Major cybersecurity events on 28th December 2020 (Evening Post): Multi-platform card skimmer found on Shopify, BigCommerce stores. REvil hackers plan to leak photos of plastic surgery patients after massive hack. GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic.Continue readingThreat actors target Finnish politicians’ email accounts, 21 Buttons exposes millions of users’ data, and more
Category: CVE
Major cybersecurity events on 28th December 2020 (Morning Post): Misconfigured AWS Bucket exposes hundreds of social influencers. Kaspersky Lab and Yandex detects malicious browser extensions including Frigate Light, Frigate CDN and SaveFrom. Fake Amazon gift card emails deliver the malware.Continue readingiCloud outage causes account activation failure, GoDaddy apologizes for insensitive phishing email, and more
Major cybersecurity events on December 2020 (Evening Post): Millions stolen from online bank accounts following large-scale fraud operation. Google reports that Microsoft failed to fix a Windows zero-day flaw. Misconfigured AWS bucket exposes hundreds of social influencers.Continue readingIranian cyber actors threaten US election officials, Citrix confirms ongoing DDoS attack, and more
Major cybersecurity events on 22nd December 2020 (Morning Post): Nosy ex-partners armed with Instagram passwords pose a serious cybersecurity threat. Partial lists of organizations infected with Sunburst malware released online. Dell Wyse ThinOS flaws allow hacking thin clients.Continue readingTennCare breached, impacts 3,300 members, Hades ransomware gang targets Trucking giant Forward Air, and more
Major cybersecurity events on 18th December 2020 (Morning Post): Power supplier People’s Energy hacked, exposes 250,000 customers’ personal info. Emirati website leaks the personal information of thousands of Israelis, used to plan trips to Dubai. 5M WordPress sites run ‘Contact Form 7’ plugin with critical bugs.Continue readingSolarWinds breached Microsoft systems as well, Mednax Services notifies patients of data breach, and more
Major cybersecurity events on 16th December 2020 (Morning Post): Facebook removes disinformation accounts linked to Russia and French military. PyMICROPSIA Windows malware includes checks for Linux and macOS. Firefox patches critical mystery bug, also impacting Google Chrome.Continue readingPhishing scam targets Subway loyalty-card users, New Goontact spyware targets Android, iOS users, and more
Major cybersecurity events on 14th December 2020 (Evening Post): Russian Hackers Steal Data for Months in SolarWinds global supply chain attacks. Microsoft partially fixes Windows 10 Conexant audio driver issues. Robotic Process Automation vendor UiPath discloses data breach.Continue readingSensitive data of 2M CPC members exposed, Google outage affects Youtube, Gmail, Google services, and more
Major cybersecurity events on 14th December 2020 (Morning Post): Hackers backed by foreign govt. breach US Treasury, steal data. Major leak exposes members and ‘lifts the lid’ on the Chinese Communist Party. Former Cisco engineer gets two years in prison for Webex Teams hack.Continue readingSolarWinds breached, infects multiple US companies, Pay2Key compromises Habana Labs’ networks, and more
Major cybersecurity events on 10th December 2020 (Evening Post): njRAT Trojan operators use Pastebin as alternative to central command server. Leaky Elasticsearch server reveals massive Instagram click farm. Potential Starbucks remote code execution vulnerability uncovered and patched.Continue readingVermont Medical Center attack costs $1.5M a day, Steam flaws let gamers crash opponents’ computers, and more
Major cybersecurity events on 9th December 2020 (Evening Post): Phorpiex Botnet is the “Most Wanted Malware” in its Global Threat Index of November 2020. Microsoft fixes new Windows Kerberos security bug in staged rollout. Russian hackers exploit vulnerability in VMware Workspace ONE. Continue readingGlobal cybercrime losses cross $1 trillion mark, Hackers steal FireEye Red Team tools, and more