07 May 2021

Misconfigured Database Exposes 200K Fake Amazon Reviewers

A misconfigured database has allegedly exposed a coordinated scheme by Amazon vendors to boost product ratings through utilizing fake accounts and reviews. Security researchers at SafetyDetectives located a China-based Elasticsearch server that was exposed to the public online, lacking any password protection or encryption. After looking further into the exposed

Read More
07 May 2021

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Cisco has rolled out patches addressing severe vulnerabilities that could be exploited to perform remote code execution and privilege escalation. The flaws lie in the SD-WAN vManage Software. The bugs could allow an unauthenticated attacker to steal information from vulnerable networks. Cisco also disclosed a denial-of-service issue in the same

Read More
07 May 2021

Google Plans to Automatically Enable Two-Factor Authentication

Google is planning to eventually automatically enable two-factor authentication on users’ accounts to better secure them and prevent hacking. Google made the announcement on World Password Day, stating that it will ask people who have already enrolled themselves in the two-step verification feature to confirm their participation. Those who have

Read More
06 May 2021

Panda Stealer Targets Crypto Wallets

A new information stealer referred too as Panda is targeting cryptocurrency wallets and credentials for applications such as Telegram, NordVPN, Discord, and Steam. The Panda stealer uses spam emails to trick victims and a difficult-to-detect fileless distribution method deployed by Phobos ransomware. The attacks are primarily targeting users in Australia,

Read More
06 May 2021

Peloton’s Leaky API Spilled Riders’ Private Data

Due to a flaw in Peloton’s API, the personal data of its riders was exposed. The API leakage allegedly occurred after the company ignored a vulnerability disclosure from a penetration testing company. Although Peloton partially fixed the hole, they failed to fully secure the database. The news comes amid other

Read More
05 May 2021

Apple Issues Patches for Webkit Security Flaws

Apple has released security updates for vulnerabilities under active attack and affecting multiple products, including iOS, WatchOS, and iPadOS. The patches fix WebKit flaws that can be exploited by threat actors by utilizing maliciously crafted web content that ultimately leads to arbitrary code execution, according to Apple. The statement released

Read More
05 May 2021

Fake Vaccine Domain Seized

The United States Attorney’s Office for the District of Maryland has seized a fraudulent website impersonating a biotechnology company and seeking to steal data. The website was claiming to be giving away free vaccines, as indicated by the domain “freevaccinecovax .org.” The attackers fraudulently claimed to be a company developing

Read More
05 May 2021

This massive DDoS attack took large sections of a country’s internet offline

In Belgium, a huge distributed denial of service (DDoS) attack allegedly took down the websites of more than 200 Belgian organizations, including those in the government, education, and research industries. The attack began at 11 a.m. on Tuesday, overwhelming the websites with traffic and rendering the public-facing website front unusable

Read More
04 May 2021

Scripps Health Knocked Offline by Ransomware

Scripps Health, a leading Californian healthcare provider, has been hit by a cyberattack that forced the company to postpone appointments and take all of its systems offline. Scripps Health disclosed the attack over the weekend, stating that it detected suspicious activity on Saturday and was pushed to suspend some of

Read More
04 May 2021

Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool

Hewlett Packard Enterprise (HPE) has released a patch for a critical bug in its Edge Platform Tool. According to researchers, the bug can be exploited to conduct remote authentication bypass attacks, leading to the ability to inflict further damage to the targeted network. The company has urged its customers to

Read More