vulnerabilities
CISA on Thursday warns of critical vulnerabilities found in multiple products for Cisco, Oracle, and Ivanti software in a trio of July patch advisories.
Read more about Cisco, Oracle patch warning covers hundreds of critical vulnerabilities
Hijacked YouTube channels pushing crypto scams using Trump assassination narrative
Fraudsters have been quick to capitalize on the assassination attempt on former president Donald Trump by luring victims and offering them “double” crypto deposits on YouTube.
Read more about Hijacked YouTube channels pushing crypto scams using Trump assassination narrative
