A misconfigured database has allegedly exposed a coordinated scheme by Amazon vendors to boost product ratings through utilizing fake accounts and reviews. Security researchers at SafetyDetectives located a China-based Elasticsearch server that was exposed to the public online, lacking any password protection or encryption. After looking further into the exposed

Cisco has rolled out patches addressing severe vulnerabilities that could be exploited to perform remote code execution and privilege escalation. The flaws lie in the SD-WAN vManage Software. The bugs could allow an unauthenticated attacker to steal information from vulnerable networks. Cisco also disclosed a denial-of-service issue in the same

Google is planning to eventually automatically enable two-factor authentication on users’ accounts to better secure them and prevent hacking. Google made the announcement on World Password Day, stating that it will ask people who have already enrolled themselves in the two-step verification feature to confirm their participation. Those who have

A new information stealer referred too as Panda is targeting cryptocurrency wallets and credentials for applications such as Telegram, NordVPN, Discord, and Steam. The Panda stealer uses spam emails to trick victims and a difficult-to-detect fileless distribution method deployed by Phobos ransomware. The attacks are primarily targeting users in Australia,

Due to a flaw in Peloton’s API, the personal data of its riders was exposed. The API leakage allegedly occurred after the company ignored a vulnerability disclosure from a penetration testing company. Although Peloton partially fixed the hole, they failed to fully secure the database. The news comes amid other

Apple has released security updates for vulnerabilities under active attack and affecting multiple products, including iOS, WatchOS, and iPadOS. The patches fix WebKit flaws that can be exploited by threat actors by utilizing maliciously crafted web content that ultimately leads to arbitrary code execution, according to Apple. The statement released

The United States Attorney’s Office for the District of Maryland has seized a fraudulent website impersonating a biotechnology company and seeking to steal data. The website was claiming to be giving away free vaccines, as indicated by the domain “freevaccinecovax .org.” The attackers fraudulently claimed to be a company developing

In Belgium, a huge distributed denial of service (DDoS) attack allegedly took down the websites of more than 200 Belgian organizations, including those in the government, education, and research industries. The attack began at 11 a.m. on Tuesday, overwhelming the websites with traffic and rendering the public-facing website front unusable

Hackers suspected to have ties to Iran have reportedly targeted multiple Israeli companies with ransomware, representing a new campaign of attacks against the nation. The group calls itself N3tw0rm, or Networm, publishing evidence of different attacks to a dark website where they take responsibility for their hacks. On Sunday, the

Scripps Health, a leading Californian healthcare provider, has been hit by a cyberattack that forced the company to postpone appointments and take all of its systems offline. Scripps Health disclosed the attack over the weekend, stating that it detected suspicious activity on Saturday and was pushed to suspend some of