April 8, 2021

A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the dark web. A crook has sold 895,000 gift cards and over 300,000 payment cards, for a total of US$38 million, on a  top-tier Russian-language hacking forum on the dark web. The criminal actor was spotted offering […]

The post 330K stolen payment cards and 895K stolen gift cards sold on dark web appeared first on Security Affairs.

Read More 330K stolen payment cards and 895K stolen gift cards sold on dark web

As CIOs and business leaders respond to the cratered business landscape left by the COVID-19 pandemic, political upheavals, economic volatility, and climate change, they face the most difficult challenge of their careers. Some leaders will try to recap…

Read More IDC MaturityScape helps enterprises navigate critical business and IT transitions and transformations

Wizcase experts discovered a security flaw in the open-source learning platform Moodle that could allow accounts takeover. At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Anyone who had an account on a given school’s Moodle (with TeX filter enabled) could […]

The post Moodle flaw exposed users to account takeover appeared first on Security Affairs.

Read More Moodle flaw exposed users to account takeover

Group-IB, a global threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity, and […]

The post Swarmshop – What goes around comes around: hackers leak other hackers’ data online appeared first on Security Affairs.

Read More Swarmshop – What goes around comes around: hackers leak other hackers’ data online

We are open sourcing the Python source code of a research toolkit we call CyberBattleSim, an experimental research project that investigates how autonomous agents operate in a simulated enterprise environment using high-level abstraction of computer networks and cybersecurity concepts.

The post Gamifying machine learning for stronger security and AI models appeared first on Microsoft Security.

Read More Gamifying machine learning for stronger security and AI models

Pwn2Own 2021 – Day 2: a security duo earned $200,000 for a zero-interaction Zoom exploit allowing remote code execution. One of the most interesting working exploits of the second day of the Pwn2Own 2021 was demonstrated by security researchers Daan Keuper and Thijs Alkemade from Computest. The duo successfully targeted Zoom Messenger in the Enterprise […]

The post Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit appeared first on Security Affairs.

Read More Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit

Days after a massive Facebook data leak made the headlines, 500 million LinkedIn users are being sold online, seller leaked 2 million records as proof. Original Post at https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as […]

The post Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof appeared first on Security Affairs.

Read More Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Reporting sheds light on Facebook’s hiring practices, Google I/O returns virtually this year, and Toronto schools are going remote. 

The post Hashtag Trending, April 8, 2021 – Facebook hiring practices in the spotlight; Google I/O goes virtual; Ontario schools go virtual first appeared on IT World Canada.

Read More Hashtag Trending, April 8, 2021 – Facebook hiring practices in the spotlight; Google I/O goes virtual; Ontario schools go virtual

Cisco has addressed a critical pre-authentication remote code execution (RCE) vulnerability in the SD-WAN vManage Software. Cisco has addressed multiple vulnerabilities in Cisco SD-WAN vManage Software that could be exploited by an unauthenticated, remote attacker to execute arbitrary code or by an authenticated, local attacker to gain escalated privileges on vulnerable systems. The most severe vulnerability […]

The post Cisco fixed multiple flaws in SD-WAN vManage Software, including a critical RCE appeared first on Security Affairs.

Read More Cisco fixed multiple flaws in SD-WAN vManage Software, including a critical RCE

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”:

The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed.

[…]

It’s true that Project Zero does not formally attribute hacking to specific groups. But the Threat Analysis Group, which also worked on the project, does perform attribution. Google omitted many more details than just the name of the government behind the hacks, and through that information, the teams knew internally who the hacker and targets were. It is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down the method of attack…

Read More Google’s Project Zero Finds a Nation-State Zero-Day Operation

The annual Mobile Security Index also found almost half of respondents said their firm sacrificed the security of mobile devices for expediency, often because of the pandemic

The post Verizon report says firms still aren’t following basic mobile security measures first appeared on IT World Canada.

Read More Verizon report says firms still aren’t following basic mobile security measures

The maintainers of the PHP programming language confirmed that threat actors may have compromised a user database containing their passwords. The maintainers of the PHP programming language have provided an update regarding the security breach that took place on March 28. Unknown attackers hacked the official Git server of the PHP programming language and pushed […]

The post User database was also hacked in the recent hack of PHP ‘s Git Server appeared first on Security Affairs.

Read More User database was also hacked in the recent hack of PHP ‘s Git Server

Deepfake expert Nina Schick joins us as we discuss synthetic media, Facebook’s latest data fiasco, and some less-than-brilliant April Fool’s tricks.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” p…

Read More Smashing Security podcast #222: Facebook, deepfakes, and April Fools scandals – with Nina Schick