Weare Police Department stolen data found for sale on the dark web
In a statement, town official disclosed that it was the victim of a malware attack launched between March 6-13, 2017.
The files that were set for sale were labeled ‘sex offender registration’, ‘payroll’ and ‘Chief Kelly employment agreement’.
https://cyware.com/news/weare-police-department-stolen-data-found-for-sale-on-the-dark-web-dc544d25
Topic: [ANN][ICO] HEROIC.com 🚀Decentralized Cybersecurity Powered by AI [PRESALE LIVE] (Read 28472 times)
June 04, 2019, 08:05:50 PM
June 02, 2019, 06:04:36 PM
Over 2.3 billion sensitive business data were exposed online in the last 12 months
This is a 50% increase when compared to the 1.5 billion files exposed during 2017-18.
The United States exposed the most data, accounting for over 326 million files.
Misconfigured online file storage technologies have exposed more than 2.3 billion corporate files in the last 12 months. This is an increase of 50% when compared to the 1.5 billion files exposed during 2017-18.
https://cyware.com/news/over-23-billion-sensitive-business-data-were-exposed-online-in-the-last-12-months-7eb85f56
This is a 50% increase when compared to the 1.5 billion files exposed during 2017-18.
The United States exposed the most data, accounting for over 326 million files.
Misconfigured online file storage technologies have exposed more than 2.3 billion corporate files in the last 12 months. This is an increase of 50% when compared to the 1.5 billion files exposed during 2017-18.
https://cyware.com/news/over-23-billion-sensitive-business-data-were-exposed-online-in-the-last-12-months-7eb85f56
May 30, 2019, 06:07:58 PM
Remote code execution flaw detected in Microsoft’s Notepad text editor
As per Project Zero’s vulnerability disclosure policy, Microsoft has to release a patch within 90 days of discovery of the flaw.
Failing to release a patch within the given timeline, will result in the disclosure of technical details of the flaw.
Microsoft’s Notepad text editor has been found to be vulnerable to a newly discovered remote code execution flaw.
https://cyware.com/news/remote-code-execution-flaw-detected-in-microsofts-notepad-text-editor-453ad196
As per Project Zero’s vulnerability disclosure policy, Microsoft has to release a patch within 90 days of discovery of the flaw.
Failing to release a patch within the given timeline, will result in the disclosure of technical details of the flaw.
Microsoft’s Notepad text editor has been found to be vulnerable to a newly discovered remote code execution flaw.
https://cyware.com/news/remote-code-execution-flaw-detected-in-microsofts-notepad-text-editor-453ad196
May 29, 2019, 06:58:07 PM
Nearly one million Windows systems are vulnerable to the recently patched BlueKeep vulnerability
The flaw is described as a wormable unauthenticated remote code execution flaw in Remote Desktop Protocol (RDP) services.
The flaw has the potential to cause destructions similar to the 2017’s WannaCry, NotPetya, and Bad Rabbit ransomware attacks.
New research has revealed that nearly one million Windows PCs are vulnerable to the recently patched BlueKeep vulnerability. Earlier, it was believed that there were nearly 7.6 million Windows systems impacted by the flaw.
https://cyware.com/news/nearly-one-million-windows-systems-are-vulnerable-to-the-recently-patched-bluekeep-vulnerability-5a12082f
The flaw is described as a wormable unauthenticated remote code execution flaw in Remote Desktop Protocol (RDP) services.
The flaw has the potential to cause destructions similar to the 2017’s WannaCry, NotPetya, and Bad Rabbit ransomware attacks.
New research has revealed that nearly one million Windows PCs are vulnerable to the recently patched BlueKeep vulnerability. Earlier, it was believed that there were nearly 7.6 million Windows systems impacted by the flaw.
https://cyware.com/news/nearly-one-million-windows-systems-are-vulnerable-to-the-recently-patched-bluekeep-vulnerability-5a12082f
May 28, 2019, 06:24:30 PM
Siemens Healthineers impacted by BlueKeep vulnerability
The impacted software products include MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo, and teamplay.
