News

Discord has announced that it suffered a 'massive outage', which affected user login and the voice chat features. The outage begun at 2:49 PM EST and came down to an issue with the application programming interface (API) that interrupted the communication between various services. While this issue was quickly resolved, Discord discovered another problem with a database cluster. In a statement Discord explained: "We have identified the underlying issue with the API outage but are...

Yesterday, Elliptic, a blockchain security company, alongside multiple other users, took to Twitter to speak out about a bug found in OpenSea, an NFT marketplace. A flaw in the platform has allowed attackers to buy NFTs for a price much lower than what is listed on the platform. The issue affects Mutant Ape Yacht Club, Bored Ape Yacht Club, Cyberkongz and Cool Cats NFTs. Elliptic said that they have "identified at least three attackers who...

In protest of President Alexander Lukashenko and Russian troop movements through the country, Belarussian hacktivists have launched a ransomware attack against the railway systems. The Cyber-Partisans announced their attack on Twitter on Monday, along with a list of demands in exchange for the encryption keys. The attack has crippled the system and disrupted ticket sales, however automation and security systems were left unaffected in case of emergency situations. The tweets read: "At the command of the...

Password security has many well-debated weaknesses but one that gets surprisingly little attention is how organisations can know whether and when theirs have been compromised by outsiders. This lack of interest is surprising. Almost all cyberattacks today, including ransomware attacks, exploit stolen or leaked credentials (a password + username), which makes any compromise a critical incident in the making.  The traditional defence is to change them on a schedule basis on the assumption that a compromise is likely at some point, but this has always...

The Cybersecurity and Infrastructure Security Agency (CISA) this week have added seventeen actively exploited vulnerabilities to the Known Exploited Vulnerabilities Catalog. These latest vulnerabilities bring the catalog up to a total of 341 vulnerabilities, and 10 of the newest 17 must be patched by the first week of February. In the list of 17 vulnerabilities, two are especially interesting: CVE-2021-32648 and CVE-2021-35247. The vulnerability tracked as CVE-2021-32648 must be patched by the first week of...

The government has claimed that its newly introduced Online Safety Bill will make the UK "the safest place in the world to be online", but some have criticised the bill, warning that it doesn't go far enough to combat things like cyber-flashing, child abuse or violence against women and girls.   The BBC reported that MPs said the bill's definition of illegal content must be re-framed, and more should be done to define the risk...

This week, Americans have been warned to watch out for maliciously crafted QR codes aimed at stealing credentials and financial information. The FBI posted this warning on their Internet Crime Complaint Center (IC3) last week. In the statement, the law enforcement agency said: "Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information." Hackers are switching legitimate QR codes posted or advertised by businesses with their own,...

It has been reported that the International Committee of the Red Cross has recently suffered a cyber-attack, during which the data of more that 515,000 vulnerable people was accessed and seized. Some of the individuals affected recently fled conflicts. The ICRC confirmed the attack in a published statement: “A sophisticated cybersecurity attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week. The attack compromised personal...

A new scam website has been impersonating Nintendo's official website, pretending to sell discounted Nintendo Switch consoles. Last week, the Japanese video game company warned customers to be wary of the scam.  Nintendo rarely warns customers of such issues, so it has been said that this gives insight into the severity of the scams. On Friday, Nintendo tweeted, "We have confirmed the existence of a fake website that impersonates Nintendo's homepage". Nintendo has said that...

In Q4 of 2021, DHL was threat actors' preferred brand to imitate when launching phishing campaigns. This pushed Microsoft into second place and Google into fourth. These findings were unsurprising as the last three months of the year include holidays such as Black Friday, Cyber Monday and Christmas; holidays that hackers frequently exploit as victims let their guard down. As these holidays see an increase in online purchases and package deliveries, scams impersonating the international...