24 Nov 2020

Up to 350,000 Spotify Users Targeted by Credential Stuffers

Spotify users have been targeted by credential stuffers in a massive attack campaign discovered by a team at vpnMentor on July 3. According to vpnMentor, the database contained hundreds of millions of user records and was hosted on a completely unsecured Easticsearch server. The database contained 72GB of information, including

Read More
24 Nov 2020

TikTok Awards Nearly $4,000 for Account Takeover Vulnerabilities

TikTok has awarded a researcher $4,000 for uncovering and reporting vulnerabilities that could have been exploited to perform account takeover. The bugs were found by Muhammed Taskiran, a German cybersecurity researcher. Taskiran reported the flaws in August, and they have since been patched by the social media platform. Taskiran states

Read More
23 Nov 2020

Major Power Outage in India Possibly Caused by Hackers

A major power outage that occurred in mid-October in Mumbai, India, may have been the work of some sophisticated hackers. The outage impacted India’s biggest city, causing significant traffic disruption and wreaked havoc on public transportation such as trains and buses. According to authorities, it took two hours to restore

Read More
23 Nov 2020

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Cybercriminals are increasingly exploiting Google Services to conduct phishing and business email compromise (BEC) attacks, according to research firm Armorblox. Attackers are leveraging services provided by Google, such as Forms, Firebase, Docs, and more. A report from Armorblox shows how Google Forms and Docs are being used by malicious actors

Read More
23 Nov 2020

GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave

GoDaddy employees have allegedly fallen victim to a series of social engineering phishing scams that led them to facilitate attacks on multiple cryptocurrency exchanges. The scam duped employees into changing email and registration records which were then used by cyberattackers to launch attacks on other organizations. The incident was reported

Read More
20 Nov 2020

A Facebook Messenger Flaw Could Have Let Hackers Listen In

Facebook has been hosting a bug bounty program for roughly 10 years, which has provided the company with hundreds of bug reports before Facebook employees noticed any vulnerabilities. Recently, Facebook paid out $60,000 to an ethical hacker for reported a bug in Facebook Messenger that could have allowed an attacker

Read More
20 Nov 2020

Raytheon Employee Jailed for Exporting Missile Data to China

Wei Sun, a former Raytheon employee, has been convicted in the United States on charges related to exporting sensitive military data to China. Sun was an electrical engineer for Raytheon for a decade. This past February, Sun pled guilty to violating the Arms Export Control Act by taking a Raytheon-issued

Read More
20 Nov 2020

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Researchers have found that robot vacuums are vulnerable to eavesdropping through cyberattacks while inside their homes. Light Detection and Ranging (LiDAR) sensors on robot vacuums contain a bug that could allow an attacker to listen to private conversations. LiDAR technology allows these vacuum robots to navigate around floor obstacles as

Read More
19 Nov 2020

UN and Europol Warn of Growing AI Cyber-Threat

Europol and the UN have released an alarming new report detailing how cybercriminals use malicious targeting and abuse of artificial intelligence to conduct cyberattacks. The report predicts that AI will become increasingly popular among adversaries, who will utilize it both as an attack vector and surface. Threat actors are seeking

Read More
19 Nov 2020

Microsoft gives Linux a security boost with these new attack detection tools

Microsoft has added new endpoint detection and response capabilities to Linux machines. The new features were made public through a preview feature. This will allow for Linux users to be better protected against threats and have the ability to take action quickly when one arises. Linux EDR will also help

Read More