Cybersecurity News, Articles and Updates

Fortnite login credentials sold on the dark web for cheap

Researchers at Top10 VPN have uncovered a thriving marketplace for selling U.K. gamer logins and passwords on the popular Battle Royal-esque game "Fortnite" on the dark web.

AT&T sued over a SIM hijacking that lead to a $23.8 million cryptocurrency theft

A cryptocurrency entrepreneur and investor is suing AT&T for permitting a $23.8 million theft in a "SIM Swap" scam conducted by an authorized agent.

MadIoT PoC attacks leverage IoT devices to take out power grids

Cybercriminals may soon be able to target entire power grids without using Stuxnet like malware to infiltrate critical infrastructure.

Security updates issued for VMware, Samba, Internet Key Exchange, and Linux

US-Cert announced updates and patch releases for VMware, Samba, Internet Key Exchange, and Linux kernel, respectively, to address a host of vulnerabilities.

Man-in-the-Disk attacks leave Android users exposed to data manipulation

Check Point researchers discovered a new attack surface for Android applications that leverages external storage, dubbed Man-in-the-Disk attacks.

Hundreds of Netflix, HBO, DirecTV and Hulu credentials for sale on dark web

In Aprils 2018, Irdeto researchers discovered 854 listings of OTT credentials from 69 unique sellers across more than 15 dark web marketplaces.

Brazilian banking customers targeted by IoT DNS hijacking attacks

Attackers launched a DNS hijacking campaign targeting Brazilian bank customer credentials through the end-user IoT devices.

DHS-backed researchers spot serious vulnerabilities built into phones used by all major U.S. carriers

Kryptowire researchers funded by the Department of Homeland Security spotted vulnerabilities built into phones at all major U.S. carriers.

iOS update leaked Snapchat's source code; data leaked to GitHub

Snapchat's source code was leaked and posted on GitHub after a recent iOS update exposed a portion of the social media platform's source code.

Black Hat USA 2018: IBM researchers developed AI powered malware to demonstrate future threat models

IBM researchers at Black Hat USA 2018 announced their development of DeepLocker, described as a highly targeted and evasive attack tool powered by AI.

DarkHydrus using Phishery tool to harvest credentials

The DarkHydrus threat group is now using the open-source Phishery tool to harvest credentials in the Middle East against an educational institution.

MongoDB database exposes more than 2 million Mexican patients

A MongoDB database containing the health care information of more than 2 million patients in Mexico was left exposed revealing sensitive patient information.

Third-party misconfiguration exposes TCM Bank consumer data

A third-party website misconfiguration resulted in the exposure of sensitive data by credit card issuer TCM Bank leaked applicant data for 16 months.

Fortnite's Android version will require disabling security settings to install

Fortnite's Android version will be ditching the Google Play Store after a dispute over Google's 30 percent revenue share, opting instead to distribute through the Epic Games, the game's creator, website.

Malicious Windows executable files hidden in Google Play Apps

Palo Alto Unit 42 researchers identified several Google Play apps infected with malicious Window's Executable Files.

Valedictorian allegedly stole $2M in cryptocurrency by hacking cell phones

A high school valedictorian who went on to attend the University of Massachusetts Boston is now being charged with stealing $2 million in cryptocurrency by hacking cell phones.

HP to launch first printer bug bounty

The program is private and those who have been invited to participate have been instructed to focus on firmware-level vulnerabilities.

Kentucky city cites the risk of terrorism for not releasing surveillance details

When a local resident filed an Open Records Act request after noticing surveillance cameras had been installed in a public park without prior notice, the police department denied his request.

New DarkHydrus threat group targets Middle Eastern government agency

Researchers dubbed the custom PowerShell based payload, RogueRobin, and said it's possible the group pieced together the tool using code from legitimate open source tools.

Android P security updates include hardware security module

Android has announced its latest version, Android P, will include several security improvements such as a hardware security module, improved biometric authentication, and protected confirmation.

Hidden Bee miner spread via download drive-by download toolkit

The Hidden Bee cryptominer is being delivered to users via an improved drive-by download tooldkit which exploits the CVE-2018-4878 Flash Player vulnerability.

Intel patches three vulnerabilities in its Smart Sound Tech

Intel released patches for three high-severity flaws in its Smart Sound Technology which could allow an attacker to execute arbitrary code on Intel Core and Atom processor-based PCs.