Security
Muslim Tinder exposes secrets, risks user privacy
Salams, a Muslim-oriented dating app, skimped on protection for its users, with the Cybernews research team discovering that the platform was wide open for user-impacting attacks for 18 months.
Read more about Muslim Tinder exposes secrets, risks user privacy
FBI urging deletion of MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN
Check your devices for the traces of 911 S5, “likely the world’s largest botnet ever” dismantled by the Federal Bureau of Investigation (FBI), and delete the free VPNs used as cybercrime infrastructure. Here’s how to do it.
Read more about FBI urging deletion of MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN
Church app developer exposes data of nearly a million Brazilians
inChurch, a Brazilian software company providing services to 5000 churches across Brazil and 45,000 worldwide, has leaked a tremendous amount of sensitive user data.
Read more about Church app developer exposes data of nearly a million Brazilians
Websites exposing over a million secrets, leaving visitors at risk
Thousands of websites are leaving their most sensitive keys in the doors, creating a perfect environment for thieves. The Cybernews research team has discovered 58,364 unique websites from around the globe that are vulnerable to data breaches and even complete takeovers. For visitors, it’s a security disaster.
Read more about Websites exposing over a million secrets, leaving visitors at risk
Millions of Alibaba-owned marketplace users exposed
Millions of users’ phone numbers, home addresses, and other personal information have been revealed on Taobao, an online shopping platform owned by Chinese tech giant Alibaba.
Read more about Millions of Alibaba-owned marketplace users exposed
Online video downloader exposes user data, including explicit content
A misconfiguration of Dirpy’s systems exposed users' IP addresses and revealed what they downloaded, which included explicit content.
Read more about Online video downloader exposes user data, including explicit content
Over 200K likely vulnerable Confluence Data Center instances exposed
Hundreds of thousands of likely vulnerable Atlassian Confluence Data Center and Confluence Server instances are exposed, mostly in the US, to attackers running code on them remotely.
Read more about Over 200K likely vulnerable Confluence Data Center instances exposed
Welsh Rugby Union member addresses, names exposed
Wales’ rugby overseers, the Welsh Rugby Union (WRU), have exposed a dataset containing the personal details of nearly 70,000 of its members.
Read more about Welsh Rugby Union member addresses, names exposed
German police warn of cyberattacks via Office 365
A new wave of cyberattacks is threatening companies in Germany. The State Criminal Police Office of North Rhine-Westphalia has warned that cybercriminals are exploiting Microsoft 365, especially email and document management, as an initial attack vector.
Read more about German police warn of cyberattacks via Office 365
Aston Villa’s gates have security gaps: fans exposed
Aston Villa Football Club (AVFC) left a publicly leaking Amazon Web Services (AWS) S3 bucket containing the personally identifiable information of 135,770 individuals. The affected fans are vulnerable to spear phishing, social engineering attacks, and identity theft attempts.
Read more about Aston Villa’s gates have security gaps: fans exposed
Many-faced Iranian hackers stir destruction in Albania and Israel
Destructive wiping attacks, coupled with influence operations targeting Israel, Albania, and other countries, were conducted by an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). Check Point Research shed light on some of its tactics.
Read more about Many-faced Iranian hackers stir destruction in Albania and Israel
Andrew Tate’s The Real World exposes 22M user messages
The Real World, a learning platform from the controversial social media personality Andrew Tate, has leaked nearly a million users and over 22 million messages.
Read more about Andrew Tate’s The Real World exposes 22M user messages
IMF believes global financial stability at risk due to cyberattacks
The International Monetary Fund (IMF) has warned that global financial stability is under threat from the increasing frequency and sophistication of cyberattacks. The risk of extreme losses is also increasing.
Read more about IMF believes global financial stability at risk due to cyberattacks
I crafted malicious Chrome extension: overhaul doesn’t mean you’re safe
Chrome will make huge changes to how the extensions work in June, hoping to improve performance and security. However, it may result in some useful extensions, such as adblockers, being impaired, leaving users vulnerable to trackers online. Extensions will remain largely unsafe overall, with large language models spitting out malware in seconds.
Read more about I crafted malicious Chrome extension: overhaul doesn’t mean you’re safe
Red Cross in Berlin leaks passwords and private messages
A German Red Cross unit potentially targeted by cybercriminals has leaked passwords and private messages, some of which disclosed sensitive data about the location of office keys and the responsibilities of employees.
Read more about Red Cross in Berlin leaks passwords and private messages
Following Ascension hospitals breach, FBI raises Black Basta alert
Black Basta Ransomware affiliates have impacted over 500 private industry and critical infrastructure entities worldwide, including healthcare. After Ascension Health Systems was breached, the US Cyber authorities issued some recommended actions and mitigations to fight the menace.
Read more about Following Ascension hospitals breach, FBI raises Black Basta alert
Mysterious actor spills over 1.2B records on Chinese users
An unknown actor is building a COMB – a compilation of many breaches – targeting Chinese individuals and already has over 1.2 billion records. Each one contains at least a phone number but often includes other sensitive data such as address or ID card number – and it’s leaking online.
Read more about Mysterious actor spills over 1.2B records on Chinese users
Claimed by hackers, Zscaler says there’s no impact or compromise
Cloud security company Zscaler is continuing an investigation into an alleged breach after a threat actor started selling “access to one of the largest cyber security companies.” Zscaler released a statement on Friday reiterating: “There is no impact or compromise to our customer, production and corporate environments.” However, the saga continues.
Read more about Claimed by hackers, Zscaler says there’s no impact or compromise
Chilean mobile network operator WOM exposes customer contracts
WOM failed to set a password on its cloud storage, leaking more than a million contracts containing highly sensitive customer data.
Read more about Chilean mobile network operator WOM exposes customer contracts
MediExcel exposes 500K patient documents
MediExcel, a US-based healthcare provider, left an open instance exposing over half a million patient documents, including diagnoses and claim forms.
Read more about MediExcel exposes 500K patient documents
