A threat actor is offering for sale on hacking forums the secret database Clubhouse containing 3.8B phone numbers. Clubhouse is a social audio app for iOS and Android where users can communicate in voice chat rooms that accommodate groups of thousands of people. The audio-only app hosts live discussions, with opportunities to participate through speaking and listening. Conversations are prohibited by Clubhouse’s guidelines […]

The post Threat actor offers Clubhouse secret database containing 3.8B phone numbers appeared first on Security Affairs.

Read More Threat actor offers Clubhouse secret database containing 3.8B phone numbers

Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered new attacks on Kubernetes (K8s) installs via misconfigured Argo Workflows aimed at deploying cryptocurrency miners. Argo Workflows is an open-source, container-native workflow engine designed to run on K8s clusters. The experts discovered Argo Workflows instances with […]

The post Crooks target Kubernetes installs via Argo Workflows to deploy miners appeared first on Security Affairs.

Read More Crooks target Kubernetes installs via Argo Workflows to deploy miners

XCSSET macOS malware continues to evolve, now it is able to steal login information from multiple apps, including Telegram and Google Chrome. Security researchers from Trend Micro continues to monitor the evolution of the XCSSET macOS malware, new variants are able to steal login information from multiple apps, including Telegram and Google Chrome, and send […]

The post XCSSET MacOS malware targets Telegram, Google Chrome data and more appeared first on Security Affairs.

Read More XCSSET MacOS malware targets Telegram, Google Chrome data and more

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. HelloKitty ransomware gang targets vulnerable SonicWall devices Instagram implements ‘Security Checkup to help users recover compromised accounts Chinese […]

The post Security Affairs newsletter Round 324 appeared first on Security Affairs.

Read More Security Affairs newsletter Round 324

Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics. Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned private US companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics. Researchers from the Japanese security firm Mitsui Bussan Secure Directions (MBSD) […]

The post Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics appeared first on Security Affairs.

Read More Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics

This week, by popular demand, it’s Charlotte! Oh – and Scott. People had been asking for Charlotte for a while, so we finally decided to do a weekly update together on how she’s been transitioning from Mac to PC. Plus, she has to put up with

Read More Weekly Update 253

A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. Security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with […]

The post Obtaining password hashes of Windows systems with PetitPotam attack appeared first on Security Affairs.

Read More Obtaining password hashes of Windows systems with PetitPotam attack

Inseego introduced its Wavemaker PRO 2000e industrial gateway. Combining high-performance 5G with the 4G LTE capabilities, this solution delivers throughput and reliability for industrial IoT and enterprise networks. “We designed the S2000e to provide …

Read More Inseego Wavemaker PRO 2000e delivers throughput and reliability for industrial IoT and enterprise networks

At Carbonite + Webroot, we’re always preaching about the importance of layering security solutions. Because here’s the truth: data’s always at risk. Whether from cybercriminals, everyday mishaps or mother nature, businesses can put up all the defenses they want but disaster only has to successfully strike once. The global pandemic means more work is being […]

The post Redundancy for resilience: The importance of layered protection in the cloud appeared first on Webroot Blog.

Read More Redundancy for resilience: The importance of layered protection in the cloud

Estonian hacker Pavel Tsurkan has pleaded guilty in a United States court to the counts of computer fraud and of creating and operating a proxy botnet. The Estonian national Pavel Tsurkan has pleaded guilty in a United States court to two counts of computer fraud and abuse. According to court documents, Pavel Tsurkan (33) operated […]

The post Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet. appeared first on Security Affairs.

Read More Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet.

Kaseya VSA customers struggling to recover from the REvil ransomware attack earlier this month have some good news: the company has received a decryptor to unscramble encrypted data. The company said Thursday it is helping impacted customers after obtaining the decryption tool from an unnamed third party. So far it has had no reports of […]

The post Kaseya obtains ransomware decryptor to help VSA victims first appeared on IT World Canada.

Read More Kaseya obtains ransomware decryptor to help VSA victims

The internet is heavily flooded with data. It could take a person several hours, or even days, and a considerable number of cups of coffee to sift through the data and ultimately reach actionable insights. For businesses leveraging a lot of data for market research, competitive price analysis, and other business applications, sifting through data […]

The post How Web Scraping Can Enhance Cyber Security  appeared first on CyberDB.

Read More How Web Scraping Can Enhance Cyber Security 

WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. Original post at https://www.wizcase.com/blog/us-municipality-breach-report/ This breach compromised citizens’ physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types […]

The post Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach appeared first on Security Affairs.

Read More Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

A Catholic priest was outed through commercially available surveillance data. Vice has a good analysis:

The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual. A growing market of data brokers that collect and sell data from countless apps has made it so that anyone with a bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information…

Read More Commercial Location Data Used to Out Priest

This episode reports on the availability of a new Canadian data centre for users of Sophos products, a survey shows people still fall for tech support scams, Amazon cuts off a controversial spyware company and new figures on ransomware attacks

The post Cyber Security Today, July 23, 2021 – Sophos opens a Canadian data centre, people still fall for tech support scams and Amazon cuts off a controversial spyware company first appeared on IT World Canada.

Read More Cyber Security Today, July 23, 2021 – Sophos opens a Canadian data centre, people still fall for tech support scams and Amazon cuts off a controversial spyware company

How businesses can benefit from the adoption of an identity and access management solution. Businesses that use outdated manual processes to grant and control access to their IT resources are getting left behind. This article describes what an identity and access management solution is and how it can benefit your business. Identity Is the New […]

The post What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It? appeared first on Security Affairs.

Read More What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It?

The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware. Earlier this month, a massive supply chain attack conducted by the REvil ransomware gang hit the cloud-based managed service provider platform Kaseya, impacting both other MSPs using its VSA software and their customers. The VSA tool is used by MSPs to perform […]

The post Kaseya obtained a universal decryptor for REvil ransomware attack appeared first on Security Affairs.

Read More Kaseya obtained a universal decryptor for REvil ransomware attack

The FTC has voted unanimously to enforce Right to Repair laws, Twitter is testing out new voting features and Apple’s largest iPhone production site has been affected by flooding in Central China. It’s all the tech news that’s trending right now, welcome to Hashtag Trending! It’s Friday, July 23, and I’m your host, Tom Li. […]

The post Hashtag Trending July 23- Right to Repair laws; Twitter’s voting feature; Flood hits iPhone production site in China first appeared on IT World Canada.

Read More Hashtag Trending July 23- Right to Repair laws; Twitter’s voting feature; Flood hits iPhone production site in China

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021 The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is also supported […]

The post Threat Report Portugal: Q2 2021 appeared first on Security Affairs.

Read More Threat Report Portugal: Q2 2021

Multiple major websites, including Steam, AWS, Amazon, Google, and Salesforce, went offline due to Akamai DNS global outage. A software configuration update triggered a bug in the Akamai DNS which took offline major websites, including Steam, the PlayStation Network, AWS, Google, and Salesforce. “A software configuration update triggered a bug in the DNS (domain name […]

The post Akamai software update triggered a bug that took offline major sites appeared first on Security Affairs.

Read More Akamai software update triggered a bug that took offline major sites