Sat.Jul 11, 2020 - Fri.Jul 17, 2020

Introducing the PhishingKitTracker

Security Affairs

Experts that want to to study phishing attack schema and Kit-composition can use the recently PhishingKitTracker, which is updated automatically. If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits.

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online.

Sales 208

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Malware Hidden in Chinese Tax Software

Data Breach Today

Access 213

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

WIRED Threat Level

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting. Security Security / Security News

IT 113

Who’s Behind Wednesday’s Epic Twitter Hack?

Krebs on Security

Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams.

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries.

More Trending

Cybersecurity Leaders: Invest In Your People

Dark Reading

Training, especially cross-training, is insanely powerful when team members are able to experience, train, and work together. It also builds trust

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon.

Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

Security Affairs

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link].

LiveAuctioneers Confirms Breach After Records Posted for Sale

Data Breach Today

CloudSEK: 3.4 Million Customers' Records Being Marketed on Darknet Auction website LiveAuctioneers has acknowledged that it sustained a data breach in June. The announcement came after threat intelligence firm CloudSEK reported that it discovered about 3.4

Sales 219

Cybercriminals Targeted Streaming Services to Provide Pandemic Entertainment

Dark Reading

Prior to 2020, about 1 in 5 credential attacks targeted video services, but that's nothing compared to the first quarter of 2020, according to newly published data

103
103

NSA on Securing VPNs

Schneier on Security

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information.

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported.

Sales 108

Billing Vendor Breach Affects 275,000

Data Breach Today

Not Yet Clear How Many of Firm's Healthcare Clients Were Affected Some 275,000 individuals served by a variety of healthcare sector organizations had data exposed as a result of a breach at Houston-based billing and debt collection vendor Benefit Recovery Specialists Inc.

220
220

Major Flaws Open the Edge to Attack

Dark Reading

Attackers are using critical exploits for flaws in VPN appliances, app-delivery services, and other network-edge hardware and software to punch through corporate perimeters. What can companies do

94

Twitter Hackers May Have Bribed an Insider

Schneier on Security

Motherboard is reporting that this week's Twitter hack involved a bribed insider. Twitter has denied it. I have been taking press calls all day about this. And while I know everyone wants to speculate about the details of the hack, we just don't know -- and probably won't for a couple of weeks.

IT 96

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A.,

The Insider Threat: A Growing Concern

Data Breach Today

212
212

How Two-Factor Authentication Keeps Your Accounts Safe

WIRED Threat Level

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier. Security Security / Security Advice

Enigma Machine for Sale

Schneier on Security

A four-rotor Enigma machine -- with rotors -- is up for auction. encryption enigma historyofcryptography historyofsecurity

Sales 95

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software.

Brazilian Banking Trojans Spread to Other Nations

Data Breach Today

Kaspersky: Fraudsters Now Target North America, Europe, Latin America The operators behind a family of Brazilian banking Trojans are expanding their operations to other parts of Latin America as well as North America and Europe, according to Kaspersky.

A New Map Shows the Inescapable Creep of Surveillance

WIRED Threat Level

The Atlas of Surveillance shows which tech law enforcement agencies across the country have acquired. It's a sobering look at the present-day panopticon. Security Security / Privacy

IT 94

Zero-Trust Efforts Rise with the Tide of Remote Working

Dark Reading

With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited.

Several Prominent Twitter Accounts Hijacked in Crypto Scam

Data Breach Today

Joe Biden, Bill Gates, Barack Obama, Elon Musk Among Those Affected by Hacking Several prominent business executives and politicians, including Joe Biden, Elon Musk and Bill Gates, had their Twitter accounts hijacked in what appears to be a cryptocurrency scam, according to media reports.

A Twitter Hacking Spree Hits Musk, Obama, Apple, and More

WIRED Threat Level

An unprecedented “security incident” has rocked Twitter—and scammers are making off with huge amounts of bitcoin. Security Security / Cyberattacks and Hacks

8 Signs of a Smartphone Hack

Dark Reading

A rapidly dwindling battery life or sudden spike in data usage could indicate your iOS or Android device has been compromised

86

Personal details and SSNs of 40,000 US citizens available for sale

Security Affairs

Security experts at threat intelligence firm Cyble have identified a credible actor selling personal details of approximately 40,000 US citizens.

Sales 93

Twitter Hack: A Sign of More Troubles Ahead?

Data Breach Today

Some Experts Say the Platform's Security Failures Could Lead to Bigger Attacks While the Wednesday hijacking of several high-profile and verified Twitter accounts appears to have been confined to a cryptocurrency scam, security experts are warning that the platform's security failures could lead to bigger attacks down the road.

Does TikTok Really Pose a Risk to US National Security?

WIRED Threat Level

Concerns about the Chinese government shouldn't be dismissed, experts say. But banning TikTok would be a drastic measure. Security Security / National Security

Risk 86

Cryptocurrency Scam Spreads Across High-Profile Twitter Accounts

Dark Reading

Twitter accounts belonging to former president Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, and Bill Gates are among those hijacked in a massive cryptocurrency scam

86

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

Iran-linked APT35 group accidentally exposed one of its servers, leaving online roughly 40 GB of videos and other files associated with its operations.

Microsoft: Patching 'Wormable' Windows Server Flaw Is Urgent

Data Breach Today

Check Point Research Report Explains 17-Year-Old 'SigRed' Flaw Affects Windows DNS Feature Microsoft is urging its customers to patch a "wormable" vulnerability affecting the Windows Server operating system that could allow an attacker to exploit an organization's entire infrastructure

IT 207