Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Six Cisco servers compromised when hackers exploited SaltStack Salt flaws

Six Cisco salt-master backend servers were compromised when attackers exploited two recently reported vulnerabilities in SaltStack Salt. Cisco revealed the attacks in an advisory, saying the Cisco Modeling Labs Corporate Edition (CML) and the Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) were vulnerable. In early May one or more attackers exploited the flaws in…

States’ lack of DMARC adoption ups risk of Covid-19 email spoofing scams

As phishing scammers actively impersonate institutions like the World Health Organization and Centers for Disease Control in order to capitalize on Covid-19 fears, government bodies and state-run health care organizations continue to make themselves vulnerable to email spoofing scams that leverage their names by failing to employ DMARC email validation protections, a new report states.…

Shiny Hunters’ latest hit: Minted among 73.1M records offered

More details have emerged about hacker group “Shiny Hunters’” prey this past month of more than 11 website victims, including Minted, a marketplace of independent illustrators and designers offering consumers items such as custom greeting cards. BleepingCompany reported that the Shiny Hunters is flooding the dark web with a combined total of 73.1 million user…

Kentucky is 6th state to disclose leak of unemployment claims amid Covid-19

Kentucky has become the sixth state to disclose a data leak related to unemployment-related forms that has taken place during the Covid-19 pandemic. The Kentucky Education & Workforce Development Cabinet (EWDC) on Thursday acknowledged that a vulnerability in its Unemployment Insurance Portal caused a data leak that allowed insurance claimants to view the identity verification…

Denial of Service attacks, ransomware

Minneapolis reportedly hit with DoS attack amid protests over Floyd killing

As protests over George Floyd’s death intensified in Minneapolis, the city was reportedly hit with a DoS attack early Thursday morning that left multiple websites and computer systems dysfunctional for several hours. The municipality reportedly restored service on 95 percent of its impacted URLs and systems within hours of the attack and expected a full…

Test platform leaks Bank of America clients’ Covid-19 PPP loan applications

Bank of America has disclosed that it briefly exposed certain business clients’ Paycheck Protection Program (PPP) applications to outside parties after uploading the documents onto a test platform. The incident bears similarities to the recent news of at least states mistakenly exposing application information related to the Pandemic Unemployment Assistance (PUA) program. Both the PPP…

Facial recognition fails accuracy test raises privacy concerns; ACLU sues Clearview AI

Existing criticisms of facial recognition technology once again is being called into question as news of Amazon’s “Rekognition” software was found to incorrectly match 105 U.S. and U.K. politicians. A blog post by privacy advocate Paul Bischoff published on comparitech.com/ May 28 criticized the tool for being inaccurate after he compared new data from Comparitech…

Form-based phishing attacks impersonate branded file-sharing, productivity sites

Researchers are warning users to be on the lookout for form-based phishing attacks whereby scammers abuse or imitate branded file-sharing, content-sharing and productivity websites in order to trick users into giving up their credentials or their account access. In a blog post on Thursday, Barracuda Networks says that from January through April 2020, these form-based…

Govt surveillance NSA

House pulls vote on FISA bill

The House late Wednesday nixed a planned vote on the FISA bill passed earlier this month by the Senate and which would authorize three surveillance initiatives in the USA Freedom Act. “We just formally announced a whip against it because, number one, it’s not going to become law,” Rep. Steve Scalise, R-La., told reporters. “Number…

Next post in Security News