Vevo hacked as OurMine releases 3.12TB of internal files

It has been reported that Vevo has been hacked, with roughly 3.12TB worth of internal files posted online, some of which appear sensitive. The majority of the files include benign data including weekly music charts, pre-planned social media content, and various details about the artists under the record companies’ management. Some files were more sensitive, though, such as one which reveals the alarm code for the company’s offices.

Continue reading

Nearly 600, 000 Alaska voters’ sensitive records exposed

News has surfaced that nearly 600,000 Alaska voters’ sensitive records exposed due to a CouchDB database configuration error. Security researchers at the Kromtech Security Research Center discovered the database of about 593,000 voters was accidentally configured for public access without password protection, potentially allowing anyone with a web browser to access and view the sensitive information. The exposed records contained the sensitive and personally identifiable information of prospective voters including names, addresses, dates of birth, ethnicity, marital status and voting preferences.

Continue reading

Equifax breach caused by a missed patch

News that Equifax has revealed that the cause of its massive data breach last week was a missed patch, the following attributable comment from

Amit Yoran, CEO of Tenable Network Security:

“Once again, we have a basic failure in cyber hygiene causing a massive data breach. The Equifax breach is the latest example of a known vulnerability with a patch readily available that was not applied, leaving millions of customers at risk. The fix was available for the Apache Struts vulnerability used in this attack for two months before Equifax was breached.

Every time a massive data breach makes headlines, we all have the same question: why does this keep happening? The answer is simple. These types of attacks take advantage of our own worst habits — the avoidance of doing something as simple as maintaining good cyber hygiene and patching systems.  Cyber criminals don’t need to waste a precious and rare zero-day exploit when they can easily get into your network using a known exploit of an unpatched vulnerability.

This should be a wakeup call for organizations of all sizes, across all industries. Knowing what systems your business relies on, and keeping those systems up to date and protected from exploitation isn’t a theoretical best practice — it frequently makes the difference between stopping an attack and a massive breach.”

21 million hit by Google Android malware attack

Security researchers have discovered the second-biggest outbreak to ever hit Google’s platform, with as many as 21.1 million infections. The malware’s been dubbed ExpensiveWall after hiding inside wallpaper apps. The researchers warned it sent fraudulent premium SMS messages and charged for fake services. In the latest outbreak detected by Check Point, ExpensiveWall infected at least 50 apps, which together were downloaded between 1 million and 4.2 million times, according to data straight from Google Play.

Continue reading

Cryptocurrencies web mining: a slower way to profit

For several years, cybercriminals have taken advantage of cryptocurrency mining in order to make a profit. Mostly by using malware or potentially unwanted applications installed on the victim‘s machine. Now, ESET researchers have analyzed a special case of mining of cryptocurrencies – done directly within your web browser using JavaScript.

Continue reading

Bashware, the new threat leaving 400 million PCs vulnerable

News broke this week about a new security threat, Bashware, which can enable any malware to step over security solutions. Check Point researchers uncovered the attack technique and suggest that Bashware may potentially affect any of the 400 million computers currently running Windows 10 PC globally. Bashware makes use of Windows’ in-built Linux shell to make any malware essentially undetectable to security products.

Continue reading