And now LinkedIn...
Data scraped from 500 million LinkedIn users found for sale online
https://www.techrepublic.com/article/data-scraped-from-500-million-linkedin-users-found-for-sale-online/
Pwn2Own 2021: Microsoft Exchange Server, macOS, Windows 10 and Teams HackedPwn2Own 2021: Microsoft Exchange Server, macOS, Windows 10 and Teams Hacked
Winners of the first day have earned more than half a million already.
Probably by design....
Joker malware infects over 500,000 Huawei Android devices
More than 500,000 Huawei users have downloaded from the company’s official Android store applications infected with Joker malware that subscribes to premium mobile services.
Researchers found ten seemingly harmless apps in AppGallery that contained code for connecting to malicious command and control server to receive configurations and additional components.
A report from antivirus maker Doctor Web notes that the malicious apps retained their advertised functionality but downloaded components that subscribed users to premium mobile services.
To keep users in the dark the infected apps requested access to notifications, which allowed them to intercept confirmation codes delivered over SMS by the subscription service.
According to the researchers, the malware could subscribe a user to a maximum of five services, although the threat actor could modify this limitation at any time.
The list of malicious applications included virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, coloring programs, and a game.
Joker malware infects over 500,000 Huawei Android devices
Malicious code in APKPure app
Recently, we’ve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source.
We notified the developers about the infection on April 8. APKPure confirmed the issue and promptly fixed it with the release of version 3.17.19.
Malicious code in APKPure app | Securelist
Another "dating service“ hack. If you are still in the closet, this could be a problem.
"Men's social networking website and online dating application Manhunt has suffered a data breach.
According to a security notice, the 20-year-old site was compromised in a cyber-attack that took place in February 2021.
An unauthorized third party downloaded personal information belonging to some Manhunt users after gaining access to the company's account credential database.
The compromised database contained customers' usernames, email addresses, and passwords. After discovering that a breach had occurred, Manhunt performed a forced reset of all users' passwords.
Manhunt began notifying users of the security incident last month. The company did not say how many of the approximately 6 million men who use the site had been impacted by the attack."
Dating Service Suffers Data Breach - Infosecurity Magazine
^Have you warned snubby and antsy about it yet?
Careful where you click...
https://ciso.economictimes.indiatime...aders/82324228In perhaps one of the biggest phishing incidents targeting some of the world’s largest news organizations, hackers have created fake replica websites of news portals of 900 global news portals, including at least 57 from India including websites of The Hindu, NDTV, Hindustan Times, and News18 among many others and are using them to distribute malware and scam advertisements.
Other affected news portals include those belonging to Jagran, Moneycontrol, DNA, Punjab Kesari, Jan Satta, First Post and Business Standard. Global news portals that were targeted include portals of BBC, Washington Times, and The Australian among several others.
if you are really interested in computer and online security
you should read this and stop installing appliances on your edge - build only exactly what is needed
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth
https://www.goodreads.com/book/show/...SE4UQzz&rank=1
Not a lot of explanation there Baldrick. Has Zero Trust gone out of the window now then?
ZTNA is useless if you are trusting vendor appliances
Build your appliances yourself with an OS and applications that you can trust . It seems the zero days seem to be mainly available for vendor devices.
Not withstanding your users opening doc files
Chinky bastards at it again.
Chinese TV maker: Yes, our Android TVs spied on customers [updated] | Tom's Guide
Appears that a Chinese company is behind a "a major coordinated scheme by Amazon vendors to procure fake reviews for their products."
Misconfigured Database Exposes 200K Fake Amazon Reviewers - Infosecurity Magazine
Chinky bastards at it again.
Chinese cyberspies are targeting US, EU orgs with new malwareChinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances.
As FireEye threat analysts revealed last month, state-sponsored threat actors were exploiting a recently patched zero-day in the Pulse Connect Secure gateways.
After compromising the targeted devices, they deployed malware to maintain long-term access to networks, collect credentials, and steal proprietary data.
"We now assess that espionage activity by UNC2630 and UNC2717 supports key Chinese government priorities," FireEye said in a follow-up report published on Thursday.
"Many compromised organizations operate in verticals and industries aligned with Beijing's strategic objectives outlined in China's recent 14th Five Year Plan."
Might be a good time to buy shares in Tyson Foods...
Food giant JBS Foods shuts down production after cyberattackJBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack.
The incident impacted multiple JBS production facilities worldwide over the weekend, including those from the United States, Australia, and Canada.
JBS is currently the world's largest beef and poultry producer and the second-largest global pork producer, with operations in the United States, Australia, Canada, the United Kingdom, and more.
The company has a team of 245,000 employees around the world, serving an extensive portfolio of brands including Swift, Pilgrim's Pride, Seara, Moy Park, Friboi, Primo, and Just Bare to customers from 190 countries on six continents.
Seems the US is starting to take Ransomware seriously now:
US to Treat Ransomware Like Terrorism: US to Treat Ransomware Like Terrorism - Infosecurity Magazine
Ah, I remember those from years ago. As a teen, I'd fill the whole thing out. Bad choices.
Looks like we aren't going to see an end to price increases and supply shortages any time soon.
Cyberattacks on Transportation and Logistics System Witness a Surge
https://cyware.com/news/cyberattacks...surge-10d94d2b
Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet.
Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc.
According to data breach notifications filed with the California and Maine Attorney General's office, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.
On March 20th, VWGoA was notified by the vendor that an unauthorized person had accessed the data and may have obtained the customer information for Audi, Volkswagen, and some authorized dealers.
VWGoA states that the breach involved 3.3 million customers, with over 97% of those affected relating to Audi customers and interested buyers.
The data exposed varies per customer but could range from contact information to more sensitive information such as social security numbers and loan numbers.
"The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages," explains the VWGoA data breach notification first reported by TechCrunch.
"The data also included more sensitive information relating to eligibility for a purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers."
For those customers 90,000 customers who had more sensitive information exposed, Volkswagen is providing free credit protection and monitoring services, including $1 million of insurance against identity theft.
VWGoA began notifying affected customers and prospective customers yesterday via mail and warn that customers should be on the lookout for suspicious emails, calls, or texts.
Audi, Volkswagen data breach affects 3.3 million customers
Did buttplug ever rise to the challenge and hack Harrys passwords ?
There are currently 9 users browsing this thread. (0 members and 9 guests)