Discord scammers lure victims with promise of free Nitro subscriptions
A number of bogus offers are doing the rounds in Discord land at the moment. Discord, a group text chat/VoiP...
News
GnuPG fixes a problem with Let’s Encrypt certificate chain validation
Despite advance warnings that a root certificate provided by Let’s Encrypt would expire on September 30, users reported issues with...
Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw
Apache Software Foundation has released HTTP Web Server 2.4.51 to completely address a vulnerability that has been actively exploited in...
Ransomware in the CIS
Introduction These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. In 2020–2021, with the outbreak...
FIN12 ransomware gang don’t implement double extortion to prioritize speed
Researchers detailed the activities of the FIN12 ransomware group that earned million of dollars over the past years. Researchers from...
US Navy ship Facebook page hijacked to stream video games
The official Facebook page of the US Navy’s destroyer-class warship, USS Kidd, has been hijacked. According to Task & Purpose,...
PoC exploit for 2 flaws in Dahua cameras leaked online
A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to...
Stop. Do you really need another security tool?
The last few years have seen a mushrooming of the number and type of security tools that organizations can use...
Twitch data breach updates: login credentials or card numbers not exposed
An anonymous individual has leaked the source code and data of the popular video streaming platform Twitch via a torrent...
Google to auto-enrol users, YouTubers into 2SV
Google’s announced some changes to how it’s helping millions of its users stay safe and secure. The biggest of those...
Operation GhostShell: MalKamak APT targets aerospace and telco firms
Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers...
Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs
Resecurity researchers dumped Gigabytes of data from Agent Tesla C2Cs, one of the most well-known cyberespionage tools suffers a data...
Twitch source code and sensitive data leaked online
An anonymous individual has leaked the source code and data of the popular video streaming platform Twitch via a torrent...
What special needs kids need to stay safe online
Online safety is hard enough for most adults. We reuse weak passwords, we click on suspicious links, and we love...
Patch now! Apache fixes zero-day vulnerability in HTTP Server
The Apache HTTP Server 2.4.49 is vulnerable to a flaw that allows attackers to use a path traversal attack to...
Arizona governor announces the launch of Command Center to protect state computer systems
The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of...
‘Twitch compromised’: What we know so far, and what you need to do
Big, breaking news going around at the moment. If you have a Twitch account, you may wish to perform some...
UK newspaper The Telegraph exposed a 10TB database with subscriber data
The UK media outlet The Telegraph has leaked 10 TB of subscriber data after failing to properly secure one of...
LANtenna attack allows exfiltrating data from Air-Gapped systems via Ethernet cables
Boffins devised a new technique, dubbed LANtenna, to exfiltrate data from systems in air-gapped networks using Ethernet cables as a...
Apache patch a zero-day flaw exploited in the wild
Apache has addressed two vulnerabilities, one of which is a path traversal and file disclosure flaw in its HTTP server...
Unnamed Ransomware gang uses a Python script to encrypt VMware ESXi servers
An unnamed ransomware gang used a custom Python script to target VMware ESXi and encrypt all the virtual machines hosted...
Facebook shoots own foot, hits Instagram and WhatsApp too
Mark Zuckerberg was left counting the personal cost of bad PR yesterday (about $6 billion, according to Bloomberg) on a...
Criminals were inside Syniverse for 5 years before anyone noticed
“A global privacy disaster”, “espionage gold”, and “a state-sponsored wet dream” are just some of the comments one can read...
Telco service provider giant Syniverse had unauthorized access since 2016
Syniverse service provider discloses a security breach, threat actors have had access to its databases since 2016 and gained some...
