22 Jul 2019

Met Police hacked with bizarre tweets and emails posted

Last Friday, threat actors hacked into the London Metropolitan Police’s account for the MyNewsDesk public relations platform, and used their access to post unauthorised messages on the Met’s website and to send out unusual Tweets and emails from official Met accounts. The Met has launched an investigation into the incident.

Read More
22 Jul 2019

Over 60 US Colleges Compromised by ERP Exploit

A major vulnerability in popular enterprise resource planning (ERP) software has enabled threat actors to compromise at least 62 colleges in the United States, the US Department of Education recently warned. A NIST advisory states that the flaw, tracked as CVE-2019-8978, impacts Ellucian Banner ERP and “allows remote attackers to

Read More
19 Jul 2019

Bulgaria’s hacked database is now available on hacking forums

A database containing 11 GB worth of data on Bulgarian citizens that was recently leaked to local media outlets by an unidentified actor, is now available for download on hacking forums. The database allegedly contains only half of the information that was recently stolen from Bulgaria’s National Revenue Agency (NRA),

Read More
18 Jul 2019

Microsoft has warned 10,000 victims of state-sponsored hacking

In the past year, Microsoft informed about 10,000 users that state-backed hackers were targeting them. The number includes both victims and targets who were not compromised. The vast majority of targets were enterprise customers, i.e. businesses, with individual consumers accounting for about 10% of victims. Nearly all campaigns went after

Read More
17 Jul 2019

Sprint says hackers breached customer accounts via Samsung website

US mobile network operator Sprint has experienced a serious data breach affecting an unknown number of customers whose accounts were accessed by an unidentified third party via the Samsung.com “add a line” website. The company has reset all impacted accounts. According to Sprint, the compromised information includes “phone number, device

Read More
16 Jul 2019

Failures in Cybersecurity Fundamentals Still Primary Cause of Compromise: Report

Researchers with Secureworks warn that while threat actors are targeting firms with increasingly sophisticated attack campaigns, “the same issues and security gaps are blighting organizations’ ability to identify and respond to threats.” Common shortcomings in cybersecurity programs still include basic issues like poor visibility, lack of multi-factor authentication (MFA), and

Read More
16 Jul 2019

Instagram Account Takeover Vulnerability Earns Hacker $30,000

Facebook recently paid $30,000 to a security researcher who found a critical flaw that could have enabled threat actors to hack Instagram accounts by taking advantage of the app’s password recovery mechanism for mobile devices. Instagram forces users requesting a password change to enter a six-digit code within 10 minutes

Read More
16 Jul 2019

Hacker steals data of millions of Bulgarians, emails it to local media

An unidentified threat actor who claims to have stolen the personal data of more than five million Bulgarian citizens (out of a population of 7 million), has leaked 11 GB worth of data to local media outlets, while promising that an additional 10 GB of data will be shared soon.

Read More
15 Jul 2019

Beyond Wipro: Meet the ‘Gift Cardsharks’ Behind the Massive Campaign Targeting Victims with Commercially Available Tools

In April of this year various reports suggested that Indian IT outsourcing and consulting services giant Wipro experienced a significant breach affecting some of the companies it provided services to. Krebs On Security first reported the breach, based on accounts from various sources claiming that state-backed hackers had been lurking on Wipro’s

Read More
15 Jul 2019

Hacked Hair Straighteners Can Threaten Homes

New research by Pen Test Partners underscores how customers can be put at risk by manufacturers that add “smart” functionality to tools without properly reviewing the security implications. Researchers discovered that the Glamoriser hair straightener, the first hair straightener that supports Bluetooth, can easily be hacked. Moreover, by remotely controlling

Read More