Versa Director Flaw Exposes Networks to API Exploits and Token Theft
Published on September 25, 2024
It's been a rich week, full of data leaks, phishing campaigns, and corporate-level network breaches. We have cherry-picked some of the most important pieces that we published this week, in case you've missed any.
Georgia County Pays a Hefty $400k to Ransomware Actors who Locked Down their IT Systems.
Georgia county got targeted by ransomware actors and paid $400k to get their systems back online. The ransomware was a type of “Ryuk”, which remains an uncracked problem. FBI's investigation is still ongoing.
BigBobRoss Ransomware Unlocked by Avast and Emsisoft
The two cybersecurity firms have cracked BigBobRoss, and thousands of victims who stayed patient can finally free their systems from the particular ransomware. That is as long as they still have their victim IDs handy.
A New Facebook Phishing Campaign Targets iOS Users
A new realistic phishing campaign for iOS is tricking users into inputting their Facebook login credentials. The actors have done a great mimicking job, so only 2FA and a password manager can keep you safe.
Russian Authorities Order ISPs to Block the ProtonMail Encrypted Email Service
The two largest Russian Internet Service Providers have temporarily blocked access to the ProtonMail SMTP server and did so during demonstrations in Moscow.
South Korea Proposes New Stricter Internet Control Law
The South Korea Communications Commission has proposed a new law that will give the government full control over internet traffic, while it will also compel foreign internet companies to operate a locally-based server.
UN Human Rights Rapporteur Openly Expresses Concerns for Article 13
David Kaye of the UN is publicly expressing concerns about the EU’s upcoming copyright protection laws, warning about the danger against the people’s rights to free speech.
Mozilla’s Encrypted File-Sharing Service Firefox Send is Now Available
Mozilla is launching a security-centric file-transfer service for Firefox web browser, along with a dedicated Android app. Files up to 2.5GB in size will be supported, while users will be able to set passwords, expiring download links, and a download count limit.
Spotify Lodges Complaint Against Apple Over Unfair Competition
Spotify's founder accuses Apple of putting streaming companies at a disadvantage with its App Store practices and submitted a formal complaint to the European Commission.
Report Shows How Fake News Still Spread Through Twitter
Researchers find that pro-leave Brexit advocates are having a “bot-party” on Twitter, climbing the influence ranks as if it was nothing, and showcasing weird account behavior patterns.
Adware infects 206 Android Apps Downloaded 150 Million Times
Multiple Android app developers were tricked into using an ad-serving SDK which sends malicious commands to the device through a C2 server.
Counter-Strike 1.6 RCE Vulnerabilities Infect Players’ PCs with Trojan
Counter-Strike 1.6 players are becoming part of a vast botnet network, and Valve isn't planning to do anything about it.
Pakistani Government Website Compromised Using ScanBox Keylogger
Trustwave’s SpiderLabs Research team identified an instance of the ScanBox keylogger tool on a Pakistani passport application tracking website. While the vulnerability has been fixed now, no one knows for sure how many were affected.
Indian Authorities of Gujarat Arrest Ten College Students For Playing PUBG
Following the passing of a new penal law that placed a ban on PUBG in Gujarat, ten students were arrested for the crime of playing the game. The IFF appeals against the law and its enforcement through actual arrests, calling it a blatant violation of fundamental human rights.
Zippyshare Suddenly Denies Access to UK Visitors Without a Clear Reason
Zippyshare is giving a ‘403 error’ to those who visit the website from the United Kingdom, and the speculation about what’s really going on ranges from website misconfiguration to legal threats.
Gearbest Server Leaking Millions of Highly Critical Customer Data
An unprotected Elasticsearch database belonging to Gearbest is leaking personal, banking, payment, and even health record information. The worst part? It's all unencrypted.
Besides the above, we also regularly post tech news on our socials, on Facebook and Twitter. If you want to get a better picture of what's going on in the tech world at any given moment, you may do it by checking out our social media outlets.