The impacted advanced therapy products include System ACOM, Sensis and VM SIS Virtual Server.
What is the issue?
Several medical products made by Siemens Healthineers are impacted by a recently patched Windows vulnerability dubbed ‘BlueKeep’.
https://cyware.com/news/siemens-healthineers-impacted-by-bluekeep-vulnerability-61fcf727
The impacted software products include MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo, and teamplay.
The impacted advanced therapy products include System ACOM, Sensis and VM SIS Virtual Server.
What is the issue?
Several medical products made by Siemens Healthineers are impacted by a recently patched Windows vulnerability dubbed ‘BlueKeep’.
https://cyware.com/news/siemens-healthineers-impacted-by-bluekeep-vulnerability-61fcf727
May 24, 2019, 06:28:51 PM
Mobile browsers of Chrome, Firefox, and Safari failed to warn phishing attacks for over a year
An academic research project revealed that the mobile browsers, from mid-2017 to the end of 2018, did not alert users about phishing pages.
Browsers that used the Google Safe Browsing blacklist service were the ones impacted.
It has been discovered that mobile applications of Chrome, Firefox, and Safari were not warning users of impeding phishing attacks from dangerous websites. A research project put forth by academics from Arizona State University in collaboration with PayPal unearthed the issue
https://cyware.com/news/mobile-browsers-of-chrome-firefox-and-safari-failed-to-warn-phishing-attacks-for-over-a-year-d16d013b
An academic research project revealed that the mobile browsers, from mid-2017 to the end of 2018, did not alert users about phishing pages.
Browsers that used the Google Safe Browsing blacklist service were the ones impacted.
It has been discovered that mobile applications of Chrome, Firefox, and Safari were not warning users of impeding phishing attacks from dangerous websites. A research project put forth by academics from Arizona State University in collaboration with PayPal unearthed the issue
https://cyware.com/news/mobile-browsers-of-chrome-firefox-and-safari-failed-to-warn-phishing-attacks-for-over-a-year-d16d013b
May 23, 2019, 06:55:39 PM
Another zero-day vulnerability discovered in Windows 10
A security researcher known as ‘SandboxEscaper’ revealed this new zero-day and also publoshed an exploit code.
The vulnerability could be abused by malware or by malicious actors logged into Windows 10 systems, to gain admin-level privileges.
A new zero-day vulnerability in Windows 10 has been revealed online. The vulnerability was disclosed by a bug hunter called ‘SandboxEscaper’, who had earlier exposed other Windows zero-day flaws. This recent one is a privilege escalation vulnerability, which upon successful exploitation, can allow attackers to take full control of Windows 10 systems.
A security researcher known as ‘SandboxEscaper’ revealed this new zero-day and also publoshed an exploit code.
The vulnerability could be abused by malware or by malicious actors logged into Windows 10 systems, to gain admin-level privileges.
A new zero-day vulnerability in Windows 10 has been revealed online. The vulnerability was disclosed by a bug hunter called ‘SandboxEscaper’, who had earlier exposed other Windows zero-day flaws. This recent one is a privilege escalation vulnerability, which upon successful exploitation, can allow attackers to take full control of Windows 10 systems.
May 22, 2019, 07:00:12 PM
Over 49 Million Records Belonging to Instagram Influencers Exposed Due to Unprotected AWS bucket
The database contained public data scraped from Instagram accounts including their bio, profile picture and the number of followers.
The database also leaked private contact information of some Instagram account owners.
An unprotected AWS bucket has exposed over 49 million records of Instagram influencers on the internet. The affected individuals include celebrities, food bloggers and brand accounts.
https://cyware.com/news/over-49-million-records-belonging-to-instagram-influencers-exposed-due-to-unprotected-aws-bucket-6b94d653
The database contained public data scraped from Instagram accounts including their bio, profile picture and the number of followers.
