A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free. The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information. The database has also been added to the Have I Been Pwned service which allows users to check if their info. READ MORE...
Hackers hitting thousands of organizations worldwide in a massive phishing campaign forgot to protect their loot and let Google the stolen passwords for public searches. The phishing campaign has been running for more than half a year and uses dozens of domains that host the phishing pages. It received constant updates to make the fraudulent Microsoft Office 365 login requests look more realistic. READ MORE...
A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise (BEC) attack. So far, researchers have observed thousands of messages being sent to companies, predominantly delivered to retail, telecommunications, healthcare, energy and manufacturing sectors. Of note, the campaign leverages Google's Forms survey tool. READ MORE...
The COVID-19 pandemic represents the largest public health crisis in a century. As cyber attackers seek to exploit the crisis, it has also become a major security issue for healthcare organizations. Attackers do not view the world in terms of a network diagram, rather, they seek out people. Therefore, we are seeing an uptick in the adoption of social engineering techniques that create more compelling lures for those they are targeting. READ MORE...
Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user's email address. The attack, dubbed KindleDrip, was discovered in October 2020 by Yogev Bar-On, a researcher at Israel-based cybersecurity consulting firm Realmode Labs. KindleDrip involved the exploitation of three different security holes, all of which were addressed by Amazon. READ MORE...
Bugs in several messaging/video chat mobile apps allowed attackers to spy on targeted users's surroundings. The vulnerabilities - in Signal, Google Duo, Facebook Messenger, JioChat, and Mocha - could be triggered by simply placing a call to the target's device - no other action was needed. In early 2019, Apple fixed a major logic bug (CVE-2019-6223) in its Group FaceTime feature. The bug, discovered by a Tucson high-schooler. READ MORE...
NVIDIA has newly disclosed three security vulnerabilities in the NVIDIA Shield TV, which could allow denial of service, escalation of privileges and data loss. The NVIDIA Shield TV is a set-top gadget that acts as a hub for the smart home, streams PC games from a gaming PC to a TV, and allows local and online media playback and streaming. Android games compatible with Android TV are compatible with the Shield TV and controller, as are those from the NVIDIA's GeoForce market. READ MORE...
Amazon is one of the country's largest businesses-and despite its faults and flaws, the company overall excels at logistics and distribution at scale. Therefore, Amazon suggests, the brand-new Biden administration should give the company a call to help ramp up COVID-19 distribution nationwide. "Amazon stands ready to assist you in reaching your goal of vaccinating 100 million Americans in the first 100 days of your administration," Dave Clark, the head of Amazon's consumer business. READ MORE...