Cybersecurity News & Analysis | SC Media | Info Security News Security News

Security News

OAuth vulnerability threatens Azure accounts

There is a vulnerability in specific Microsoft OAuth 2.0 applications that could let an attacker gain access and control of a victim’s Azure account. The flaw was found by Cyberark researchers who noticed that many white-listed OAuth applications, at least 54, automatically trust domains and sub-domains that are not registered by Microsoft so anyone can…

Phishing scam uses fake giveaways to lure in Steam gaming service users

Cybercriminals are reportedly attempting to trick users of the Steam video game digital distribution service into visiting a phishing site that pretends to give away new game skins, but actually steals login credentials. Researcher “nullcookies” first reported the fraudulent giveaway promotion in a Twitter post late last month. BleepingComputer followed up on the post and…

TikTok transferred user data to China without consent, lawsuit says

TikTok secretly transferred user data to China without obtaining consent, according to a lawsuit filed by a college student in the Northern District of California. Misty Hong claimed the viral video service culled off her personal videos and information, then funneled it to servers in China. “Allegations that TikTok has been accumulating data about U.S.…

Barr said to dispute Justice IG’s finding that FBI had legal basis for Trump campaign probe

Attorney William Barr reportedly has signaled that he’ll dispute the apparent finding in the much-anticipated Justice Department Inspector General (IG) report that in the summer of 2016 the FBI had enough evidence to pursue an investigation into Trump campaign members’ ties to and possible coordination with Russian operatives. IG Michael Horowitz is expected to conclude…

trojan, RAT

Tetris game app used to distribute PyXie Python RAT

A new remote access trojan whose name reminds one of a fairytale and not the potential nightmare it could bring to its victim has been disclosed by Cylance. PyXie Python RAT has been flitting about since 2018 helping deliver ransomware and other malware to the healthcare and education industries. The RAT has been tracked being…

Japanese flag

Japan joins in NATO cyber exercise

Concern over the cybersecurity threat posed by China helped push Japan to become a full participant in NATO’s recent cybersecurity wargames. Japan had participated in previous Cyber Coalition exercises, but held only observer level status but this year a team of 20 attended in various drills including a hack back scenario, reported the Nikkei Asian…

Magecart skimmer group guns for Smith & Wesson’s Black Friday sales

The e-commerce website of weapons manufacturer Smith & Wesson has been targeted by a Magecart payment card-skimming group that’s been using lookalike domain names to impersonate payment anti-fraud company Sanguine Security. The Smith & Wesson website was compromised with a JavaScript-based skimmer last Wednesday, Nov. 27 – in time to steal card information for any…

Data breach more than 4X worse than first thought for Montgomery County schools

What at first looked like a single data breach affecting Montgomery County Public Schools (MCPS) in Maryland turned out to be a series of breaches that impacted thousands of more students than was originally reported. On Oct. 4, 2019, MCPS disclosed that a district student had one day earlier allegedly executed a brute-force credentials-stealing attack…

Church’s hit by cyber chicken thieves

Church’s Chicken suffered a cyberattack that penetrated the payment processing system at some of the chain’s corporate locations compromising payment card information. The company operates 941 locations across the United States, but in a statement noted only 165 of those, all owned and operated by the corporation, were impacted. Payment card numbers, names and expiration…

Next post in Data Breach