Facebook and Twitter say hundreds of users accidentally gave improper access to personal data through third-party apps
https://www.cnbc.com/2019/11/25/facebook-and-twitter-says-users-gave-improper-access-to-personal-data.html
Mixcloud data breach exposes over 20 million user records
https://techcrunch.com/2019/11/29/mixcloud-data-breach/
https://blog.mixcloud.com/2019/11/30/mixcloud-security-notice
Someone is Watching you!
User Privacy Under Relentless Attack by Trackers Following Every Click and Purchase
https://www.eff.org/press/releases/eff-report-exposes-explains-big-techs-personal-data-trackers-lurk-social-media
20 VPS providers to shut down on Monday, giving customers two days to save their data
https://www.zdnet.com/article/20-vps-providers-to-shut-down-on-monday-giving-customers-two-days-to-save-their-data/
Caution! Ryuk Ransomware decrypter damages larger files, even if you pay
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
So scan every webshop withMagento under 1.9.4.2 & PHP under 5.6.40 here: https://www.magereport.com/
in case of plenty vulnerabilities, do not go there and/or refrain from ever buying fake goods or being scammed out of your money.
If others cannot protect us, we have to fence for ourselves. Forewarned = forearmed.
polonus
Just a random webshop you have to shun because insecure: https://www.magereport.com/scan/?s=https://www.sarezalando.com/
Scan results say HIGH RISK website â not patched, not installed, unprotected and unmaintained (on purpose as we find out now).
Damian
P.S. Not flagged at VT: https://www.virustotal.com/gui/ip-address/141.105.68.82/details
Probably coming from Russia (RBN website "Russian Business Network), not yet on Dr. Webs malicious websites list.
LifeLabs Data Breach Exposes Personal Info of 15 Million Customers
https://www.bleepingcomputer.com/news/security/lifelabs-data-breach-exposes-personal-info-of-15-million-customers/
https://customernotice.lifelabs.com/
Just watching an infested ad is enough to get infected.
Social engineering does the rest (if you fall for it or arenât using a decent blocker)
Visiting smut sites and then a fake smut site with malware-installer, portraying as a video-update, will infest you.
polonus
Report: 267 million Facebook users IDs and phone numbers exposed online
https://www.comparitech.com/blog/information-security/267-million-phone-numbers-exposed-online/
Cyberattack hit computers of the Maastricht University in the Netherlands.
Clop ransomware, an AES cryptomix variant, launched by malcreants hiding behind a protonmail address.
Newer variants of the Clop ransomware also will disable av-protection.
The word clop comes from a word âKlopâ, ĐĐ»ĐŸĐż in Russian, which is a term for a sort of bloodsucking bedbug,
but in this case it should be taken more to mean an equivalent of the technical term âbugâ. ???
We are waiting for a decryptor, but if professionally performed AES strenght, it is nearly uncrackable and cannot be defeated.
Infection methods are:
Spam email attachments or hyperlinks;
Insecure RDP connections;
Compromised or hacker-designed websites
Re-packed installers;
Keygens, cracks, and other executables;
Exploit kits, etc.
Authorities have been warning for this dangerous webthreat coming for months now.
And it took Maastricht University by surprise just before Christmasâ Eve,
Info credits above go to: luntrus
polonus
Malcreants/cybercriminal-ransomware-developers do not like their adversaries, they really hate them.
See for instance how widespread this Syrk ransomware has spread:
https://maltiverse.com/search;query=gr9wgs94fg5sb3y8l.000webhostapp.com;page=1;sort=query_score
polonus
Attackers actively on the look-out for vulnerable Citrix-servers.
Read: https://support.citrix.com/article/CTX267027 (vulnerability)
80.000 vulnerable servers world-wide:
https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/
Hackers activity: https://twitter.com/GossiTheDog/status/1214892555306971138
Confirmed here: https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
Mitigation proposals (ther eis no patch available as yet): https://support.citrix.com/article/CTX267679
polonus
Beware of Amazon Prime Support Scams in Google Search Ads
https://www.bleepingcomputer.com/news/security/beware-of-amazon-prime-support-scams-in-google-search-ads/
On many sites Google Translate could mean a problem for potential attacks on âwindow.openerâ,
read: https://webhint.io/docs/user-guide/hints/hint-disown-opener/#why-is-this-important (security-problem)
Where we have seen this: close all
disown-opener: 65 hints
hint #1: âTranslateâ should have ârelâ attribute value include ânoopenerâ and ânoreferrerâ keywords.
detected on -https://www.ninefornews ⊠nos-fake-news-etc
Also cdn.taboola dot com adware found on that page: https://www.joesandbox.com/analysis/152773/0/html
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Microsoft Outsourced Skype, Cortana Voice Analysis to China With Virtually No Security in Place
https://gizmodo.com/microsoft-outsourced-skype-cortana-voice-analysis-to-c-1840935163
Hack Cambridgeâs young geniuses to take a crack at the Avast Secure Browser
https://blog.avast.com/avast-team-prepares-for-hack-cambridge
I personally canât wait for the results.
Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability
https://www.zdnet.com/article/hundreds-of-millions-of-cable-modems-are-vulnerable-to-new-cable-haunt-vulnerability/
What is Cable Haunt? https://cablehaunt.com/
130.000 Word Press CMS websites vulnerable because of holed plug-in.
Vulnerable plug-in = https://wordpress.org/plugins/iwp-client
You could get infested through a specially crafted request:
https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/
168.000 Word Press websites already patched: https://wordpress.org/plugins/iwp-client/advanced/
Badly configured insecure Word Press CMS based on PHP stays a security liability i.m.h.o. by design.
polonus
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/
ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001