NurseryCam, the remote video monitoring service for parents with young children at nurseries that was dogged with claims of troubling security issues last week, has suffered a data breach. As BBC News reports, NurseryCam says that a "loophole" allowed an unauthorised party to access parents' accounts - stealing usernames, passwords, names, and email addresses. From the sound of things, the breach was not done with malicious intent. READ MORE...
Sequoia Capital last week warned investors that some of their personal and sensitive information may have been exposed in a recent data breach of the firm. According to reports, Sequoia said the data may have been accessed by a third party in the breach, which occurred as a result of a successful phishing attack on an employee via email. Sequoia confirmed the breach to multiple media outlets. The 49-year old venture capital firm has companies like Airbnb and DoorDash in its portfolio. READ MORE...
Transport for NSW, which is the main transport and roads agency in New South Wales, Australia, and NSW Health, the state's ministry of health, are the latest confirmed victims of a cyber-attack targeting Accellion's FTA file transfer service. Transport for NSW says that some information was stolen before the attack on Accellion servers was interrupted and that an investigation is ongoing, but did not provide further details on the matter. READ MORE...
Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers - including FedEx and DHL Express. Both scams have targeted Microsoft email users and aim to swipe their work email account credentials. They also used phishing pages hosted on legitimate domains, including those from Quip and Google Firebase - allowing the emails to slip by security filters built to block known bad links. READ MORE...
Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users' computers. The threat actors create fake stories with titles containing popular keywords that Google Search then indexes. Once indexed, Google Alerts will alert people who are following those keywords. However, if you visit the fake story's URL directly, the website will state that the page does not exist. READ MORE...
Texas electric utility Austin Energy today warned of unknown individuals impersonating the company and threatening customers over the phone that their power will be cut off unless they pay fictitious overdue bills. During these ongoing scam attempts, the scammers warn the customers that their utilities will be disconnected if they don't make immediate payments, "typically using a reloadable prepaid debit card or other non-traceable form of payment." READ MORE...
A South Carolina county continues to rebuild its computer network after what it called a sophisticated hacking attempt. Hackers sent an email Jan. 22 that allowed them to take over Georgetown County's computers. They demanded a ransom to return the system to the county's control, spokeswoman Jackie Broach said. The county did not pay the ransom and has been working for the past month to restore email and the network and clean infected computers, Broach said in a statement. READ MORE...
Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. EpMe is the original exploit created by Equation Group around 2013 for a Windows zero-day bug tracked as CVE-2017-2005. The vulnerability was used for escalating Windows user privileges after gaining access to targeted devices since it's a local privilege escalation (LPE) bug affecting devices running Windows XP up to Windows 8. READ MORE...