In what's likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free—which was harvested by hackers in 2019 using a Facebook vulnerability. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, … [Read more...] about 533 Million Facebook Users’ Phone Numbers and Personal Data Leaked Online
Online
Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that … [Read more...] about Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private … [Read more...] about Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online
On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA). Although the group has since signed off following the unprecedented disclosures, … [Read more...] about Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online
Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers … [Read more...] about Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Valve’s Steam Server Bugs Could’ve Let Hackers Hijack Online Games
Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected 3rd-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game … [Read more...] about Valve’s Steam Server Bugs Could’ve Let Hackers Hijack Online Games
Phishing and online scams on Amazon
Anyone who has had any contact with Amazon knows that, from time to time, you may come across scammers who parasitically exploit the marketplace’s popularity. They defraud all sorts of users: sellers, buyers, regular users, and one-time visitors. Even if you’ve never logged on to Amazon (real talk, though: never?), some of these scams can affect you, too. We’ll focus first on … [Read more...] about Phishing and online scams on Amazon
Distorting the truth: The roots of online political disinformation campaigns
On today’s episode of the Security Stories podcast we discuss the history of online manipulation campaigns, and how they’re used today to try and influence political elections. To do that, we welcome back Theresa Payton, the first female CIO of the White House and author of ‘Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth’. Also joining us is … [Read more...] about Distorting the truth: The roots of online political disinformation campaigns
Microsoft Windows XP Source Code Reportedly Leaked Online
Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's … [Read more...] about Microsoft Windows XP Source Code Reportedly Leaked Online
How PayPal users are tricked by online fraudsters
You know how to use PayPal safely, but every day, scammers come up with new tricks to gain access to users’ accounts and empty their pockets digitally. Today we’re sharing some of fraudsters’ most popular schemes. Advance payment fraud It’s not unusual for online scammers to use so-called advance payment fraud, a classic Internet scam, to defraud PayPal users. Victims receive … [Read more...] about How PayPal users are tricked by online fraudsters