Saturday, January 19, 2019
Tripwire

Microsoft Announces Azure DevOps Bug Bounty Program

The Microsoft Security Response Center (MSRC) has announced the creation of a bug bounty program for Azure DevOps services. On 17 January, MSRC said it would begin awarding bounties of up to $20,000 for reports on eligible vulnerabilities affecting...
Tripwire

Nearly 800 Million Email Addresses Exposed in “Collection #1” Data Breach

A data breach known as “Collection #1” exposed approximately 800 million email addresses as well as tens of millions of passwords. In the beginning of January, multiple people reached out to Australian web security expert Troy Hunt about a...
Tripwire

Two Ukrainians Charged with Plot to Hack into SEC and Commit Fraud

The U.S. Department of Justice (DOJ) has charged two Ukrainians with participating in a plot to hack into computers systems at the U.S. Securities and Exchange Commission (SEC) and use the information they stole to commit fraud. On 15...
Tripwire

Del Rio City Hall Disables Internet Connection for All Departments after Ransomware Attack

Officials in the City of Del Rio have disabled the internet connection for all departments at City Hall following a ransomware attack. The City of Del Rio, which is located 152 miles west of San Antonio in Val Verde...
Tripwire

Mozilla Announces It Will Disable Support for Flash Plugin in Firefox 69

Mozilla has announced that it will disable support for the Adobe Flash Player plugin by default in version 69 of its Firefox web browser. On 11 January, Mozilla senior software engineer Jim Mathies opened a Bugzilla ticket announcing his...
Tripwire

Free Decryption Tool Created for PyLocky Ransomware Family

A researcher has created a free decryption tool which victims of the PyLocky ransomware family can use to recover their affected files. Mike Bautista, a security researcher at the Cisco Talos Intelligence Group, is responsible for developing the tool....
Tripwire

Neiman Marcus to Pay $1.5 Million under Data Breach Settlement

Neiman Marcus Group, Inc. has agreed to pay $1.5 million as part of a settlement for an earlier data breach that exposed customers’ information. Ken Paxton, Attorney General of Texas, announced on 8 January that he and his fellow...
Tripwire

Humana Informs Customers of Third-Party Security Incident

Humana has notified customers of a third-party security incident that might have exposed some of their personal information. According to a breach notification letter obtained by DataBreaches.net, the for-profit American health insurance company learned on 25 October 2018 that...
Tripwire

Kitchen Utensil Manufacturer Discloses Data Breach of E-commerce Site

A manufacturer of kitchen utensils, office supplies and housewares disclosed a data breach of customer information submitted to its e-commerce website. OXO International Ltd confirmed on 17 December 2018 that digital attackers might have compromised the data submitted by...
Tripwire

Alert Service Compromised to Send Out Spam Message

An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service’s customers. The Queenland Early Warning Network (EWN) alert service disclosed first in a Facebook post and later...
Tripwire

Phishers Bypassing 2FA to Compromise Google and Yahoo Accounts

Phishers are bypassing common forms of two-factor authentication (2FA) in a campaign targeting hundreds of Google and Yahoo accounts. In a new report, Amnesty International uses several attack emails sent to it by Human Rights Defenders (HRDs) spread across...
Tripwire

NASA Notifies Employees of Potential Data Breach

The National Aeronautics and Space Administration (NASA) has warned its employees of a data breach that might have compromised their personal information. On 18 December, the agency’s Human Resources Messaging System (HRMES) sent out a message to all employees...
Tripwire

Malware Using Memes Posted on Twitter as C&C Service

Researchers have observed a new threat using malicious memes posted on Twitter to receive command-and-control (C&C) instructions. Trend Micro observed that the malicious activity begins after a threat detected as “TROJAN.MSIL.BERBOMTHUM.AA” executes on an infected machine. As of this...
Tripwire

Office 365 Phishing Attack Using Fake Non-Delivery Notifications

A new phishing attack is using fake non-delivery notifications in an attempt to steal users’ Microsoft Office 365 credentials. SANS ISC Handler Xavier Mertens discovered the attack while reviewing data captured by his honeypots. The attack begins when a...
Tripwire

Save the Children Federation Tricked Into Sending $1 Million to Scammers

Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars. As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017....
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more