The database also leaked private contact information of some Instagram account owners.
An unprotected AWS bucket has exposed over 49 million records of Instagram influencers on the internet. The affected individuals include celebrities, food bloggers and brand accounts.
https://cyware.com/news/over-49-million-records-belonging-to-instagram-influencers-exposed-due-to-unprotected-aws-bucket-6b94d653
May 20, 2019, 05:58:09 PM
Unpatched Ethereum clients could pose risk of 51% attack, says report
A significant number of unpatched nodes were found in popular clients such as Parity-Ethereum and Geth.
Attackers could leverage these vulnerable nodes to carry out 51 percent attacks.
Ethereum may be the second most-favorite among blockchain users but research has uncovered serious security vulnerabilities found across the platform. As per a blog published by Security Research Labs, vulnerabilities in the Ethereum ecosystem were mainly due to unpatched nodes in the network. These nodes were of popular clients such as Parity-Ethereum and Geth.
https://cyware.com/news/unpatched-ethereum-clients-could-pose-risk-of-51-attack-says-report-c866c056
A significant number of unpatched nodes were found in popular clients such as Parity-Ethereum and Geth.
Attackers could leverage these vulnerable nodes to carry out 51 percent attacks.
Ethereum may be the second most-favorite among blockchain users but research has uncovered serious security vulnerabilities found across the platform. As per a blog published by Security Research Labs, vulnerabilities in the Ethereum ecosystem were mainly due to unpatched nodes in the network. These nodes were of popular clients such as Parity-Ethereum and Geth.
https://cyware.com/news/unpatched-ethereum-clients-could-pose-risk-of-51-attack-says-report-c866c056
May 19, 2019, 06:51:01 PM
Cybercriminals break into production systems of Stack Overflow
Stack Overflow mentioned that the attackers gained access to production systems on May 11.
However, it says that no customer or user data was breached due to the incident.
Stack Overflow, a popular online forum for programmers and computer professionals, was breached by attackers. Production systems belonging to Stack Overflow were the prime target in this incident.
https://cyware.com/news/cybercriminals-break-into-production-systems-of-stack-overflow-b9c149c6
Stack Overflow mentioned that the attackers gained access to production systems on May 11.
However, it says that no customer or user data was breached due to the incident.
Stack Overflow, a popular online forum for programmers and computer professionals, was breached by attackers. Production systems belonging to Stack Overflow were the prime target in this incident.
https://cyware.com/news/cybercriminals-break-into-production-systems-of-stack-overflow-b9c149c6
May 18, 2019, 09:50:56 AM
Unprotected database exposes the personal information of almost 8 million people in the US
The leaky database has exposed the personal information of almost 8 million people who had participated in online surveys, contests, and requests for free product samples.
The exposed information includes names, addresses, email addresses, phone numbers, dates of birth, gender, and IP addresses.
Security researcher Sanyam Jain has uncovered an unprotected Elasticsearch database that has been left publicly accessible without any authentication.
https://cyware.com/news/unprotected-database-exposes-the-personal-information-of-almost-8-million-people-in-the-us-485a97c2
The leaky database has exposed the personal information of almost 8 million people who had participated in online surveys, contests, and requests for free product samples.
The exposed information includes names, addresses, email addresses, phone numbers, dates of birth, gender, and IP addresses.
Security researcher Sanyam Jain has uncovered an unprotected Elasticsearch database that has been left publicly accessible without any authentication.
https://cyware.com/news/unprotected-database-exposes-the-personal-information-of-almost-8-million-people-in-the-us-485a97c2
May 17, 2019, 06:54:34 PM
Medicare details of Australians available for sale in the darknet
Medicare Madness product listings suggest that Medicare details of Australians are available for sale since September 2018.
These listings are available to “verified customers only” who have previously purchased products worth at least $200.
