Collaborate Disseminate
A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results. Continue reading Health Website Leaks 8 Million COVID-19 Test Results
The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system. Continue reading VMWare Patches Critical RCE Flaw in vCenter Server
A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attac… Continue reading Finnish IT Giant Hit with Ransomware Cyberattack
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation. Continue reading Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered. Continue reading SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps
Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups. Continue reading Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed. Continue reading Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack. Continue reading Florida Water Plant Hack: Leaked Credentials Found in Breach Database
Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers. Continue reading Various Malware Lurks in Discord App to Target Gamers
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. Continue reading Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple