The leaky database also kept a track of users who clicked on messages through Grand Slam Marketing, another small advertising company. The data exposed in the incident includes MD5-hashed emails, IP addresses, Phone numbers, and ZIP codes. ApexSMS Inc., an SMS text marketing company that also does business under the name of Mobile Drip, has suffered a data breach due ...
Read More »Blog
Augustana College hit with ransomware attack
Augustana College confirmed that the ransomware infected server contained personal information of students. The college is providing 24 months of complimentary credit monitoring and identity restoration services for all potentially affected individuals. Attackers infected one of the Augustana college’s servers that contained personal information of students with ransomware. What happened? On February 18, 2019, Augustana discovered a ransomware attack on ...
Read More »Fake site pretending as KeePass Password Manager found distributing adware
The fake site is part of a large network of sites that are involved in the distribution of adware bundles as free programs. The site is named as keepass[.]com and contains four links for Windows, Windows Portable, Mac and Linux. A fake site that appears to promote the popular KeePass password management software has been found distributing adware to unsuspecting ...
Read More »Alpine Linux Docker images found using NULL password for the admin account
This vulnerability (CVE-2019-5021) has been found in v3.3 impacting all Glider Labs Alpine Linux Docker images as well as official images. Researchers noted that existing systems should be modified to either set a custom password for the root account or disable the root account. Security researchers from Cisco Talos have revealed that Alpine Linux Docker images distributed via the official ...
Read More »The latest versions of UC Browser and UC Browser Mini Android apps have been found to be vulnerable to URL spoofing attacks. These browsers have over 600 million installs across the world.
It is masquerading as an ESET AV Remover Installer to trick users into downloading it. The new variant is distributed via spam emails. A new variant of Dharma ransomware has been found that uses a new technique to hide its malicious activities. It is masquerading as an ESET AV Remover Installer to trick users into downloading it. How does it ...
Read More »Latest versions of UC Browser and UC Browser Mini Android apps vulnerable to URL spoofing attacks
These browsers have over 600 million installs across the world. The flaw affects UC Browser 12.11.2.1184 and UC Browser Mini 12.10.1.1192. The latest versions of UC Browser and UC Browser Mini Android apps have been found to be vulnerable to URL spoofing attacks. These browsers have over 600 million installs across the world. What is URL spoofing attack? URL spoofing ...
Read More »Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover
Cisco has patched a critical flaw in its virtualized function automation tool, Cisco Elastic Services Controller. A critical vulnerability in the Cisco Elastic Services Controller could allow an unauthenticated, remote attacker to take full control of impacted systems – merely by sending a crafted request. Cisco Elastic Services Controller is a virtual network functions manager, which enables businesses to automate the ...
Read More »Physical and Cyber Convergence—At Last?
We have been hearing about the “convergence” of physical and cyber security for years, but even today there are still debates about whether it has happened yet (spoiler alert: it hasn’t). Part of the challenge might be that the word convergence itself can apply to more than one kind of activity – for example, some believe it applies to the ...
Read More »Wyzant suffered a data breach compromising users’ personal information
The compromised information includes names, email addresses, zip codes, and Facebook profile images. However, no passwords or payment details were compromised. What is the issue? Wyzant, an online tutoring marketplace has suffered a data breach compromising users’ personal information. What happened? On April 27, 2019, an unauthorized third-party gained access to Wyzant’s database, which led to the compromise of users’ ...
Read More »Buena Vista Horace Mann student data accidentally shared with BVHM community members
The exposed information includes students’ names, identification numbers, usernames and default passwords for SFUSD systems and tools. The school has requested the students’ parents to educate their children about the importance of securing their passwords. A Buena Vista Horace Mann staff member accidentally shared current and former student data with some of the BVHM community members. This led to BVHM ...
Read More »