After two years of Medicare data leak, the Medicare details belonging to Australians are still available for sale in the Empire Market.
https://cyware.com/news/medicare-details-of-australians-available-for-sale-in-the-darknet-facbf14e
Medicare Madness product listings suggest that Medicare details of Australians are available for sale since September 2018.
These listings are available to “verified customers only” who have previously purchased products worth at least $200.
After two years of Medicare data leak, the Medicare details belonging to Australians are still available for sale in the Empire Market.
https://cyware.com/news/medicare-details-of-australians-available-for-sale-in-the-darknet-facbf14e
May 16, 2019, 05:04:46 PM
Multiple Russian government sites leak passport and personal data of over 2.25 million citizens
Begtin uncovered almost 23 Russian government sites that leak SNILS numbers and almost 14 sites that leak passport details.
The leaked passport and personal details also belonged to several high-profile Russian government officials including the deputy chairman of the Russian Duma (Parliament) Alexander Zhukov, former deputy prime minister Arkady Dvorkovich, and former deputy prime minister Anatoly Chubais.
https://cyware.com/news/multiple-russian-government-sites-leak-passport-and-personal-data-of-over-225-million-citizens-483f4c08
May 14, 2019, 10:20:07 AM
Bug in Twitter led to collection and sharing of users’ geolocation data with its partner
Twitter inadvertently collected and shared iOS users’ location data with one of its partners.
Twitter confirmed that the partner did not retain the shared data and deleted the data as part of their normal process.
Twitter has disclosed a bug in its platform that collects iOS app users’ location data and shares with one of its partners.
https://cyware.com/news/bug-in-twitter-led-to-collection-and-sharing-of-users-geolocation-data-with-its-partner-f2ebc19c
Twitter inadvertently collected and shared iOS users’ location data with one of its partners.
Twitter confirmed that the partner did not retain the shared data and deleted the data as part of their normal process.
Twitter has disclosed a bug in its platform that collects iOS app users’ location data and shares with one of its partners.
https://cyware.com/news/bug-in-twitter-led-to-collection-and-sharing-of-users-geolocation-data-with-its-partner-f2ebc19c
May 11, 2019, 06:00:16 PM
Crippling ransomware attacks targeting US cities on the rise
New York (CNN)Targeted ransomware attacks on local US government entities -- cities, police stations and schools -- are on the rise, costing localities millions as some pay off the perpetrators in an effort to untangle themselves and restore vital systems.
https://edition.cnn.com/2019/05/10/politics/ransomware-attacks-us-cities/index.html
New York (CNN)Targeted ransomware attacks on local US government entities -- cities, police stations and schools -- are on the rise, costing localities millions as some pay off the perpetrators in an effort to untangle themselves and restore vital systems.
https://edition.cnn.com/2019/05/10/politics/ransomware-attacks-us-cities/index.html
May 08, 2019, 06:18:54 PM
Hackers stole over $41 million from Binance cryptocurrency exchange
Hackers also withdrew 7,000 Bitcoin, worth nearly $41 million from Binance’s hot wallet.
Binance cryptocurrency exchange suffered a security breach on May 7, 2019, wherein hackers stole users’ API keys, two-factor authentication codes, and other information. Hackers also withdrew 7,000 Bitcoin, worth nearly $41 million from Binance’s hot wallet.
https://cyware.com/news/hackers-stole-over-41-million-from-binance-cryptocurrency-exchange-1d24db61
Hackers also withdrew 7,000 Bitcoin, worth nearly $41 million from Binance’s hot wallet.
Binance cryptocurrency exchange suffered a security breach on May 7, 2019, wherein hackers stole users’ API keys, two-factor authentication codes, and other information. Hackers also withdrew 7,000 Bitcoin, worth nearly $41 million from Binance’s hot wallet.
https://cyware.com/news/hackers-stole-over-41-million-from-binance-cryptocurrency-exchange-1d24db61
May 06, 2019, 05:36:32 PM
Attackers delete GitHub, GitLab, and Bitbucket repositories and replace with ransom notes
A GitHub search revealed almost 400 Github repositories that have been targeted in this manner.
