Feds seize fraud domain claiming to provide COVID-19 vaccine

By Habiba Rashid The website was scamming users in the name of providing the COVID-19 vaccine but actually collecting their personal data for malicious purposes. This is a post from HackRead.com Read the original post: Feds seize fraud domain claiming to provide COVID-19 vaccine...

Spam and phishing in Q1 2021

Quarterly highlights Banking phishing: new version of an old scheme In Q1 2021, new banking scams appeared alongside ones that are more traditional. Clients of several Dutch banks faced a phishing attack using QR codes. The fraudsters invited the victim to scan a QR code in an email, ostensibly t...

Data from 500M LinkedIn Users Posted for Sale Online

Personal data from more than 500 million LinkedIn users has been posted for sale online in yet another incident of threat actors scraping data from public profiles and slinging it online for potential cybercriminal misuse. Hackers posted an archive containing data they said includes LinkedIn IDs,...

Conti Gang Demands $40M Ransom from Florida School District

UPDATE The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable. The incident...

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes TB of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal...

CVE-2021-3150

A cross-site scripting XSS vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1...

Cross site scripting

A cross-site scripting XSS vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1...

Befine Solutions AG Cryptshare Server 跨站脚本漏洞

Befine Solutions AG Cryptshare Server is a software application of the German company Befine Solutions AG. It provides secure digital transfer services. A cross-site scripting vulnerability exists in Cryptshare Server before 4.8.0, which originates from a cross-site scripting XSS vulnerability in...

Privilege escalation

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...

Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...

U.S. DOJ warns of fake unemployment benefit websites stealing data

By Habiba Rashid The United States Justice Department has warned of fake unemployment benefit websites aiming at the personal data of Americans. This is a post from HackRead.com Read the original post: U.S. DOJ warns of fake unemployment benefit websites stealing data...

Malaysia Air Downplays Frequent-Flyer Data Breach

Malaysia Airlines sent out an email to frequent flyer program members assuring them that there’s “no evidence” their personal data has been misused in the wake of a supply-chain attack via a third-party vendor. However, experts think that’s unlikely. And, they say the repercussions could be...

Why do companies fail to stop breaches despite soaring IT security investment?

Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single year, increasing 66% fro...

Why do companies fail to stop breaches despite soaring IT security investment?

Let's first take a look back at 2020! Adding to the list of difficulties that surfaced last year, 2020 was also grim for personal data protection, as it has marked a new record number of leaked credentials and PI data. A whopping 20 billion records were stolen in a single year, increasing 66% fro...

Scammers, profiteers, and shady sites? It must be tax season

US tax season is upon us, a time of the year when a special kind of vermin comes crawling out of the woodwork: tax scammers! Not that their goals are any different from any other scammers. They want your hard-earned dollars in their pockets. Most of the tax-related attacks follow a few tried and...

Daycare Webcam Service Exposes 12,000 User Accounts

NurseryCam, a webcam service used across 40 daycare centers in the U.K. by parents who want to keep a watchful eye on their babies, has shut down following a data breach. The breach exposed the personal data of about 12,000 users to an attacker who said he or she was trying to improve the service...

Nude photo theft offers lessons in selfie security

Two former college graduates are in a lot of trouble after breaking into other students accounts and stealing sensitive personal data. They’re facing some serious charges with restitution payments of $35,430, potential jail time, and the threat of very big fines thrown into the mix. What happened...

UBUNTU-CVE-2021-21435

Article Bcc fields and agent personal information are shown when customer prints the ticket PDF via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions...

PT-2021-14507 · Otrs Ag +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS AG OTRS versions 7.0.x through 7.0.23 OTRS AG OTRS versions 8.0.x through 8.0.10 Description: The issue concerns the exposure of Article Bcc fields and agent personal information when a customer prints a ticket in PDF format via an...

Cybersecurity firm Stormshield breach; customer data, source code stolen

By Saad Rajpoot Stormshield suspects that there is a possibility that the attacker has the Technical Exchanges and Personal Data of the users. A French cybersecurity firm Stormsheild has identified a security breach. The breach affected their technical portal which is used by the users for the...