Whole Foods
Whole Foods announced that anyone who drank and dined in it’s taprooms and full-service restaurants may have had their card information stolen. To read more: http://www.nafcu.org/News/2017_News/October/Whole_Foods_investigating_data_breach__NAFCU_continues_call_for_national_standard/
Taboola ads
Criminals are abusing Taboola ads on Microsofts MSN.com web portal. By clicking on a Taboola sponsored article it leads to a fake tech support page with the domain name 4vxadfcjdgbcmn[.]ga. To read more: https://www.grahamcluley.com/taboola-ads-scam/
Yahoo
The 2013 data breach that was discovered earlier this year actually affected every single customer account that existed at the time. The breach impacted three billion accounts, which is three times more than first reported. To read more: http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html
PledgeMusic
A security bug in the music platform lets anyone log into an account without needing a password. As long as you use the correct email address it does not matter if the password is wrong. To read more: http://www.zdnet.com/article/pledgemusic-security-bug-let-anyone-log-in-without-a-password/
NSA
Russian hackers obtained classified information about NSA cybersecurity programs after breaching a contractor’s computer. The hackers stole the information by exploiting a vulnerability in Kaspersky Lab software that was on his computer. To read more: http://www.securityinfowatch.com/news/12372907/nsa-cybersecurity-program-information-reportedly-stolen-by-russian-hackers
Dnsmasq
Google security engineers found seven flaws in Dnsmasq. The bugs can be exploited over the network to execute malicious code on a vulnerable system and hijack it. To read more: https://www.theregister.co.uk/2017/10/02/dnsmasq_flaws/
WordPress plugins
Three popular plugins suffer from a critical zero-day vulnerability that enables an attacker to take over a website. The bug is a PHP object injection flaw that affects Appointments, Flickr Gallery and RegistrationMagic. To read more: https://www.grahamcluley.com/critical-zero-day-bug-wordpress-plugins/
SoniXCast
A password leak vulnerability in a popular broadcast platform could allow hackers to hack online radio stations. The flaw allows anyone to reveal admin account and password in plaintext for anything hosted on SoniXCast. To read more: http://www.zdnet.com/article/password-leak-put-online-radio-stations-at-risk-of-hijack/
FormBook
The FormBook malware provides users with key logging, taking screenshots, clipboard monitoring grabbing passwords from web pages and emails. Hackers have launched campaigns against defense, aerospace and manufacturing contractors in the US and South Korea with this malware. To read more: http://www.zdnet.com/article/this-cheap-and-nasty-malware-wants-to-steal-your-data/
Sign up below and receive weekly breach reports directly in your inbox.