-
Microsoft fixes critical Azure bug that exposed customer data
Microsoft has addressed a critical vulnerability in the Azure Automation service that could have allowed attackers to take full control over other Azure customers' data.
- March 07, 2022
- 11:09 AM
0
-
Reality Winner's Twitter account was hacked to target journalists
Twitter account of former intelligence specialist, Reality Winner was hacked over the weekend by threat actors looking to target journalists at prominent media organizations. After taking over Winner's verified Twitter account, hackers changed the profile name to "Feedback Team" to impersonate Twitter staff and began sending out DMs.
- March 01, 2022
- 05:46 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Don't copy-paste commands from webpages — you can get hacked
Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal risk having their system compromised. Wizer's Gabriel Friedlander demonstrates an obvious, simple yet stunning trick that'll make you think twice before copying-pasting text from web pages.
- January 03, 2022
- 08:00 AM
- 11
-
Popular Q&A app Curious Cat loses domain, posts bizarre tweets
Popular social networking and anonymous Q&A app, Curious Cat has lost control of its domain. Soon after the platform announced losing control of their domain, a series of bizarre events and support responses have confused the app users who are now unable to trust Curious Cat.
- January 01, 2022
- 07:46 AM
- 0
-
UK government transport website caught showing porn
A UK Department for Transport (DfT) website was caught serving porn earlier today. The particular DfT subdomain behind the mishap, on most days, provides vital DfT statistics for the public and the department's business plan.
- November 25, 2021
- 02:33 PM
- 0
-
Alibaba ECS instances actively hijacked by cryptomining malware
Threat actors are hijacking Alibaba Elastic Computing Service (ECS) instances to install cryptominer malware and harness the available server resources for their own profit.
- November 15, 2021
- 02:15 PM
- 1
-
Popular 'coa' NPM library hijacked to steal user passwords
Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. The 'coa' library, short for Command-Option-Argument, receives about 9 million weekly downloads on npm, and is used by almost 5 million open source repositories on GitHub.
- November 04, 2021
- 02:06 PM
- 1
-
Popular NPM library hijacked to install password-stealers, miners
Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack.
- October 23, 2021
- 12:51 PM
- 0
-
Netgear fixes severe security bugs in over a dozen smart switches
Netgear has released firmware updates for more than a dozen of its smart switches used on corporate networks to address high-severity vulnerabilities.
- September 06, 2021
- 09:07 AM
- 0
-
Over 60,000 parked domains were vulnerable to AWS hijacking
Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.
- September 03, 2021
- 03:00 AM
- 1
-
FlyTrap malware hijacks thousands of Facebook accounts
A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies.
- August 09, 2021
- 05:43 PM
- 3
-
Major news sites serve porn after vid.me domain takeover
Major news sites including The Washington Post, New York Magazine, and HuffPost, saw their stories now displaying porn videos instead of the once-embedded intended ones. The fiasco happened as prominent websites relied on the now-defunct domain vid.me to embed streaming videos in their articles.
- July 23, 2021
- 02:22 AM
- 1
-
TikTok, Snapchat account hijacker arrested for role in Twitter hack
A fourth suspect has been arrested today for his role in the Twitter hack last year that gave attackers access to the company's internal network exposing high-profile accounts to hijacking.
- July 21, 2021
- 05:17 PM
- 0
-
Perl.com domain stolen, now using IP address tied to malware
The domain name perl.com was stolen and now points to an IP address associated with malware campaigns.
- January 29, 2021
- 11:20 AM
- 2
-
WordPress plugin bugs can let attackers hijack up to 100K sites
Admins of WordPress sites who use the Ultimate Member plugin are urged to update it to the latest version to block attacks attempting to exploit multiple critical and easy to exploit vulnerabilities that could lead to site takeovers.
- November 09, 2020
- 06:29 PM
- 0
-
Grindr fixed a bug allowing full takeover of any user account
Grindr has fixed a security flaw that could have allowed attackers to easily hijack any Grindr account if they knew the user's email address.
- October 02, 2020
- 07:12 PM
- 0
-
Louis Vuitton fixes data leak and account takeover vulnerability
French fashion and luxury merchandise company Louis Vuitton has quietly patched a security vulnerability on its website that allowed for user account enumeration and even allowed account takeover via password resets.
- September 25, 2020
- 03:51 PM
- 1
-
Instagram bug allowed crashing the app via image sent to device
Technical details about a high-severity vulnerability in Facebook's Instagram app for Android and iOS show how an attacker could exploit it to deny user access to the app, take full control of their account, or use their mobile device to spy on them.
- September 24, 2020
- 07:00 AM
- 0
-
Microsoft warns of Office 365 phishing via malicious OAuth apps
Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks.
- July 08, 2020
- 02:32 PM
- 0
-
Apple Paid $75K For Bugs Letting Sites Hijack iPhone Cameras
Apple has paid a $75,000 bug bounty to a security researcher who chained together three different exploits that could have allowed malicious web sites to use your iPhone camera and microphone without permission.
- April 03, 2020
- 12:52 PM
- 1
