Oktacron - Cyber Security RSS Feeds History

US spy agencies review software suppliers' ties to Russia following SolarWinds hack

cyware May 08, 2021 Incident Response, Learnings

U.S. intelligence agencies have begun a review of supply chain risks emanating from Russia in light of the far-reaching hacking campaign that exploited software made by SolarWinds and other vendors, a top Justice Department official said.

Foxit Reader bug lets attackers run malicious code via PDFs

cyware May 08, 2021 Malware and Vulnerabilities

Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader.

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes

cyware May 08, 2021 Threat Actors

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise.

Misconfigured Database Exposes 200K Fake Amazon Reviewers

cyware May 08, 2021 Identity Theft, Fraud, Scams

The 7GB trove contained over 13 million records including the email addresses and WhatsApp/Telegram phone numbers of vendor contacts, plus email addresses, surnames, PayPal account details and Amazon account profiles of reviewers.

CaptureRx Hit with Ransomware Attack

cyware May 08, 2021 Malware and Vulnerabilities

An investigation revealed that certain files were accessed without permission, including first and last names, dates of birth, prescription information, and medical record numbers.

Microsoft: Business email compromise attack targeted dozens of orgs

cyware May 08, 2021 Threat Intel & Info Sharing

Microsoft detected a large-scale business email compromise (BEC) campaign that targeted more than 120 organizations using typo-squatted domains registered a few days before the attacks started.

19 petabytes of data exposed across 29,000+ unprotected databases

cyware May 08, 2021 Trends, Reports, Analysis

CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of data exposed to anyone, including threat actors.

Popular routers found vulnerable to hacker attacks

cyware May 08, 2021 Malware and Vulnerabilities

The main issues affecting routers supplied by ISPs such as Virgin, EE, Sky, TalkTalk, and Vodafone were weak default passwords, local network vulnerabilities, and the lack of firmware updates to patch security loopholes.

Data leak marketplaces aim to take over the extortion economy

cyware May 08, 2021 Trends, Reports, Analysis

One well-known and highly publicized hacker who performed this practice was The Dark Overlord, who stole data and demanded ransoms from Disney, Netflix, and insurance companies.

VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm

cyware May 08, 2021 Malware and Vulnerabilities

VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States of America.

COVID19 Researchers Lose a Week of Work to Ryuk Ransomware

cyware May 08, 2021 Breaches and Incidents

An organization involved in COVID-19 research lost a week’s worth of critical data after a Ryuk attack that used a stolen password, according to Sophos who revealed the case.

Russian hackers are targeting these vulnerabilities, so patch now

cyware May 08, 2021 Malware and Vulnerabilities

Russian cyberattacks are being deployed with new techniques - including exploiting vulnerabilities like the recent Microsoft Exchange zero-days - as its hackers continue to target governments, organizations, and energy providers around the world.

Cyberattack Forces Colonial Pipeline to Shut Major Fuel Line

cyware May 08, 2021 Breaches and Incidents

A cyberattack forced the shutdown of one of the largest pipelines in the United States, in what appeared to be a significant attempt to disrupt vulnerable energy infrastructure.

PHP Timeclock 1.04 SQL Injection

packetstormsecurity May 08, 2021 Feed

PHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability.

PHP Timeclock 1.04 Cross Site Scripting

packetstormsecurity May 08, 2021 Feed

PHP Timeclock version 1.04 suffers from multiple cross site scripting vulnerabilities.

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy

thehackernews May 08, 2021 Feed

WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its new privacy policy rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service said in a statement. The move marked a

Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild

thehackernews May 08, 2021 Feed

Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operators appear to have reacted [...] by changing their TTPs in an attempt to avoid further detection and

Cyber security aggregator - feeds history

US spy agencies review software suppliers' ties to Russia following SolarWinds hack

Foxit Reader bug lets attackers run malicious code via PDFs

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes

Misconfigured Database Exposes 200K Fake Amazon Reviewers

CaptureRx Hit with Ransomware Attack

Microsoft: Business email compromise attack targeted dozens of orgs

19 petabytes of data exposed across 29,000+ unprotected databases

Popular routers found vulnerable to hacker attacks

Data leak marketplaces aim to take over the extortion economy

VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm

COVID19 Researchers Lose a Week of Work to Ryuk Ransomware

Russian hackers are targeting these vulnerabilities, so patch now

Cyberattack Forces Colonial Pipeline to Shut Major Fuel Line

PHP Timeclock 1.04 SQL Injection

PHP Timeclock 1.04 Cross Site Scripting

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy

Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild

202020212022202320242025