A North Korean government-backed APT group has been caught using a fake pen-testing company and a range of sock puppet social media accounts in an escalation of a hacking campaign targeting security research professionals. The notorious hacking group, first exposed by Google earlier this year, returned on March 17th with a website for a fake…
Governance & Risk Management , IT Risk Management , Patch Management If Exploited, Flaws Could Open Door to Theft of Admin Credentials Prajeet Nair (@prajeetspeaks) • April 1, 2021 VMware has issued patches for two critical vulnerabilities in its IT operations management platform, vRealize Operations, which, if exploited, could allow attackers to steal…
The UK’s new Cyber Security Council is being urged not to “squander the opportunity” provided by the new organisation. Commissioned by the Department for Digital, Culture, Media and Sport (DCMS), the Cyber Security Council was set up by the members of the Cyber Security Alliance. It’s aim is to serve as a single governing voice…
Executive Summary Informations Name CVE-2020-9147 First vendor Publication 2021-04-01 Vendor Cve Last vendor Modification 2021-04-01 Security-Database Scoring CVSS v3 Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA Calculate full CVSS 3.0 Vectors scores Security-Database Scoring CVSS v2 Cvss…
The Dutch Data Protection Authority (AP) has imposed a €475,000 fine on Booking.com for reporting a data breach to the AP too late. Cybercriminals exfiltrated the personal data of more than 4,000 customers and they were also able to obtain the credit card details of nearly 300 victims. Source Hackers extracted login credentials of victims’…
New York City- based IoT device maker Ubiquiti recently disclosed a data breach that was downplayed. After news of the catastrophic data breach, the shares of the company fell significantly this week. In January, Ubiquiti informed customers that unauthorized access to some IT systems hosted by a third-party cloud provider occurred. The company said in…
Critical Infrastructure Security , Cybercrime , Fraud Management & Cybercrime DOJ: Wyatt Travnichek Allegedly Accessed Cleaning and Disinfecting System Prajeet Nair (@prajeetspeaks) • April 2, 2021 This is the website of the Ellsworth County Rural Water District in Kansas. The facility was targeted in an attack in 2019, according to the Justice Department….
New York’s Department of Financial Services (DFS) warns of an ongoing series of attacks resulting in the theft of personal information belonging to hundreds of thousands of New Yorkers. The warning follows another alert issued last month describing how this aggressive cybercrime campaign exploits cybersecurity flaws found in public-facing websites to steal Nonpublic Information (NPI). The attacks…
Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed. Ubiquiti informed customers in January that it had detected unauthorized access to some IT systems hosted by an unnamed third-party cloud provider….
Breach Notification , Incident & Breach Response , Security Operations Seller of 99 Million Customers’ Stolen Data Calls Firm ‘Incompetent,’ but Stops Sale Mathew J. Schwartz (euroinfosec) • April 1, 2021 A broker of breached data claims via dedicated .onion leak site to have deleted 8TB of stolen MobiKwik customer data that the…
