Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it. Although the details included are not highly sensitive, they could be used to launch better-crafted phishing campaigns against customers whose data was exposed. It is unclear how long the details stayed exposed but Bob Diachenko, the researcher that discovered it, estimates that anyone had free access to them for about a week.
Amazon is at least partly blame for the massive 2019 Capital One breach that impacted more than 100 million customers, senators are alleging. Security researchers however are of two minds. In a letter to the Federal Trade Commission (FTC) this week, U.S. senators Ron Wyden (D-Ore.) and Elizabeth Warren (D-Mass.) called for the investigation of Amazon’s role in the Capital One data breach, where a hacker accessed data that was hosted on servers on Amazon’s cloud-based computing platform, Amazon Web Services (AWS).
A New Jersey man has pleaded guilty in federal court to hacking two companies and installing keyloggers in an effort to steal data. The man, Ankur Agarwal, 45, pleaded guilty to two counts of obtaining information from computers and one count of aggravated identity theft. Starting February 2017, Agarwal physically trespassed onto a company’s premises in New Jersey to install hardware keylogger devices that would allow him to record the keystrokes of employees and obtain their usernames and passwords.
The third quarter of 2019 brought the rise of keylogger Agent Tesla, the decline of phishing-delivered ransomware-as-a-service (RaaS), and attackers' continued preference for exploiting the CVE-2017-11882 Microsoft Office vulnerablity to deliver phishing campaigns. Emotet began to surge toward the end of last quarter, according to Cofense's Q3 2019 Malware Trends Report, the latest report in a series of phishing updates throughout the year.
A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets has confirmed. For a successful exploitation, target servers must have the PHP-FPM (FastCGI Process Manager) feature enabled, but that combination is not as uncommon as initially believed. The flaw was discovered by Wallarm researcher Andrew Danau during a Capture The Flag contest that took place in September 2019.