40 matches found
4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree
Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai aka Quynh Hoa and Bich Thuy, Nguyen Viet Quoc aka Tien Nguyen,...
Discord.io confirms theft of 760,000 members' data
Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...
CVE-2023-23913
A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks...
SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors since November 2022. "The threat actors behind the campaign are targeting Facebook business accounts by using...
Web skimmer found on website of Liquor Control Board of Ontario
On January 12, 2023, the Liquor Control Board of Ontario LCBO published a news release about a cybersecurity incident, affecting online sales through LCBO.com. It is one of the largest retailers and wholesalers of beverage alcohol in the world. Web skimmer The cybersecurity incident was a web...
Uber data stolen via third-party vendor
Uber is facing a new cybersecurity incident after threat actors stole some of its data from Teqtivity, a third-party vendor that provides asset management and tracking services. "We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third...
Suspected LAPSUS$ group member arrested in Brazil
The Brazilian Federal Police have arrested a suspect after an investigation into last year's breach of the Brazilian Ministry of Health. Responsibility for the breach was claimed by the LAPSUS$ group, when users found a message stating that system data had been copied and deleted and was in the...
DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services
The U.S. Department of Justice DoJ on Wednesday announced the seizure of three domains used by cybercriminals to trade stolen personal information and facilitate distributed denial-of-service DDoS attacks for hire. This includes weleakinfo.to, ipstress.in, and ovh-booter.com, the first of which...
Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company
Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut the company off at the knees." A subsidiary of Live Nation, the California-based ticket sales and distribution...
Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
The e-commerce card-skimming landscape has a new wrinkle: Cybercriminals affiliated with the Magecart collective are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control C2 servers. That’s according to researchers who...
4 Dangerous Brazilian Banking Trojans Now Trying to Rob Users Worldwide
Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe. Collectively called the "Tetrade" by Kaspersky researchers, the malware families — comprising Guildma,...
Millions of Guests Impacted in Marriott Data Breach, Again
For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected. The attack was carried out via third-party software that Marriott’s hotel properties use to provide guest services, according to an online...
Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks
Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually...
Hackers Sell Access to Bait-and-Switch Empire
Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people...
Facebook Offers Details on ‘View As’ Breach, Revises Numbers
The data breach first disclosed by Facebook in September has directly impacted the access tokens of 30 million accounts, the social media giant confirmed Friday. Facebook recently admitted that hackers exploited a flaw in its “View As” feature, which lets users see what their profiles look like...
Dark Web Azorult Generator Offers Free Binaries to Cybercrooks
A malicious build-it-yourself platform for the Azorult info-stealing malware has debuted on the Dark Web. The online builder, which its authors have named Gazorp, allows cybercriminals to generate their very own strains of Azorult, along with the apparatus to control it. And, it’s free. “Threat...
FBI: Iranian Firm Stole Data In Massive Spear Phishing Campaign
The United States Department of Justice announced charges against nine Iranians accused of stealing private data from U.S. universities, private companies and U.S. government agencies. FBI Deputy Director David Bowdich said in a statement that the state-sponsored hackers worked for more than four...
Western Digital MyCloud Remote Code Execution (CVE-2017-17560)
A remote code execution vulnerability exists within Western Digital MyCloud servers. This is due to the way the MyCloud servers handle file uploads to specific directories. A successful attack could lead to a remote code execution and stolen information...
Our Analysis of 1,019 Phishing Kits
In recent years phishing activity has grown rapidly, with thousands of phishing sites popping for a virtual moment that last weeks, days or even hours, before becoming ineffective—either getting blacklisted by security providers, or brought down by internet providers and authorities, or in most...
Samsung Internet Browser SOP Bypass (CVE-2017-17692)
A SOP bypass vulnerability exists within the Samsung internet browser. This vulnerability is due to the way the browser handles its same origin policy. A successful attack could lead to stolen information...