iOS
Apple released multiple security updates to patch three zero-day vulnerabilities in the FontParser component and the kernel of iOS. The Hacker News: https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html
Mashable
Tech news website Mashable announced that its users’ personal information was discovered in a leaked database. Port Swigger: https://portswigger.net/daily-swig/data-breach-at-mashable-leaks-users-nbsp-personal-information-online
Prestige Software
Used by hotels to integrate their reservation systems with online booking websites, Prestige’s software left 10m files related to hotel guests worldwide exposed for seven years, thanks to a misconfigured AWS S3 bucket. ThreatPost: https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/
BigBasket
Indian online grocery BigBasket suffered a data breach in which details of 20m users ended up on the dark web. Economic Times: https://economictimes.indiatimes.com/tech/startups/bigbasket-faces-potential-data-breach-details-of-2-crore-users-put-on-sale-on-dark-web/articleshow/79109124.cms
University of Vermont Medical Center
The University of Vermont Medical Center is working to restore systems disabled in a cyberattack that prevented the hospital’s from providing some cancer treatments. The Wilton Bulletin: https://www.wiltonbulletin.com/news/article/Hospital-network-hit-by-cyber-attack-restoring-15709619.php
Brazilian Superior Court of Justice
The Brazilian court was hit by a cyberattack that brought all of its operations to a halt for an entire week. ZDNet: https://www.zdnet.com/article/brazilian-superior-electoral-court-hit-by-major-cyberattack/
Luxottica
A data breach exposed the personal and health information of patients of LensCrafters, Target Optical, EyeMed and several other eye-care practices. Bleeping Computer: https://www.bleepingcomputer.com/news/security/luxottica-data-breach-exposes-lenscrafters-eyemed-patient-info/
SonarQube
The FBI issued a security alert warning that hackers are abusing misconfigured SonarQube applications to steal source-code repositories from U.S. government agencies and businesses. SonarQube’s software is used to test code for security flaws before applications are released. ZDNet:https://www.zdnet.com/article/fbi-hackers-stole-source-code-from-us-government-agencies-and-private-companies/
Magento
Hackers are attacking businesses running Magento’s 1.x e-commerce platform; this obsolete version of the platform has been unsupported by Magento since June 2020, but is still widely used. The Hacker News: https://thehackernews.com/2020/11/over-2800-e-shops-running-outdated.html
ModPipe
A new backdoor targets Oracle’s MICROS point-of-sale restaurant-management software to steal payment information stored in the devices. The Hacker News:https://thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html
WildWorks
A children’s online-gaming platform that builds a virtual world known as Animal Jam suffered a data breach impacting 46m accounts. Bleeping Computer: https://www.bleepingcomputer.com/news/security/animal-jam-kids-virtual-world-hit-by-data-breach-impacts-46m-accounts/
Vertafore
This insurance-software provider disclosed a data breach in which a third-party accessed the details of 27.7m Texas drivers. ZDNet: https://www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/
Facebook ads
A ransomware group is using hacked Facebook accounts to run ads to pressure ransomware victims into paying for their data. Krebs on Security: https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/
Akropolis
Hackers used a flash loan attack against cryptocurrency borrowing and lending service Akropolis to steal 2m in Dai cryptocurrency. ZDNet: https://www.zdnet.com/article/hacker-steals-2-million-from-cryptocurrency-service-akropolis/