Private aviation services provider Solairus Aviation on Tuesday announced that some employee and customer data was compromised in a security incident at third-party vendor Avianis. In a data breach announcement on March 23, Solairus said aviation business management platform provider Avianis provided notification last December about an intrusion into Avianis' Microsoft Azure cloud platform, which hosts Solairus flight scheduling and tracking system. READ MORE...
A security engineer and ex-contributor to an open systems non-profit organization recently reported a data leak to the organization. In return, he first got thanked for his responsible reporting, but later heard from their lawyers and the police. Apperta Foundation is a UK-based non-profit, supported by NHS England and NHS Digital, that promotes open systems and standards in the digital health and social care space. GitHub repository exposed passwords, keys, database. READ MORE...
Weeks after the disclosure around the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed. Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, said that last week researchers with FortiGuard Labs saw activity double over two days for cybercriminals targeting the vulnerabilities. The attackers are using the flaws to deploy cryptominers, ransomware. READ MORE...
The ability to protect your organization from third-party attacks will become increasingly critical as attackers try to maximize the effectiveness of their malicious campaigns. The breach disclosed by SolarWinds and another involving a legacy file transfer appliance from Accellion have focused fresh attention on the risks that enterprise organizations face from attacks via the software supply chain and other trusted third parties. READ MORE...
Facebook said it has disrupted a hacking operation that used the social media platform to spread iOS and Android malware that spied on Uyghur people from the Xinjiang region of China. Malware for both mobile OSes had advanced capabilities that could steal just about anything stored on an infected device. The hackers, which researchers have linked to groups working on behalf of the Chinese government, planted the malware on websites frequented by activists, journalists. READ MORE...
BP Chargemaster, purveyors of sockets for electric vehicles, seemingly had its email domain hijacked by criminals who used formerly legitimate addresses to send banking trojans to customers. Malware-laden emails were sent from corporate email addresses earlier this month - and their attachments included the IcedID credential-stealing malware. It appears that a corporate mail server may have been left unattended after BP Chargemaster rebranded as BP Pulse at the start of December 2020. READ MORE...
Backblaze has removed Facebook tracking code (also known as an advertising pixel) accidentally added to web UI pages only accessible to logged-in customers. The US-based cloud storage and online backup provider has customers from 175 countries and stores over 1 Exabyte of customer data on its servers. The tracking code was inadvertently added with a new Facebook advertising campaign that started on On March 8, said Yev Pusin, Backblaze's Senior Director Of Marketing. READ MORE...
?Slack has enabled a new 'Slack Connect' feature that allows users to send messages or create shared channels with people outside of their organization. While users had previously been able to test the Slack Connect feature, it has begun to roll out to all paid workspaces today. "Slack Connect is a new way for organizations to drive business forward and communicate with their customers, partners and vendors as quickly and easily as they interact with their coworkers in Slack." READ MORE...
Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes - but attackers are targeting those who haven't yet applied security updates. Attackers are actively exploiting two recently-patched vulnerabilities in a popular suite of tools for WordPress websites from marketing platform Thrive Themes. Thrive Themes offers various products to help WordPress websites "convert visitors into leads and customers." Its suite of products. READ MORE...