Round Up of Major Breaches and Scams
State police say they were notified on June 20 by Netsential that a data breach may have included information from the Maine Information and Analysis Center, or MIAC. The agency has contracted the Houston, Texas-based company, which provides web hosting services to hundreds of law enforcement and government agencies across the country, since 2017.
The number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, telemetry data shows. With the increase of remote workers during the COVID-19 period, many users no longer relied on the infrastructure monitored by the company to access sensitive information on the network.
The Security and Exchange Commission (SEC) has warned investors away from dealing with iBSmartify Nigeria cryptocurrency offerings in an effort to clamp down on crypto-related scams and unregulated products. For many the cryptocurrency sector is an innovative, interesting marketplace that can provide lucrative returns on the purchase of crypto, acting as an alternative market to traditional financial products.
Over one million North American students have had their data exposed after a popular online learning platform left it in a publicly accessible cloud database, according to vpnMentor. Researchers from the firm claimed that the Elasticsearch database belonging to provider OneClass was left completely unsecured.
A hacking campaign is targeting Roblox accounts to support President Trump in the upcoming U.S. Presidential elections in November. Roblox is an online gaming platform that allows members to create games and publish them for others to play. With over 100 million monthly active users and consistently in the top hundred sites globally, Roblox is an immensely popular gaming platform.
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020. When a company is breached, threat actors will typically download accessible databases, including account records. These databases are then sold directly to other threat actors, or the hackers utilize data breach brokers to sell them on their behalf.
Round Up of Major Malware and Ransomware Incidents
The malicious code was first documented by researchers from the NCC Group’s report and later Symantec published its own analysis. Security experts from Symantec reported that at least 31 organizations in the United States have been targeted with the recently discovered WastedLocker ransomware. According to the experts, the malware was developed by the Russian cybercrime crew known as Evil Corp.
Round Up of Major Vulnerabilities and Patches
A popular Wi-Fi extender for the home has multiple unpatched vulnerabilities, including the use of a weak, default password, according to researchers. Also, two of the bugs could allow complete remote control of the device. The flaws have been found in Tenda PA6 Wi-Fi Powerline extender, version 22.214.171.124, which extends the wireless network throughout the house using HomePlug AV2 technology.
Eclypsium last year analyzed device drivers from major vendors and found that over 40 drivers made by 20 companies contained serious vulnerabilities that could be exploited to deploy persistent malware. The firm now warns that the Windows drivers used in ATMs and PoS devices can be highly useful to threat actors targeting these types of systems.
US Cyber Command said today that foreign state-sponsored hacking groups are likely to exploit a major security bug disclosed today in PAN-OS, the operating system running on firewalls and enterprise VPN appliances from Palo Alto Networks. “Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use,” US Cyber Command said in a tweet today.
As reported by MacRumors, eager Apple developers are already posting benchmarks on the developer transition kits for Macs with Apple silicon. These kits are based on the Mac mini chassis but include ARM-derived Apple silicon rather than Intel CPUs. Before we dig in, it’s important to note a few caveats. First, the CPU included in these developer kits may or may not reflect the CPUs included in future Apple Macs.