News

An unsecured Elasticsearch database left exposed the account information of about 7.5 million Adobe Creative Cloud users. Comparitech, in association with security researcher Bob Diachenko, found the Adobe database, which could be accessed without a password or any login credentials. The company was notified on October 19 and the database was locked down that day. Source: SC Magazine

One Magecart group decided that helping cancer victims is not enough of a reason to deter them from hitting the American Cancer Society’s online store with skimming malware. Sanguine Security found the malware on www.shop.cancer.org/ hiding behind the GoogleTagManager code. The store sells t-shirts emblazoned with the organization’s logo. Source: SC Magazine

Randori, a Boston-based startup from a former Carbon Black executive and a former red team consultant, announced its first product today. Called Randori Recon, this service is designed to act with a hacker’s mindset to surface all of your company’s external weaknesses. Source: Tech Crunch

OCALA, Fla. — Ocala officials said Thursday that the city had suffered a “net financial loss” as a result of a recent email "spear phishing" scam, the latest in a series of recent cybercrimes against Central Florida municipalities. Source: My News 13

Google Cloud Platform suffered issues around the same time as Amazon Web Services but claims they were not caused by DDoS. A significant distributed denial-of-service (DDoS) attack lasting approximately eight hours affected Amazon Web Services yesterday, knocking its S3 service and other services offline between 10:30 a.m. and 6:30 p.m. PDT. Source: Dark Reading

Cybercriminals continue to seed app stores with malicious apps, advanced attackers successfully compromise mobile devices, and advertisers continue to track users, new reports show. The ubiquity of mobile devices continues to attract attackers as malicious apps have surged 20% across third-party app stores, advertisers and tracking firms account for nine of 10 API calls for top mobile applications, and nation-state actors increasingly target mobile devices, according to a trio of reports released this week. Source: Dark...

By Stuart Sharp, VP of solution engineering at OneLogin According to predictions from the Office of National Statistics, 50% of the UK workforce is expected to be working remotely by 2020. Many organisations have been preparing for this eventuality for many years, as can be seen from the increased uptake of ‘working from home policies’. This is no surprise considering the advancements in technology and the growing expectation of flexible working hours from the modern...

A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time. It appears that the individual was after data relating to an "emerging technology" that both targeted companies were developing. Source: Bleeping Computer

A new malware is targeting Discord users by modifying the Windows Discord client so that it is transformed into a backdoor and an information-stealing Trojan. The Windows Discord client is an Electron application, which means that almost all of its functionality is derived from HTML, CSS, and JavaScript. This allows malware to modify its core files so that the client executes malicious behavior on startup. Source: Bleeping Computer

Kalispell Regional Healthcare (KRH) just reported a cyberattack that took place in late August and exposed patients’ health information. The Kalispell, Mont. facility had several employees fall for a phishing email scam, resulting in the attackers gaining the login credentials to KRH’s system, the hospital said in a statement. Source: SC Magazine