Threat Post

23M Gamer Records Exposed in VIPGames Leak

Threat Post - 45 min 57 sec ago
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.
Categories: Threat Post

Criminal, Domestic Violence Case Info Exposed in Cook County Leak

Threat Post - 2 hours 57 min ago
Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records.
Categories: Threat Post

Nefilim Ransomware Gang Hits Jackpot with Ghost Account

Threat Post - 3 hours 6 min ago
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed.
Categories: Threat Post

North Korea Targets Security Researchers in Elaborate 0-Day Campaign

Threat Post - 5 hours 32 min ago
Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor.
Categories: Threat Post

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

Threat Post - 9 hours 21 min ago
A security flaw in TikTok could have allowed attackers to query query the platform's database – potentially opening up for privacy violations.
Categories: Threat Post

Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’

Threat Post - Mon, 01/25/2021 - 4:51pm
Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.
Categories: Threat Post

Outgoing FCC Chair Issues Final Security Salvo Against China

Threat Post - Mon, 01/25/2021 - 4:16pm
Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.
Categories: Threat Post

2.28M MeetMindful Daters Compromised in Data Breach

Threat Post - Mon, 01/25/2021 - 4:08pm
The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.
Categories: Threat Post

Cisco DNA Center Bug Opens Enterprises to Remote Attack

Threat Post - Mon, 01/25/2021 - 12:53pm
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.
Categories: Threat Post

SonicWall Breach Stems from ‘Probable’ Zero-Days

Threat Post - Mon, 01/25/2021 - 12:04pm
The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series.
Categories: Threat Post

Microsoft Edge, Google Chrome Roll Out Password Protection Tools

Threat Post - Fri, 01/22/2021 - 4:57pm
The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords.
Categories: Threat Post

Amazon Kindle RCE Attack Starts with an Email

Threat Post - Fri, 01/22/2021 - 4:55pm
The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims.
Categories: Threat Post

ADT Tech Hacks Home-Security Cameras to Spy on Women

Threat Post - Fri, 01/22/2021 - 2:08pm
A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.
Categories: Threat Post

Discord-Stealing Malware Invades npm Packages

Threat Post - Fri, 01/22/2021 - 1:35pm
The CursedGrabber malware has infiltrated the open-source software code repository.
Categories: Threat Post

Ransomware Attackers Publish 4K Private Scottish Gov Agency Files

Threat Post - Fri, 01/22/2021 - 12:30pm
Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve.
Categories: Threat Post

Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

Threat Post - Fri, 01/22/2021 - 7:45am
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.
Categories: Threat Post

Einstein Healthcare Network Announces August Breach

Threat Post - Thu, 01/21/2021 - 3:00pm
Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty.
Categories: Threat Post

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

Threat Post - Thu, 01/21/2021 - 2:42pm
Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm.
Categories: Threat Post

Google Forms Set Baseline For Widespread BEC Attacks

Threat Post - Thu, 01/21/2021 - 10:02am
Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms.
Categories: Threat Post

Google Searches Expose Stolen Corporate Credentials

Threat Post - Thu, 01/21/2021 - 9:00am
A phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments.
Categories: Threat Post