Security

WiHD leak exposes details of all torrent users
by  Vilius Petkauskas
World-in-HD, a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators.
Read more
WiHD data leak

Massive DDoS attacks are the new normal
by  Ernestas Naprys
DDoS attackers shattered previous records with never-before-seen malicious activity during the third quarter. The 89 reported DDoS attacks bombarded Cloudflare’s servers with more than 100 million requests each second. The previous all-time high was below 71 million.
Read more
euro-ddos-attack

Microsoft: English-speaking ransom gang issuing death threats
by  Damien Black
Microsoft has detected a threat actor linked to the gang that recently launched high-profile cyberattacks on casinos in Las Vegas.
Read more
Caesar and MGM logosa

Hello Alfred app exposes user data
by  Paulina Okunytė
Hello Alfred, an in-home hospitality app, left a database accessible without password protection, exposing almost 170,000 records containing private user data.
Read more
hello alfred data leak

New England Biolabs leak sensitive data
by  Ernestas Naprys
Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite leaving some of its sensitive credentials exposed, New England Biolabs seems to have dodged a bullet.
Read more
New England Biolabs research

International Criminal Court investigating “unprecedented” cyberattack
by  Justinas Vainilavičius
The International Criminal Court (ICC) has fallen victim to a sophisticated cyberattack, suspected to be an espionage operation.
Read more
icc_1023

One app, two accounts: new WhatsApp feature raises security concern
by  Justinas Vainilavičius
WhatsApp will allow users to juggle two accounts at the same time, potentially eliminating the need to have separate phones for work and personal use. However, this is also a security risk, experts warn.
Read more
double_trouble

Deepfaked African Union chief called European leaders
by  Justinas Vainilavičius
Threat actors used artificial intelligence to impersonate African Union Commission Chairperson Moussa Faki and place calls with various European leaders.
Read more
faki

I tried to revoke all Android app permissions but it was impossible
by  Ernestas Naprys
I tried to take complete control of all the apps and their permissions on my Android device, but I had to give up. Despite revoking all user-available permissions, apps can still run on startup, stay in the background, have full network access, access sensitive information, and use hardware. So, what can you do?
Read more
Phone addiction

Californian IT company leaks private mobile phone data
by  Paulina Okunytė
Hundreds of thousands of clients who opted-in for a screen warranty were exposed when DNA Micro leaked data from its systems.
Read more
DNA Micro data leak

FTC warning: no crypto is FDIC insured, period
by  Ernestas Naprys
Authorities have issued a stern reminder following recent false advertising by some crypto companies: funds deposited with a crypto-based financial services provider will never be insured by the Federal Deposit Insurance Corporation (FDIC).
Read more
FDIC insurance

Don’t call it quishing: QR code phishing on the rise
by  Ernestas Naprys
There’s a new trend emerging in cybercrime, AT&T warns – embedding malicious QR codes into phishing attempts. The attack has been dubbed “quishing,” but the term isn’t getting any love among the cybersecurity community on Reddit.
Read more
QR code phishing, scam

LinkedIn smart links leveraged in credential phishing campaign
by  Jurgita Lapienytė
Attackers are on the hunt for Microsoft Office logins. A recent phishing campaign is leveraging newly created or compromised LinkedIn business accounts.
Read more
LinkedIn logo

Facebook copyright scam intensifies, users left stranded
by  Justinas Vainilavičius
16
The Facebook copyright infringement scam appears to have intensified, with users reporting being locked out of their accounts with little help from the Meta-owned social media platform to restore their access.
Read more
Facebook phishing

Telegram, AWS users targeted by hidden malware code
by  Damien Black
Telegram, AWS, and Alibaba Cloud users are being targeted by a fresh malware campaign that strategically buries malicious code within specific software functions to make it harder to detect.
Read more
Telegram logo

Europol scrutinized hundreds of platforms and devices for human trafficking
by  Ernestas Naprys
In the Netherlands, 85 law enforcement investigators from 26 countries coordinated a three-day-long operational action targeting online criminal activities that enable human trafficking. That led to 371 platforms being checked, including social media and dating platforms, web forums, marketplaces, and online applications.
Read more
Europol HQ building in the Hague

Air Canada responds to BianLian ransom attack claims
by  Stefanie Schappert
Air Canada responds to Wednesday’s claims by the BianLian ransomware group that it was responsible for a September breach of the airline – and to have stolen more than 200 GB of data from the carrier on its dark leak site.
Read more
Air Canada

Android financial apps too greedy for permissions
by  Ernestas Naprys
Android apps usually require excessive permissions. But financial apps go a step further into dangerous territory, asking for even more access and posing heightened risks to privacy and security, a Cybernews research team investigation into 50 apps reveals.
Read more
Financial app permissions on Android

Space cybersecurity takes center stage in Estonia
by  Jurgita Lapienytė
By 2040, the global space industry could be worth as much as one trillion dollars. Securing space-based systems is crucial.
Read more
Artemis mission, 3D illustration

Air Europa cyberattack leaks credit card data
by  Stefanie Schappert
Spain’s Air Europa has fallen victim to a cyberattack on its payment system exposing some customer credit card information.
Read more
Air Europa