Ransomware, Threat Management, Identity

Ransomware attack compromises Modesto

SiliconAngle reports that Booking Holdings' online travel agency Booking.com had several critical security flaws within its implementation of the OAuth functionality, which could be leveraged to achieve widespread account takeovers and server breaches. Despite no evidence suggesting the exploitation of OAuth misconfigurations to access Booking.com customer accounts, such access could have facilitated complete user account control and the compromise of sensitive user data, including personal identifiable information, according to a report from Salt Security's Salt Labs research team. Other Booking Holdings sites, including Kayak.com, have also been impacted by the flaws, which have already been remediated. "OAuth has quickly become the industry standard and is currently in use by hundreds of thousands of services around the world. As a result, misconfigurations of OAuth can have a significant impact on both companies and customers as they leave precious data exposed to bad actors," said Salt Security Vice President of Research Yaniv Balmas.

Related

Total ransomware payment ban requires more prep

CyberScoop reports that achieving stronger cybersecurity resilience across critical infrastructure organizations and small- and medium-sized businesses was noted by former Acting National Cyber Director Kemba Walden to be crucial before implementing a complete ban on ransomware payments.

DDoS attacks spike in first quarter

Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.