Security
Saudi ride-hailing company exposes drivers' licenses and passports
A massive data leak affecting hundreds of thousands of Saudi citizens has hit a ride-hailing service in the Kingdom.
Read more about Saudi ride-hailing company exposes drivers' licenses and passports
Hospitality app exposes more than one million credit cards
One hotel management services company has leaked full credit card details and personal data of more than one million guests, putting their financial accounts at risk.
Read more about Hospitality app exposes more than one million credit cards
TeamViewer confirms cyber incident, its scale unclear
TeamViewer, one of the largest remote access and control software providers, confirmed a cyber breach. Previously, security researchers alleged that the company was compromised by an advanced persistent threat group. Some attributed the incident to APT29, also known as Cozy Bear or Midnight Blizzard.
Read more about TeamViewer confirms cyber incident, its scale unclear
New ‘Poseidon’ infostealer campaign unleashed on Mac users
A rebranded malvertising campaign – dubbed “Poseidon” by its creator – has been actively targeting Mac users via malicious Google Ads in an attempt to steal users’ personal information, a new Malwarebytes Lab report found.
Read more about New ‘Poseidon’ infostealer campaign unleashed on Mac users
Microsoft says more customer emails accessed by Russian hackers - media
Microsoft said on Thursday that a Kremlin-backed hacker group, responsible for the January breach of the company’s internal systems, gained access to more customer emails than originally revealed, Bloomberg News first reported.
Read more about Microsoft says more customer emails accessed by Russian hackers - media
Google thwarts 10,000 Chinese influence operations in just three months
Chinese influence operator, dubbed DragonBridge, persistently generates vast amounts of fake content on YouTube and other platforms to undermine the US government, society, and democracy. In a single quarter, Google blocked 10,000 of its attempts.
Read more about Google thwarts 10,000 Chinese influence operations in just three months
Critical Rabbit R1' security flaw leaves user data at risk
The company that created the virtual assistant Rabbit R1 hardcoded several critical API keys, potentially putting users' private data vulnerable to hackers.
Read more about Critical Rabbit R1' security flaw leaves user data at risk
Background checks maker leaks thousands of passports
Protection Plus Solutions, a background check service provider, has leaked thousands of PDF files containing individuals’ Social Security numbers, passport details, and criminal records.
Read more about Background checks maker leaks thousands of passports
Resurgent malware targets Outlook and Thunderbird users but bypasses Russia
Security researchers warn about a spike in the use of credential stealers, dubbed StrelaStealer, to target email clients in Poland, Germany, Spain, and Italy. The malware has checks in place to avoid infecting systems in Russia.
Read more about Resurgent malware targets Outlook and Thunderbird users but bypasses Russia
Creditors’ service provider leaked millions of records with lawsuit history
A company identifying people who might sue creditors forgot to set a password and leaked over 150 million records, including lawsuit history.
Read more about Creditors’ service provider leaked millions of records with lawsuit history
Dangerous RAT mostly lurks in outdated Android phones
Multiple threat actors increasingly utilize a powerful remote access trojan (RAT) dubbed Rafel, researchers at cybersecurity firm Check Point warn. Mostly, outdated Android phones get infected.
Read more about Dangerous RAT mostly lurks in outdated Android phones
Attackers can bypass ARM security feature protecting from memory corruption
With a success rate of nearly 100%, researchers were able to bypass new ARM chip defenses against memory corruption. The discovered flaw can lead to many cyberattacks, including privilege escalation, arbitrary code execution, sensitive data leaks, or critical system damage.
Read more about Attackers can bypass ARM security feature protecting from memory corruption
Baltimore, one of America’s deadliest cities, leaks identities of residents who reported crimes
An unprotected instance revealed the identities behind 13.5 million complaints submitted since 1989, severely threatening the safety of individuals who have used Baltimore City’s 311 Services.
Read more about Baltimore, one of America’s deadliest cities, leaks identities of residents who reported crimes
Hackers deploy new clever tactics: apply a fix – get malware
Cybercriminals are using a new clever “copy-paste” technique to trick their victims. A fake error message on the Chrome browser appears and provides simple instructions “to install root certificate,” but instead leads to the installation of infostealers or other malware.
Read more about Hackers deploy new clever tactics: apply a fix – get malware
Portuguese bank exposes client data, raising fears of account hijacking
Extremely sensitive data has been leaked from Banco Portugues de Gestao due to a misconfiguration on the bank’s service providers systems, which could have led to unauthorized money transfers.
Read more about Portuguese bank exposes client data, raising fears of account hijacking
Threat actor IntelBroker claims alleged breaches of Apple, AMD
Threat actor IntelBroker, known for multiple high-profile breaches, now claims it has obtained the internal source code of three commonly used Apple tools. On Tuesday, IntelBroker also posted AMD’s data for sale, alleging the data compromise on future AMD products, specification sheets, and employee information.
Read more about Threat actor IntelBroker claims alleged breaches of Apple, AMD
SonicWall environment left open, exposing some data – customers safe
Cybersecurity company SonicWall leaked 22GB of logs from a “prototype environment.” The incident is limited in scale as no customers are affected, however, some employees should be aware.
Read more about SonicWall environment left open, exposing some data – customers safe
Snowflake guide for threat hunters released by Google’s Mandiant
Google’s cybersecurity research arm Mandiant on Monday released a 65-page guide to help companies fend off threat actors intent on exploiting the latest Snowflake vulnerabilities.
Read more about Snowflake guide for threat hunters released by Google’s Mandiant
Critical zero-click Microsoft Outlook exploit unveiled: update now
Microsoft patched a critical remote code execution vulnerability on June 11th, which affected most Outlook email clients. Morphisec researchers warn that no input from users is required for attackers to execute code on their systems.
Read more about Critical zero-click Microsoft Outlook exploit unveiled: update now
Black Basta ransomware linked to exploited Windows zero-day
Black Basta ransomware has been exploiting a recently patched Windows privilege escalation to deploy attacks even before the patch, researchers from Symantec believe.
Read more about Black Basta ransomware linked to exploited Windows zero-day
