HackDig : Dig high-quality web security articles

Update your LearnPress plugins now!

It’s time for a reminder to ensure all of your WordPress plugins are fully up to date (or removed, if you don't need them). Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn't doing particularly well, with a big slice of site o
Publish At:2023-01-30 22:15 | Read:12779 | Comments:0 | Tags:News wordpress learnpress vulnerability SQL injection update

Riot Games refuses to pay ransom to avoid League of Legends leak

After confirming threat actors were able to steal some of its code, Riot Games has also revealed that it received a ransom email from its attacker. The attackers demanding $10 million to stop them leaking source code from League of Legend's and other games. Riot's reply? Today, we received a ransom email. Needless to say, we won’t pay.While
Publish At:2023-01-30 22:15 | Read:11650 | Comments:0 | Tags:News Riot Games 2K Games Rockstar Games social engineering p

Hive! Hive! Hive! Ransomware site submerged by FBI

On January 26, 2023, the United States Department of Justice (DoJ) released details about a disruption campaign against the Hive ransomware group. The disruption campaign has reportedly had access to Hive's infrastructure since July of 2022. Its access became public on Thursday when Hive's dark web began showing a notice that “this hidden site has
Publish At:2023-01-28 22:15 | Read:57078 | Comments:0 | Tags:News Ransomware DoJ FBI Europol HIve ransomware RDP Patch ma

"2.6 million DuoLingo account entries" up for sale

Not a week goes by where we don’t see an example of data scraping causing concern for both business and folks at home. The latest target happens to be popular language platform DuoLingo, who is currently digging into a forum post concerning data related to its customer accounts. Scraping data for fun and profit, but mostly profit From the for
Publish At:2023-01-26 22:15 | Read:53310 | Comments:0 | Tags:News duolingo data scraped API forum sale selling post user

WhatsApp hijackers take over your account while you sleep

Late last week, Twitter user Zuk (@ihackbanme) tweeted an issue about WhatsApp that has the potential to turn heads. The recent WhatsApp accounts takeover is simple and genius. This is how it works:You're sleeping.A "hacker" tries to login to your account via WhatsApp.You get a text message with a pincode that says "Do not share this".You don't share it, ye
Publish At:2023-01-26 22:15 | Read:37297 | Comments:0 | Tags:News WhatsApp Zuk @ihackbanme voicemail attack WhatsApp hack

CISA releases advice on how to safeguard K–12 organizations

To help K–12 schools and school districts in their struggle against cybercrime the Cybersecurity & Infrastructure Security Agency (CISA) has released the report, Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats. A cybersecurity incident can significantly impact a school or district&rs
Publish At:2023-01-26 22:15 | Read:42612 | Comments:0 | Tags:Business News K-12 CISA NIST CSF CPG

Grand Theft Auto 5 exploit allows cheaters to tamper with your data

Yesterday I spent some time helping to fix a relative’s gaming PC. Their gaming data tied to Rockstar’s Grand Theft Auto 5 (GTAV) had somehow become corrupted and was no longer functional. I managed to repair the account and restore everything back to the way it was, but this isn’t the end of the story. There’s a possibility
Publish At:2023-01-25 22:15 | Read:53945 | Comments:0 | Tags:News GTAV grand theft auto 5 game gaming rockstar exploit co

Consumer privacy and social media

Looking at the privacy related stories of 2022, it’s not hard to see that much of the focus was on the social media giants. Banning TikTok is slowly becoming a trend among US states. Google and Facebook’s owner Meta was fined on several occasions for amounts that would have put other companies out of business, and Twitter fell victim to a po
Publish At:2023-01-25 22:15 | Read:67608 | Comments:0 | Tags:News Privacy Social media privacy policies fines legislation

Video game playing FISH live streams credit card 'theft'

A fish is in hot water (metaphorically speaking) after having performed some incredible antics on a video game live stream. The fish, known for playing popular video game titles to completion on live streams, decided to take that whole gamer lifestyle thing a little too far and went on a rip-roaring crime rampage which came to a grand total of about 4 dollar
Publish At:2023-01-25 22:15 | Read:56656 | Comments:0 | Tags:News fish video game stream credit card pokemon

Riot Games compromised, new releases and patches halted

Popular game developer Riot Games brings word of a system compromise which may cause issues for updates to well known titles, although for the time being it seems as though customer data isn't affected. A social engineering development Making the notification via Twitter late last week, we’re still waiting on the full story as an investigation tak
Publish At:2023-01-24 22:15 | Read:68571 | Comments:0 | Tags:News Riot Games valorant league of legends compromise develo

What privacy can get you

The fight for data privacy must be won in the middle. No declaration, no call to arms, will sway the worst offenders. No public swell, no great big hack, has changed how money gets made. Corporations will continue to reap our data, package it into ad-friendly profiles, and, for a price, deliver the right ads to the right users as determined by the right algo
Publish At:2023-01-24 22:15 | Read:50282 | Comments:0 | Tags:News Privacy

VASTFLUX ad fraud massively affected millions of iOS devices, dismantled

Researchers have successfully dismantled a massive ad fraud campaign they stumbled upon by accident.  The Satori Threat Intelligence and Research Team dubbed the campaign VASTFLUX, a portmanteau of "fast flux"—an evasion technique involving the constant changing of IP addresses behind a single domain—and "VAST" (Video Ad Serving Te
Publish At:2023-01-24 22:15 | Read:88376 | Comments:0 | Tags:Apple News VASTFLUX HUMAN fast flux VAST Matryoshka JavaScri

Own an older iPhone? Check you're on the latest version to avoid this bug

In December, 2022, we warned our readers about an actively exploited vulnerability in Apple’s WebKit. Back then we wondered why Apple specifically stated that the issue may have been actively exploited against versions of iOS released before iOS 15.1. At the time, our resident Apple expert Thomas Reed said that Apple has been known to release fixes for
Publish At:2023-01-24 22:15 | Read:71869 | Comments:0 | Tags:Apple Exploits and vulnerabilities News iOS 12.5.7 CVE-2022-

A week in security (January 16—22)

Last week on Malwarebytes Labs: Google to support the use of Rust in Chromium Law enforcement app SweepWizard leaks data on crime suspects Accountant ordered to pay ex-employer after bossware shows "time theft" TikTok dances to the tune of $5.4m cookie fine "Untraceable" surveillance firm sued for scraping Facebook and Instagram data Fighting technology's g
Publish At:2023-01-23 22:15 | Read:100514 | Comments:0 | Tags:News Google Rust Chromium Mailchimp SweepWizard bossware Tik

T-Mobile reports data theft of 37 million customers in the US

T-Mobile has announced that an attacker has accessed "limited types of information" on customers. It says it is informing impacted customers. According to the press release, no passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Method T-Mobile says the attacked gained&n
Publish At:2023-01-23 22:15 | Read:91382 | Comments:0 | Tags:News T-Mobile 37 million data breach k-8

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud