Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E01
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
Security
Gang arrested for SIM-swapping celebrities, stealing $100 million
The UK’s National Crime Agency (NCA)—working alongside the US Secret Service, Homeland Security, the FBI, Europol, and the District Attorney’s...
Yandex Suffers Data Breach, Exposes Email Accounts
Russian internet and search organization Yandex declared on Friday that one of its system administrators had enabled unapproved access to...
US court sentenced Ukrainian to seven years in prison for electronic fraud
A court in the United States has sentenced Ukrainian citizen Alexander Musienko to more than seven years in prison for...
RansomExx Gang Target French Health Insurance Company in a Ransomware Attack
Mutuelle Nationale des Hospitaliers (MNH), a French health insurance company has been hit by a ransomware attack that has severely...
PayPal Suffered Cross-Site Scripting -XSS Vulnerability
The PayPal currency converter functionality was damaged by severe cross-site scripting (XSS) vulnerability. An attacker might be able to run...
FBI Warns About Using TeamViewer and Windows 7
The FBI issued this week a Private Industry Notification (PIN) caution to warn organizations about the dangers of utilizing obsolete...
Spam and phishing in 2020
Figures of the year In 2020: The share of spam in email traffic amounted to 50.37%, down by 6.14 p.p....
Gitlab-Watchman – Monitoring GitLab For Sensitive Data Shared Publicly
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally....
OSV – Open Source Vulnerability DB And Triage Service
OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and...
The malicious code in SolarWinds attack was the work of 1,000+ developers
Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed...
French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine
An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the...
The kingpin behind Joker’s Stash retires with a billionaire exit
The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement. Cybercriminal behind the...
Russian explained why hackers steal personal data of CD Projekt RED employees
Hackers have broken into the Polish development studio CD Projekt RED, the authors of the sensational game Cyberpunk 2077, and...
Fraudsters Target US Tax Experts in Ongoing Phishing Campaign
Scammers are targeting US tax professionals in ongoing series of phishing attacks to steal Electronic Filling identification Numbers (EFINs). The...
Romania’s Iimobiliare.ro Website Suffer Major Security Breach
The website Iimobiliare.ro, Romania's biggest advertisement platform for real estate ads, was infringed last December by a security breach that...
Adorcam Leaks Thousands of Webcam Accounts
A webcam application installed by a huge number of clients left an uncovered database loaded with client information on the...
UDdup – Urls De-Duplication Tool For Better Recon
The tool gets a list of URLs, and removes "duplicate" pages in the sense of URL patterns that are probably...
Damn-Vulnerable-GraphQL-Application – Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook’s GraphQL Technology, To Learn And Practice GraphQL Security
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.About DVGADamn...
PayPal addresses reflected XSS bug in user wallet currency converter
PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets. PayPal has...
Security Affairs newsletter Round 301
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
FBI’s alert warns about using Windows 7 and TeamViewer
The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account...
Court documents show FBI could use a tool to access private Signal messages on iPhones
Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court...
Sift Exposes New Telegram Fraud Scheme to Exploit Restaurants and Food Delivery Apps
As the popularity of food delivery apps is increasing with each passing day so is the revenue, as a consequence, these apps...
