An unknown number of online gamblers lost more than a few bucks when several unnamed online casinos left an Elasticsearch database open exposing the details of 108 million bets. Justin Paine, director of trust and safety at Cloudflare, posted the finding on his Twitter page, noting that these instances are now so common that he…
Cisco has revealed a critical-rated vulnerability in its small business switches software that if exploited can allow a remote attacker to bypass the device’s user authentication mechanism. The vulnerability in version 1.4.9.04 of the Cisco software exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system.…
A French cybersecurity researcher is reporting that Android ES File Explorer app can allow others on your local network to remotely access a file on your phone. The app, which has more than 100 million Android installs and is designed to allow for the management of all varieties of file types, has a major open…
By Fraser Kyne, EMEA CTO, Bromium Cathay Pacific, Eurostar, British Airways – it’s fair to say last October was a bit of a nightmare for security departments across the world, and for consumers. And the Marriott breach in November was equally horrific. Cathay Pacific lost the details of 9 million customers; whilst BA’s most recent…
Researchers at Trend Micro and RiskIQ have pulled the curtain away from a new Magecart sub-group that managed to insert card skimmer code into more than 200 companies by using a third-party vendor as an unwitting accomplice. The new malicious team, tagged Magecart Group 12, managed to inject their malware into the JavaScript library of…
Drupal released two critical security updates that if exploited could allow an attacker to take control of an affected system. The patches are for Drupal versions 7.x, 8.5.x, and 8.6.x and can be rectified by updating to Drupal 7.62, 8.5.9 or 8.6.6. The first critical vulnerability, CVE-2018-1000888, and has to do with a third-party component…
In a somewhat unusual step cybercriminals are targeting banks in several western African nations using off the shelf malware to gain entry, gain persistence and exfiltrate data along with “living off the land” tactics. Symantec said the attacks have been taking place since mid-2017 hitting financial institutions in Cameroon, Congo (DR), Ghana, Equatorial Guinea and…
The Department of Justice has charged two Ukrainian nationals for hacking into the Security and Exchange Commission’s (SEC) computer system to steal confidential corporate information and sell it to the highest bidder or to make trades. Artem Radchenko and Oleksandr Ieremenko were charged in the United States Court District of New Jersey with securities fraud…
Oracle pushed out 248 patches as part of the company’s quarterly security update affecting a wide range of its products. The list of issues and products covered is quite extensive, but a few of the highlights are Enterprise Manager Products Suite in which nine of the 11 fixes cover remotely executable vulnerabilities that can be…
By Armaan Mahbod, manager, insider threat analyst team, Dtex Systems You’ve spent millions on security. You have the latest and smartest firewalls installed. You have deployed cutting-edge AI-powered antivirus solutions. Phishing emails are stopped cold by your expensive anti-spam and email security gateway solutions, some of the time at least. You are using a CASB…
