A data base belonging to the Israeli online travel firm Amadeus was spotted open to the public exposing millions of Israeli travelers, including that nation’s prime minister. Amadeus is used as a booking service for several other popular Israeli travel companies including Inbal, which books flights for government workers. According to Calcalist.com, the open database…
A recent attempt by Baltimore government officials to create a workaround that would allow them to email while the city recovers from a ransomware attack was temporarily stymied by Google. Baltimore staffers had started to create Google Gmail accounts as a temporary replacement communication system. However, Google’s automatic security apparatus shut down the accounts as…
The digital solutions firm HCL left accessible information belonging to some of its employees and customers. The breach was first noticed by UpGuard when it came across personal information and plaintext passwords for new hires, reports on installations of customer infrastructure, and web applications for managing personnel. Using a keyword search technique that trolls for…
In a convoluted plot even the most inventive TV writer would have a hard time conjuring the U.S. Air Force is investigating an alleged cyber intrusion by the U.S. Navy. A U.S. Air Force lawyer and Navy Times journalist each received emails containing tracking malware that was allegedly sent by a U.S. Navy prosecutor in…
A zero-day vulnerability in Windows 10 that abuses a flaw in Windows Task Scheduler has been posted to GitHub by a security researcher who did not first notify Microsoft of the issue. The individual, who goes by the name SandboxEscaper, posted the vulnerabilities details along with a proof of concept showing the exploit being abused…
A lot of people are scared automation will eliminate their jobs. That’s going to be true in some industries, but ours is not one of them. Cybersecurity professionals who are accustomed to dealing with existential threats need to flip their mindsets and think of automation as an existential opportunity. There are millions of unfilled jobs…
The U.S. Commerce Department has temporarily relieved Chinese manufacturer Huawei of its inclusion on the federal Entity List, allowing the company to continue to do operate with its business partners for 90 days. Huawei was added to the Entity List on May 16, effectively banning the company from doing business in the United States, but…
By Stu Sjouwerman Since the very dawn of organized phishing attacks, the bad guys have recognized the power of exploiting trusted brands and online services. Our original experience with phishing was defined by spoofed emails purporting to hail from popular banks. Their objective was simple: trick users into coughing up their online banking credentials with…
A new online POS skimmer used by one of the Magecart groups has been spotted injecting an iframe into retailer websites that asks for payment card information. Malwarebytes came across the new technique being used on a Magento powered e-commerce platform. Unlike other skimming methods, which search for the active payment form on the page…
New research has revealed the creator of the commercially available 16Shop phishing kit is double dipping and is surreptitiously capturing the information stolen by his customers. Akamai said the alleged developer, an Indonesian they believe goes by handle Riswanda, has no qualms about taking advantage of the criminals who license his phishing kit and has…
