Application Security , Application Security & Online Fraud , Breach Notification Three FortiOS Vulnerabilities Being Exploited for the Campaign Akshaya Asokan (asokan_akshaya) • April 3, 2021 The U.S. Cybersecurity and Infrastructure Security Agency and the FBI warn that unidentified nation-state actors are scanning for three vulnerabilities in Fortinet’s operating system, FortiOS, to likely…
The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free. The stolen data first surfaced on a hacking community in June 2020 when a member began selling the Facebook data to other members. What made this leak stand out was that…
Breach Notification , Cybercrime , Fraud Management & Cybercrime Facebook Says Data Comes from Previously Reported 2019 Incident Doug Olenick (DougOlenick) • April 4, 2021 A security researcher has found more than 500 million Facebook records made available for free on the darknet, exposing basic user information, including any phone numbers associated with…
Company Still Recovering From March 1 Attack, SEC Filing Notes Doug Olenick (DougOlenick) • April 1, 2021 The ODP Corp. reports it has suffered a loss of about $28 million due to a March 1 cyber incident at its business services and supplies subsidiary, CompuCom, that forced the company to shut down some…
The personal data of over 500 million Facebook users has been posted online in a low-level hacking forum. The data includes phone numbers, full names, location, email address, and biographical information. Security researchers warn that the data could be used by hackers to impersonate people and commit fraud. See more stories on Insider’s business page….
A North Korean government-backed APT group has been caught using a fake pen-testing company and a range of sock puppet social media accounts in an escalation of a hacking campaign targeting security research professionals. The notorious hacking group, first exposed by Google earlier this year, returned on March 17th with a website for a fake…
Governance & Risk Management , IT Risk Management , Patch Management If Exploited, Flaws Could Open Door to Theft of Admin Credentials Prajeet Nair (@prajeetspeaks) • April 1, 2021 VMware has issued patches for two critical vulnerabilities in its IT operations management platform, vRealize Operations, which, if exploited, could allow attackers to steal…
The UK’s new Cyber Security Council is being urged not to “squander the opportunity” provided by the new organisation. Commissioned by the Department for Digital, Culture, Media and Sport (DCMS), the Cyber Security Council was set up by the members of the Cyber Security Alliance. It’s aim is to serve as a single governing voice…
Executive Summary Informations Name CVE-2020-9147 First vendor Publication 2021-04-01 Vendor Cve Last vendor Modification 2021-04-01 Security-Database Scoring CVSS v3 Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA Calculate full CVSS 3.0 Vectors scores Security-Database Scoring CVSS v2 Cvss…
The Dutch Data Protection Authority (AP) has imposed a €475,000 fine on Booking.com for reporting a data breach to the AP too late. Cybercriminals exfiltrated the personal data of more than 4,000 customers and they were also able to obtain the credit card details of nearly 300 victims. Source Hackers extracted login credentials of victims’…
