Hostinger
Web-hosting provider Hostinger suffered a data breach after attackers found an authorization token on one of the company’s servers, and used it to gain access to an internal system API. Hostinger ring-fenced the vulnerable system and reset 14m customer passwords. To read more: https://thehackernews.com/2019/08/web-hosting-hostinger-breach.html
Binance
The cryptocurrency exchange Binance confirmed that know-your-customer images that hackers leaked online earlier this month came from a third-party vendor. Some of the leaked images matched actual accounts while others did not. The investigation is still ongoing. To read more: https://thehackernews.com/2019/08/binance-kyc-data-leak_26.html
Nemty ransomware
Researchers found new ransomware that they named Nemty after the extension it adds to files after encrypting them. The malware is supposedly deployed via compromised remote desktop connections. To recover their data, victims are asked to pay approximately $1,000. To read more: https://www.bleepingcomputer.com/news/security/new-nemty-ransomware-may-spread-via-compromised-rdp-connections/
Imperva
Cybersecurity company Imperva alerted customers to a data breach that exposed email addresses, scrambled passwords, API keys and more for some of its firewall users. The exposure was limited to its Cloud WAF product. To read more: https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/
RETADUP malware
French law enforcement announced that it had taken down the RETADUP botnet malware, remotely disinfecting more than 850,000 computers worldwide by causing the malware to self-destruct. To read more: https://thehackernews.com/2019/08/retadup-botnet-malware.html
Apple
Apple announced that it will no longer retain audio recordings of Siri interactions by default. To read more: https://thehackernews.com/2019/08/apple-siri-recording-privacy.html
Magecart
Researchers discovered 80 Magecart-compromised e-commerce websites that are stealing credit-card information from victims. To read more: https://thehackernews.com/2019/08/magecart-hacking-credit-card.html
iPhones
Project Zero announced a new iPhone-hacking campaign that is able to install malware on iOS devices if victims simply visit an infected website. To read more: http://telecoms.com/499429/google-exposes-massive-iphone-hacking-operation/
Ransomware payments
Ransomware continues to spread through American city governments, schools and police departments. The role that the insurance industry is playing in the crisis is often overlooked. While insurers do not release information about ransom payments, they often pay the demands even if alternatives exist. To read more: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
Dental data
DDS Safe, an online backup system used by dental offices specifically to protect their data from ransomware, fell victim to ransomware. The backend system was hit with what is likely the Sodinokibi malware. How the attackers managed to compromise the company’s infrastructure is unclear. To read more: https://thehackernews.com/2019/08/dds-safe-dental-ransomware-attack.html
Capital One hacker
The woman arrested last month in connection with a large Capital One data breach has now been accused of hacking more than 30 other companies. She is indicted for mining cryptocurrency in addition to stealing data. To read more: https://thehackernews.com/2019/08/paige-thompson-capital-one.html
Russell Stover Chocolates
Russell Stover Chocolates announced that a data breach potentially affected customer credit- and debit-card information. To read more: https://www.foxbusiness.com/personal-finance/russell-stover-chocolates-latest-in-data-breach-what-customers-need-to-know
Foxit Software
PDF-software company Foxit disclosed a data breach that enabled third-parties to access it customers’ personal information. Foxit has more than 525m users worldwide. To read more: https://www.bleepingcomputer.com/news/security/foxit-software-discloses-data-breach-exposing-user-passwords/
Jack Dorsey Twitter
The founder of Twitter had his account hacked last week. Twitter said its own systems were not compromised. To read more: https://www.bbc.com/news/technology-49532244
Starbucks
A security researcher found a Starbucks subdomain had a DNS pointer that was accidentally abandoned. By claiming the Azure resource name an attacker could use the subdomain to carry out cross-site scripting attacks. To read more: https://www.bleepingcomputer.com/news/security/starbucks-abandons-azure-site-exposed-subdomain-to-hijacking/
Sign up below and receive these reports and more, directly in your inbox.
https://upscri.be/9816bc