Security
Ransomware encryption devastates CloudNordic, customer data lost
Danish cloud provider CloudNordic has suffered a devastating ransomware attack that left most customer data irretrievable. Its systems have been shut down and the company is facing bankruptcy.
Read more about Ransomware encryption devastates CloudNordic, customer data lost
Hackers exposed 2.6 million Duolingo users, more available for scraping
Duolingo, the popular language learning app, has had some of its users exposed online. The scraped data of 2.6 million people, which was on sale in January, is now available on the cybercrime marketplace BreachForums. Open API allows the scraping of more data.
Read more about Hackers exposed 2.6 million Duolingo users, more available for scraping
Defense contractor Belcan leaks admin password with a list of flaws
US Government and defense contractor Belcan left its super admin credentials open to the public. A lapse that could have resulted in a serious supply chain attack, the Cybernews research team reveals.
Read more about Defense contractor Belcan leaks admin password with a list of flaws
FBI: Space industry espionage is latest cyber threat
The FBI and other counterintelligence agencies are warning that nation-state-sponsored cyber spies are actively trying to steal research and trade secrets from companies involved with the US space industry.
Read more about FBI: Space industry espionage is latest cyber threat
Alarming lack of cybersecurity practices on world's most popular websites
The world’s most popular websites lack basic cybersecurity hygiene, an investigation by Cybernews shows.
Read more about Alarming lack of cybersecurity practices on world's most popular websites
Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy
In what could be seen as a bold move or a sign of desperation, the Cl0p ransomware group has made good on its August 15th promise to publish the files of all its victims if contact was not made by the latest deadline. Does this mean the MOVEit fiasco is finally winding down? Cybernews gets the 411 on Cl0p strategy from two threat intel leaders during Black Hat.
Read more about Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy
Think twice before accepting notifications on Chrome: threats on the rise
Clicking the “Allow” button online is asking for trouble. Dubious websites exploit push notification functionality to serve ads, malware, or phish users' credentials. And the trend shows that these attacks are on the rise.
Read more about Think twice before accepting notifications on Chrome: threats on the rise
UK govt contractor leaks employee passport data
MPD FM, a facility management and security company providing services to various UK government departments, left an open instance that exposed employee passports, visas, and other sensitive data.
Read more about UK govt contractor leaks employee passport data
Beware of thermal attacks, security experts warn
Thermal attacks can crack users’ passwords in mere seconds by analyzing the traces of heat their fingertips leave on keyboards and screens.
Read more about Beware of thermal attacks, security experts warn
Microsoft accounts targeted by EvilProxy phishing kits
Multifactor authentication (MFA) defenses are being bypassed by a ready-made phishing tool that has targeted thousands of victims, says Proofpoint cybersecurity firm.
Read more about Microsoft accounts targeted by EvilProxy phishing kits
Balada Injector still at large – new domains discovered
During a routine web monitoring operation, we discovered an address that led us down a rabbit hole of WordPress-orientated “hack waves” caused by the Balada Injector malware. This evidence suggests that the malware is still at large and still evading security software by utilizing new domain names and slight changes between the waves of obfuscated attacks.
Read more about Balada Injector still at large – new domains discovered
GDPR compliance is not cybersecurity, says analyst
Compliance on paper does not add up to better protection in real life and this is costing businesses more in the long run, claims Imperva
Read more about GDPR compliance is not cybersecurity, says analyst
Points.com glitch left millions of records exposed
A major back-end provider for free flights, hotel bookings, and other points-based rewards had multiple security flaws that potentially put millions of customers’ personal data in jeopardy.
Read more about Points.com glitch left millions of records exposed
Satellites easier to hack than a Windows device
Satellites are full of exploitable vulnerabilities. Attackers could use these flaws to launch themselves into orbit, closer to more valuable targets, a satellite security researcher believes.
Read more about Satellites easier to hack than a Windows device
Ransom gangs have cost manufacturers $46B
Downtime caused by ransomware attacks on the manufacturing industry have cost it $46 billion over the past five years, a cybercrime round-up can reveal.
Read more about Ransom gangs have cost manufacturers $46B
Zero-day bug exploiting Meta hits Salesforce
Cloud-based software company Salesforce was left wide open to a cyberattack exploiting the reputation of tech giant Meta thanks to a previously undetected bug.
Read more about Zero-day bug exploiting Meta hits Salesforce
Burger King forgets to put a password on their systems, again
The fast food giant put their systems and data at risk by exposing sensitive credentials to the public for a second time.
Read more about Burger King forgets to put a password on their systems, again
Chrome extensions: they see everything
Your handy adblocker, price tracker, or spell checker extension might be significantly risking your online safety. Oren Koren, Co-Founder of the cybersecurity firm Veriti, advised me to delete all Chrome extensions, and he’s not the only one. Four more cybersecurity researchers have similar opinions.
Read more about Chrome extensions: they see everything
Everlast hacked, customer credit cards compromised
Everlast, the well-known American boxing equipment brand, recently had its online shop hacked by a cybergang linked to the world’s biggest online bank heist. Customer credit card data has been silently skimmed for at least three weeks, the Cybernews research team found.
Read more about Everlast hacked, customer credit cards compromised
Italy targeted by new malware strain
A threat group known for going after targets in Europe and Asia has been deploying a new form of malware against Italian organizations, cybersecurity company Proofpoint says.
Read more about Italy targeted by new malware strain
