Month: January 2022

0 Comments
A mix-up at a school in Worcestershire, England, caused parents to receive the Covid-19 test results of other people’s children. The data breach, reported today by the Evesham Journal, occurred at co-educational secondary school and sixth-form college The De Montfort School (TDMS) in Evesham, which is part of the Four Stones Multi Academy Trust. Students returning
0 Comments
The internet’s greatest feat? Fundamentally shifting how we live. Once a revelation, it quickly set our long-standing beliefs about how we work, play, and connect into a whole new context.  Today, the shifts come fast. Video meetings once felt alien. Now, they’re part of our routine. We’ve gone from setting doctor’s appointments online to actually
0 Comments
A sea of sensors will soon influence almost everything in your world Probably for the first time in its history, CES has more sensors on the show floor than attendees. What the show lacks in physical attendees, it makes up for with the sheer volume and variety of tiny sensors that will influence almost everything
0 Comments
The Commission nationale de l’informatique et des libertés (CNIL), France’s data protection watchdog, has slapped Facebook (now Meta Platforms) and Google with fines of €150 million ($170 million) and €60 million ($68 million) for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. “The websites facebook.com,
0 Comments
A cyber-attack on American hospitality chain McMenamins may have exposed data belonging to its current and former employees.  The business, which owns and operates brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington, issued a data breach notice after suffering a ransomware attack. Suspicious activity was identified in the company’s computer network on
0 Comments
Introduction In February 2021, the company Dbappsecurity discovered a sample in the wild that exploited a zero-day vulnerability on Windows 10 x64. The vulnerability, CVE-2021-1732, is a win32k window object type confusion leading to an OOB (out-of-bounds) write which can be used to create arbitrary memory read and write capabilities within the Windows kernel (local
0 Comments
VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an “important” security vulnerability that could be weaponized by a threat actor to take control of affected systems. The issue relates to a heap-overflow vulnerability — tracked as CVE-2021-22045 (CVSS score: 7.7) — that, if successfully exploited, results in the execution of arbitrary
0 Comments
Police in India have launched an investigation into an app featuring images of Muslim women described as being “for sale as maids.” Open-source online auction application Bulli Bai was hosted by GitHub but has now been removed from the online platform. Indian minister for information and technology Ashwini Vaishnawm said on Saturday that GitHub also
0 Comments
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby’s Realty that involved injecting malicious skimmers to steal sensitive personal information. “The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded
0 Comments
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That’s according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. “This threat actor was able to leave most
0 Comments
The internet is meant for all to enjoy. And that’s who we’re looking out for—you and everyone who wants to enjoy life online.  We believe it’s important that someone has your back like that, particularly where some of today’s hacks and attacks can leave people feeling a little uneasy from time to time. You’ve probably seen stories about data breaches at big companies pop up in your news feed. Or perhaps you or someone you know had their debit or credit card number hacked. Problems
0 Comments
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that’s dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the
0 Comments
A Texas resident has been convicted of stealing hundreds of thousands of dollars from a school district in Idaho through a business email compromise (BEC) scam. Teton School District 401, which serves 1,800 students in seven schools in Teton County, fell victim to the cybercrime three years ago.  In 2018, the district’s business manager, Carl Church,
0 Comments
A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed at an unnamed “large academic