Attackers Leave Stolen Credentials Searchable on Google

Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search. The attackers behind a summer 2020 phishing campaign accidentally exposed the credentials they stole to the public Internet, where they could be discovered with a simple Google search.  Last August, the operators launched a

0 Comments

Breach Data Shows Attackers Switched Gears in 2020

Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked. The number of data breaches declined by half last year — to less than 4,000 events — yet the number of leaked records more than doubled, as did the

0 Comments

DNSpooq bugs expose millions of devices to DNS cache poisoning

Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices Millions of devices could be vulnerable to Domain Name System (DNS) cache poisoning and remote code execution attacks due to seven security flaws in dnsmasq, DNS forwarding

0 Comments

Einstein Healthcare Network Announces August Breach

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

0 Comments

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led

0 Comments

Report: 5 ways web apps suffered in 2020 and will continue to suffer in 2021

2020 was a security struggle in the world of web applications, and it isn’t going to get any better in 2021, research from cybersecurity provider Radware said. Image: Getty Images/iStockphoto The 2020-2021 State of Web Application Security Report is out from cybersecurity vendor Radware, and it paints a grim picture

0 Comments

Vulnerabilities in Popular DNS Software Allow Poisoning

Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack. A group of vulnerabilities in the popular DNSMasq software used for domain name system (DNS) caching and IP address assignment could allow an attacker to reroute network traffic or use nearly

0 Comments

Critical Cisco SD-WAN Bugs Allow RCE Attacks

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

0 Comments

FBI warns of voice phishing attacks stealing corporate credentials

Criminals coax employees into handing over their access credentials and use the login data to burrow deep into corporate networks The United States’ Federal Bureau of Investigation (FBI) has issued a warning about campaigns where threat actors target employees worldwide with voice phishing (also known as vishing) attacks in order to

0 Comments

Tips for a Bulletproof War Room Strategy

The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it’s packets. When COVID-19 hit the United States, there was no shortage of headlines about the new security challenges caused by the shift to remote work. There is truth in that, but I

0 Comments