HackDig : Dig high-quality web security articles for hackers

Security Affairs newsletter Round 291

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A cyberattack crippled the IT infrastructure of the City of Saint JohnHundreds of female sports stars and celebrities have their naked photos and videos leaked onlineRomanians arrested for running underg
Publish At:2020-11-29 12:42 | Read:74 | Comments:0 | Tags:Breaking News Cybercrime data breach Hacking hacking news in

Chip maker Advantech hit by Conti ransomware gang

The IIoT chip maker Advantech was hit by the Conti ransomware, the gang is now demanding over $13 million ransom from the company. The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide
Publish At:2020-11-28 17:12 | Read:171 | Comments:0 | Tags:Breaking News Malware Security Conti ransomware Hacking hack

IIoT chip maker Advantech hit by ransomware, $12.5 million ransom

The Conti ransomware gang hit the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is now demanding a $14 million ransom to decrypt affected systems and to stop leaking stolen company data.Advantech is a global leading manufacturer of IT products and solutions, including embedded PCs, network devices, IoT, servers, and heal
Publish At:2020-11-28 13:37 | Read:141 | Comments:0 | Tags:Security ransomware

Drupal emergency updates fix critical arbitrary PHP code execution

Drupal has released emergency security updates to fix a critical flaw with known exploits that could allow for arbitrary PHP code execution. Drupal has released emergency security updates to address a critical vulnerability with known exploits that could be exploited to achieve arbitrary PHP code execution on some CMS versions. The Drupal project uses
Publish At:2020-11-27 21:42 | Read:83 | Comments:0 | Tags:Breaking News Hacking Security Drupal PHP code execution

Office 365 phishing abuses Oracle and Amazon cloud services

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure.The campaign has been active for more than half a year and uses a network of legitimate websites that have been compromised to work as a proxy chain.Simple
Publish At:2020-11-27 18:07 | Read:107 | Comments:0 | Tags:Security Cloud

The Week in Ransomware - November 27th 2020 - Attacks continue

With the USA holidays, this has been a relatively slow week in new research being released. We did, though, see some organizations get attacked or report historical attacks.Last weekend, South Korean retail giant E-Land suffered a ransomware attack that forced them to close 23 retail stores while they recovered.There were also attacks reported against Rtizau
Publish At:2020-11-27 18:07 | Read:133 | Comments:0 | Tags:Security ransomware

CBS Last.fm fixes admin password leakage via Symfony profiler

This week, British music streaming service, Last.fm has fixed a credential leakage issue that revealed admin username and password.The leak had occurred due to a misconfigured PHP Symfony app running in "debug" mode and exposing profiler logs.With these credentials, an attacker could have accessed and modified Last.fm user account details
Publish At:2020-11-27 14:13 | Read:128 | Comments:0 | Tags:Security

Phishing lures employees with fake 'back to work' internal memos

Scammers are trying to steal email credentials from employees by impersonating their organization's human resources (HR) department in phishing emails camouflaged as internal 'back to work' company memos.These phishing messages have managed to land in thousands of targeted individuals' mailboxes after bypassing G Suite email defenses acco
Publish At:2020-11-27 14:13 | Read:97 | Comments:0 | Tags:Security

MasterChef, Big Brother producer hit by DoppelPaymer ransomware

French multinational production and distribution firm Banijay Group SAS was hit earlier this month by a DoppelPaymer ransomware attack and had sensitive information stolen by the ransomware operators during the incident.Yesterday, Banijay publicly confirmed a cyber incident that led to employee and commercially sensitive data potentially being compromised.Ba
Publish At:2020-11-27 14:13 | Read:168 | Comments:0 | Tags:Security ransomware

Drupal issues emergency fix for critical bug with known exploits

Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions."According to the regular security release window schedule, November 25th would not typically be a core security window," Drupal said."However, this release is necessary because the
Publish At:2020-11-27 14:13 | Read:65 | Comments:0 | Tags:Security exploit

Failing Toward Zero: Why Your Security Needs to Fail to Get Better

Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes."Hard times create strong people.""What doesn't kill you makes you stronger."Maybe you've whispered these mantras to yourself in the aftermath of a personal setback at home or wo
Publish At:2020-11-27 12:32 | Read:46 | Comments:0 | Tags: security

The global impact of the Fortinet 50.000 VPN leak posted online

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. This vulnerability resides in an improper limitation of a path
Publish At:2020-11-27 10:00 | Read:148 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Security data leak Fortine

Drupal Releases Out-of-Band Security Updates Due to Availability of Exploits

The developers of the Drupal content management system (CMS) released out-of-band security updates right before Thanksgiving due to the availability of exploits.The core updates released for Drupal 7, 8.8, 8.9 and 9.0 on November 25 address a couple of vulnerabilities affecting PEAR Archive_Tar, a third-party library designed for handling .tar files in PHP.T
Publish At:2020-11-27 08:41 | Read:131 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit security

Truck routing provider Rand McNally hit by cyberattack

Chicago-based transportation technology firm Rand McNally is working on restoring network functionality following a cyberattack that hit its systems earlier this week.Rand McNally is an American company founded in 1856 that provides leading route mileage optimization and fleet management software to carriers, shipping companies, and third-party logistics pro
Publish At:2020-11-26 18:43 | Read:86 | Comments:0 | Tags:Security cyber

Canon publicly confirms August ransomware attack, data theft

Canon has finally confirmed publicly that the cyberattack suffered in early August was caused by ransomware and that the hackers stole data from company servers.BleepingComputer was the first to report the attack after tracking a suspicious outage on the cloud photo and video storage service (image.canon) that caused users to lose files.Employee da
Publish At:2020-11-26 18:43 | Read:171 | Comments:0 | Tags:Security ransomware