News

Microsoft Office 365 users are being targeted by a malicious email campaign impersonating an automated SharePoint notification. The fake emails were crafted to mention the name of the targeted organisations and have already reached over 50,000 inboxes, according to email security company Abnormal Security. The messages invited potential victims to click on a link in the body of the message, which would take them to a fake SharePoint landing page. There, through a series of...

US healthcare service National Cardiovascular Partners (NCP) has fallen victim of an email hack that exposed 78,000 cardiovascular patients' data. The data was archived in an Excel spreadsheet, which was accessed by malicious actors back in April. The breach remained undetected until nearly a month late, when NCP responded by securing the compromised email and brought in cybersecurity experts to handle the forensics of the incident. The information exposed included sensitive data such as names,...

LA-based fintech unicorn Dave has confirmed a security compromise that resulted in 7,516,625 user records being exposed. On Saturday, ZDNet reported that it was tipped off by a reader who noticed that a hacker was offering the Dave app's user data on RAID, a hacking forum that has built a reputation for being the go-to place for hackers to leak databases. It appears that attackers were able to access the database through the network of...

Source code from exposed repositories of dozens of companies across various fields of activity (tech, finance, retail, food, eCommerce, manufacturing) is publicly available as a result of misconfigurations in their infrastructure, Bleeping Computer reported. A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls; and the list keeps growing. The leaks have been collected by Tillie Kottmann,...

The Federal Bureau of Investigation added three network protocols and one web application to its list of newly discovered DDoS attack vectors. In a private industry notification, the Bureau reported that: In February 2020, UK security researchers identified a vulnerability in the built-in network discovery protocols of Jenkins servers—free, open source, automation servers used to support the software development process that cyber actors could exploit to conduct DDoS amplification attacks — according to open source...

The hearing between the US government and four tech giants - Amazon, Apple, Facebook and Google, has been postponed to a later date that has yet to be confirmed, the BBC reports. The hearing will look into these companies' dominance in their respective fields of e-commerce, smartphone software, social media and search. The delay will allow politicians to attend a service in memory of John Lewis, a civil rights activist and congressman.  

A ransomware attack on Blackbaud, a US cloud computing provider, back in May has led to data breaches across numerous universities and NGOs. This includes the University of York, University College London, University of London, Human Rights Watch and Young Minds. As a result of Blackbaud's delay in responding to the incident, it is likely they will face a GDPR investigation, reports Infosecurity Magazine. In an email to the IT Security Guru, Chris Ross, SVP...

An Android application used to control drones possesses a self-update feature that bypasses the Google Play Store which allows it to transfer sensitive data to its manufacturer, Da Jiang Innovations, and potentially the Chinese government. This was confirmed by French researchers at Synacktiv with the GRIMM security research group. “While we can’t prove intent, what we can say is that it could allow to make very serious privacy violations,” GRIMM CEO Brian DeMuth told SC...

Garmin, a wearable device maker, has suffered an outage of its connected services and call centres as a result of a suspected ransomware attack. It was first revealed following a Tweet from the company's Indian branch which announced a shutdown of some servers for planned maintenance. Soon after, the same outage message was shared across Garmin's main social media accounts. According to BleepingComputer, a notification message was issued on the company's website stating: "We are...

Twilio is a cloud communications platform as a service (CPaaS) company that enables communications for over 40,000 companies including Twitter, Netflix, Uber, Airbnb and many more. It allows developers to add various communication tools such as voice, video, and messaging as well as authentication capabilities. However, BleepingComputer has reported that hackers had infiltrated Twilio's TaskRouter JS SDK through misconfigured Amazon AWS S3 buckets and injected malvertising code. "Due to a misconfiguration in the S3 bucket...