In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, … [Read more...] about 533 Million Facebook Users’ Phone Numbers and Personal Data Leaked Online
Users
MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed
Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential … [Read more...] about MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed
New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps
A newly discovered glitch in Zoom's screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not shared, but only briefly, thereby making it harder to exploit it in the wild. It's … [Read more...] about New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive review undertaken by the Open … [Read more...] about Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday. Brave ships with a built-in feature called "Private Window with Tor" that integrates the … [Read more...] about Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
Yandex Employee Caught Selling Access to Users’ Email Inboxes
Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain. "The employee was one of three system administrators with the … [Read more...] about Yandex Employee Caught Selling Access to Users’ Email Inboxes
How scammers lure Discord users to a fake cryptocurrency exchange
Discord was originally created for gamers, but thanks to its handy system of “servers” (communities), channels, and private messages, it’s brought in all kinds of people, from study groups to common-interest clubs — including fans of cryptocurrency. On their servers, traders discuss the latest on altcoins, investors share predictions, and scammers ponder how to cash in on both. … [Read more...] about How scammers lure Discord users to a fake cryptocurrency exchange
AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna … [Read more...] about AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users
How Organizations Can Prevent Users from Using Breached Passwords
There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door? No matter how extensive your security solutions are, protecting the various systems in your environment, your organization … [Read more...] about How Organizations Can Prevent Users from Using Breached Passwords
Trojanized Security Software Hits South Korea Users in Supply-Chain Attack
Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems. Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor … [Read more...] about Trojanized Security Software Hits South Korea Users in Supply-Chain Attack