Six Cisco salt-master backend servers were compromised when attackers exploited two recently reported vulnerabilities in SaltStack Salt. Cisco revealed the attacks in an advisory, saying the Cisco Modeling Labs Corporate Edition (CML) and the Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) were vulnerable. In early May one or more attackers exploited the flaws in…
As phishing scammers actively impersonate institutions like the World Health Organization and Centers for Disease Control in order to capitalize on Covid-19 fears, government bodies and state-run health care organizations continue to make themselves vulnerable to email spoofing scams that leverage their names by failing to employ DMARC email validation protections, a new report states.…
More details have emerged about hacker group “Shiny Hunters’” prey this past month of more than 11 website victims, including Minted, a marketplace of independent illustrators and designers offering consumers items such as custom greeting cards. BleepingCompany reported that the Shiny Hunters is flooding the dark web with a combined total of 73.1 million user…
Kentucky has become the sixth state to disclose a data leak related to unemployment-related forms that has taken place during the Covid-19 pandemic. The Kentucky Education & Workforce Development Cabinet (EWDC) on Thursday acknowledged that a vulnerability in its Unemployment Insurance Portal caused a data leak that allowed insurance claimants to view the identity verification…
As protests over George Floyd’s death intensified in Minneapolis, the city was reportedly hit with a DoS attack early Thursday morning that left multiple websites and computer systems dysfunctional for several hours. The municipality reportedly restored service on 95 percent of its impacted URLs and systems within hours of the attack and expected a full…
Just two days after Twitter marked two of his tweets – one dealing with the security of voting by mail – with fact-check tags, President Trump signed an Executive Order encouraging a change to federal law referred to as Section 230 that provides liability protections to social media firms. The EO seeks to task the…
Bank of America has disclosed that it briefly exposed certain business clients’ Paycheck Protection Program (PPP) applications to outside parties after uploading the documents onto a test platform. The incident bears similarities to the recent news of at least states mistakenly exposing application information related to the Pandemic Unemployment Assistance (PUA) program. Both the PPP…
Existing criticisms of facial recognition technology once again is being called into question as news of Amazon’s “Rekognition” software was found to incorrectly match 105 U.S. and U.K. politicians. A blog post by privacy advocate Paul Bischoff published on comparitech.com/ May 28 criticized the tool for being inaccurate after he compared new data from Comparitech…
Researchers are warning users to be on the lookout for form-based phishing attacks whereby scammers abuse or imitate branded file-sharing, content-sharing and productivity websites in order to trick users into giving up their credentials or their account access. In a blog post on Thursday, Barracuda Networks says that from January through April 2020, these form-based…
The House late Wednesday nixed a planned vote on the FISA bill passed earlier this month by the Senate and which would authorize three surveillance initiatives in the USA Freedom Act. “We just formally announced a whip against it because, number one, it’s not going to become law,” Rep. Steve Scalise, R-La., told reporters. “Number…
