After a tip from a Telegram user who frequented identity theft channels, Brian Krebs tested and confirmed that anyone who knew your name, address, social security number (SSN), and birthday could view your full credit report at Experian. The method to get access did not require any hacking talents at all. It was a simple matter of replacing a part of the URL, which then allowed anyone with bad intentions to skip security questions. READ MORE...
GitHub on Tuesday disabled accounts on the platform belonging to a pro-Russian hacktivist group linked to attacks on entities in NATO countries, including efforts to disrupt the websites of Denmark's central bank and other financial institutions in the country, GitHub confirmed to CyberScoop. The group, NoName057(16), used the software development platform to host its distributed denial of service (DDoS) tool website and code used in its attacks, researchers with SentinelOne said Thursday. READ MORE...
The experts at security firm Bitdefender have released a universal decryptor for victims of the MegaCortex family of ransomware. MegaCortex, which was first spotted in early 2019, was posing such a threat to businesses by the end of that year that the FBI issued a warning that the ransomware was exploiting security weaknesses, stolen passwords, and phishing attacks to establish a foothold within networks. READ MORE...
For the past two weeks, hackers have been exploiting a critical vulnerability in the SugarCRM (customer relationship management) system to infect users with malware that gives them full control of their servers. The vulnerability began as a zero-day when the exploit code was posted online in late December. The person posting the exploit described it as an authentication bypass with remote code execution, meaning an attacker could use it to run malicious code on vulnerable servers with no credentials required. READ MORE...
A team of researchers from ETH Zurich has published a paper describing multiple security flaws in Threema, a secure end-to-end encrypted communications app. Threema is a privacy-focused and security-enhanced Swiss-made communications app used by the country's government, army services, and over 10 million users and 7,000 organizations worldwide. The ETH Zurich team devised seven attacks against Threema's protocol that could have consequences for the privacy of communication over the app. READ MORE...
Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers. The security flaw (CVE-2023-20025) was found in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 routers by Hou Liuyang of Qihoo 360 Netlab. It is caused by improper validation of user input within incoming HTTP packets. READ MORE...
Cisco's Talos security researchers have published technical information on three severe vulnerabilities impacting Asus RT-AX82U routers. A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports remote management and monitoring. Last year, Cisco's Talos researchers identified three critical- and high-severity security defects that could be exploited to bypass authentication. READ MORE...