Round Up of Major Breaches and Scams
A new phishing campaign can bypass multi-factor authentication (MFA) on Office 365 to access victims’ data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found.
The Luxemburger Wort reported on the data leak on Tuesday morning. Around one gigabyte of data is thought to have been compromised and passed to a member of the press. On Tuesday, Eippers told RTL-Journal the leak concerned internal documents from the Luxembourg justice system. Although some of the documents were public, the leak also included internal notes, reports, protocols and email exchanges.
Covve, the popular address book app, has been identified as the source of a data breach that exposed the details of nearly 23 million individuals. Troy Hunt, founder of Have I Been Pwned?, tweeted on Saturday (May 16) that the app had been pinpointed as the source of a publicly accessible database that he had been investigating since February.
Round Up of Major Malware and Ransomware Incidents
WooCommerce is a highly popular open-source eCommerce plugin for WordPress that allows site owners to easily set up their own online store. With more than 5 million installations, it is one of the biggest eCommerce platforms and is often targeted by cybercriminals for financial gain.
Round Up of Major Vulnerabilities and Patches
A Taiwanese security researcher published details today about three vulnerabilities in the firmware of QNAP network-attached storage (NAS) devices. Henry Huang, the security researcher, said the bugs reside in Photo Station, a photo album app that comes preinstalled with all recent versions of QNAP NAS systems.
Researchers Aleksandar Nikolic and Cory Duplantis from Cisco Talos discovered multiple vulnerabilities including two code execution flaws and one information disclosure flaw in Nitro Pro PDF reader. Cisco Talos reported the said vulnerabilities in accordance with their disclosure policy to Nitro PDF. Thus, these issues have now been resolved and an update is made available for its affected customers.