According to BitcoinAbuse.com, there have been 27 abuse reports and all the abuse reports include the same ransom note.
https://cyware.com/news/attackers-delete-github-gitlab-and-bitbucket-repositories-and-replace-with-ransom-notes-da4e9e36
A GitHub search revealed almost 400 Github repositories that have been targeted in this manner.
According to BitcoinAbuse.com, there have been 27 abuse reports and all the abuse reports include the same ransom note.
https://cyware.com/news/attackers-delete-github-gitlab-and-bitbucket-repositories-and-replace-with-ransom-notes-da4e9e36
May 03, 2019, 07:02:22 PM
This is really something to worry about, as SAP is the most common software used by accountants in most of companies.
Around 50000 firms that use SAP solutions left vulnerable with new exploits
The exploits could be used by attackers to fully compromise SAP applications as well as delete all business data.
Vulnerabilities present in SAP NetWeaver installations were primarily targeted by these exploits.
Around 50,000 companies using SAP software are at great risks as new exploits target software configuration flaws. A recent report by cybersecurity firm Onapsis has detailed these exploits, which can cripple SAP-based systems. According to the report, about a million systems were discovered to be affected.
https://cyware.com/news/around-50000-firms-that-use-sap-solutions-left-vulnerable-with-new-exploits-4d36a052
Around 50000 firms that use SAP solutions left vulnerable with new exploits
The exploits could be used by attackers to fully compromise SAP applications as well as delete all business data.
Vulnerabilities present in SAP NetWeaver installations were primarily targeted by these exploits.
Around 50,000 companies using SAP software are at great risks as new exploits target software configuration flaws. A recent report by cybersecurity firm Onapsis has detailed these exploits, which can cripple SAP-based systems. According to the report, about a million systems were discovered to be affected.
https://cyware.com/news/around-50000-firms-that-use-sap-solutions-left-vulnerable-with-new-exploits-4d36a052
May 01, 2019, 06:56:18 PM
Financial and private data of dozens of IT giants’ leaked following a cyber attack at CITYCOMP
The affected companies include the names of Oracle, Airbus, Toshiba and Volkswagen.
CITYCOMP revealed that it had fallen victim to a ‘targeted’ cyber attack in early April this year.
Cybercriminals have hacked German-based CITYCOMP internet service provider in order to steal financial data of dozens of companies. The affected companies include the names of Oracle, Airbus, Toshiba and Volkswagen.
https://cyware.com/news/financial-and-private-data-of-dozens-of-it-giants-leaked-following-a-cyber-attack-at-citycomp-ac28b54c
The affected companies include the names of Oracle, Airbus, Toshiba and Volkswagen.
CITYCOMP revealed that it had fallen victim to a ‘targeted’ cyber attack in early April this year.
Cybercriminals have hacked German-based CITYCOMP internet service provider in order to steal financial data of dozens of companies. The affected companies include the names of Oracle, Airbus, Toshiba and Volkswagen.
https://cyware.com/news/financial-and-private-data-of-dozens-of-it-giants-leaked-following-a-cyber-attack-at-citycomp-ac28b54c
April 29, 2019, 06:33:58 PM
BabyShark malware continues to target nuclear and cryptocurrency industries
The malware has been found using two other malware as secondary payloads.
They malware used as secondary payloads - KinJongRAT and PCRat - are referred to as ‘Cowboys’.
In February 2019, a new malware family named BabyShark was found targeting national security think tanks and academic institutions in the US. In the campaign, the malware was used primarily used to collect secrets and sensitive details from the targets.
https://cyware.com/news/babyshark-malware-continues-to-target-nuclear-and-cryptocurrency-industries-40e04829
Jump to: