23 Oct 2020

63 billion credential stuffing attacks hit retail, hospitality, travel industries

Security firm Akamai has published a report detailing criminal activity pertaining to a massive wave of credential stuffing attacks targeting the retail, travel, and hospitality industries. The campaign occurred between July of 2018 and June 2020. Akamai’s report includes examples of advertisements on the darknet demonstrating how cybercriminals gain financial

Read More
23 Oct 2020

Botnet Infects Hundreds of Thousands of Websites

A botnet called KashmirBlack has been infecting thousands of websites running on content management systems such as WordPress, Joomla, and Drupal. The botnet uses Dropbox and GitHub to avoid detection and is focused on spamming and defacing hundreds of thousands of websites.  Security firm Imperva was the first to report

Read More
23 Oct 2020

Nvidia tackles code execution flaws, data leaks in GeForce Experience

Nvidia released a security update yesterday that fixed several high severity flaws in the GeForce Experience software. The patch update addresses issues in all versions of GeForce Experience 3.20.5.70 on Windows and below. According to Nvidia, the flaws could lead to denial of service, escalation of privileges, code execution, or

Read More
22 Oct 2020

Oracle Releases Another Mammoth Security Patch Update

Oracle released a massive critical patch update earlier this week consisting of 402 patches for vulnerabilities across 29 product sets. This marks the second quarter this year that Oracle’s critical patch update (CPU) contained more than 400 fixes. The vulnerabilities fixed this quarter include several issues that would allow for

Read More
22 Oct 2020

Voter Websites In California And Florida Could Be Vulnerable To Hacks, Report Finds

In July, the Department of Homeland Security allegedly received a report from two cybersecurity firms detailing a vulnerability in the online voter registration systems used by counties in California and Florida. The researchers warned that hackers could leverage an old flaw that allowed them to change voter registration files four

Read More
21 Oct 2020

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

According to researchers, due to a misconfigured Google Cloud storage bucket, hundreds of medical patients taking cancer drugs including Aromasin, Ibrance, and others are now vulnerable to phishing attacks as well as malware and identity fraud. The company hosting the leaked information, pharmaceutical giant Pfizer, left the Google Cloud storage

Read More
21 Oct 2020

Adobe releases another out-of-band patch, squashing critical bugs across creative software

Yesterday, Adobe released another out-of-band patch, occurring outside of the company’s typical monthly security fix release cycle. The updates impact Adobe Illustrator, Dreamweaver, Marketo, After Effects, Photoshop, Animate, Premiere Pro, and other popular applications on both Windows and macOS machines. The first app the tech giant patched was Illustrator, which

Read More
20 Oct 2020

GravityRAT Comes Back to Earth with Android, macOS Spyware

According to researchers, the cybercriminals behind the creation of the sophisticated GravityRAT spyware have released new variants for macOS and Android. This marks the first time the operators behind the remote access trojan have administered new versions since its formation in 2015. According to researchers from Kaspersky, the group has

Read More
20 Oct 2020

Google’s Waze Can Allow Hackers to Identify and Track Users

Google’s Waze app contains a serious security vulnerability that allows hackers to identify users and track their locations. The flaw has since been patched and was an API flaw that allowed security researcher Peter Gasper to use the app to uncover the true identity of drivers using it. Gasper is

Read More
20 Oct 2020

US charges Russian GRU officers for NotPetya, other major hacks

On Monday, the Justice Department announced that a federal grand jury had charged six Russian intelligence officers labeled the Sandword team responsible for notoriously destructive attacks spanning the globe. The group has been traced back to the 2017 NotPetya outbreak that caused over $1 billion in damage to US organizations

Read More