The operators behind the REvil ransomware-as-a-service (RaaS) staged a surprise return after a two-month hiatus following the widely publicized attack on technology services provider Kaseya on July 4. Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have resurfaced online, with the most recent victim added on July 8, … [Read more...] about Russian Ransomware Group REvil Back Online After 2-Month Hiatus
Online
Learn Ethical Hacking From Scratch — 18 Online Courses for Just $43
If you're reading this post, there is a pretty good chance you're interested in hacking. Ever thought about turning it into a career? The cybersecurity industry is booming right now, and ethical hacking is one of the most lucrative and challenging niches. It's open to anyone with the right skills. Featuring 18 courses from top-rated instructors, The All-In-One 2021 Super-Sized … [Read more...] about Learn Ethical Hacking From Scratch — 18 Online Courses for Just $43
533 Million Facebook Users’ Phone Numbers and Personal Data Leaked Online
In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, … [Read more...] about 533 Million Facebook Users’ Phone Numbers and Personal Data Leaked Online
Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that … [Read more...] about Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private … [Read more...] about Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online
On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA). Although the group has since signed off following the unprecedented disclosures, … [Read more...] about Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online
Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers … [Read more...] about Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Valve’s Steam Server Bugs Could’ve Let Hackers Hijack Online Games
Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected 3rd-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game … [Read more...] about Valve’s Steam Server Bugs Could’ve Let Hackers Hijack Online Games
Phishing and online scams on Amazon
Anyone who has had any contact with Amazon knows that, from time to time, you may come across scammers who parasitically exploit the marketplace’s popularity. They defraud all sorts of users: sellers, buyers, regular users, and one-time visitors. Even if you’ve never logged on to Amazon (real talk, though: never?), some of these scams can affect you, too. We’ll focus first on … [Read more...] about Phishing and online scams on Amazon
Distorting the truth: The roots of online political disinformation campaigns
On today’s episode of the Security Stories podcast we discuss the history of online manipulation campaigns, and how they’re used today to try and influence political elections. To do that, we welcome back Theresa Payton, the first female CIO of the White House and author of ‘Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth’. Also joining us is … [Read more...] about Distorting the truth: The roots of online political disinformation campaigns