An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts. In a data breach notification sent to affected customers, The North Face explained that the hackers may have gained access to account information. READ MORE...
Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum. 123RF is a popular stock photo and vector site that sells royalty-free images, videos, and audio to be used on websites, printed content, and videos. According to SimilarWeb, 123RF receives over 26 million visitors per month. Over the past weekend, a known data breach broker began selling a database containing 8.3 million user records. READ MORE...
In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the domain name system that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario. Now, Kaminsky's DNS cache poisoning attack is back. READ MORE...
Russian-speaking hackers have been using a new malware to steal information from their victims. Named Jupyter, the threat has kept a low profile and benefited from a fast development cycle. While Jupyter's purpose is to collect data from various software, the malicious code supporting its delivery can also be used to create a backdoor on an infected system. A variant of the malware emerged during an incident response engagement in October at a University in the U.S. READ MORE...
ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS - a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide. What makes the backdoor distinctive are its downloadable modules and their capabilities. READ MORE...
A rapidly proliferating new ransomware strain that over the past two weeks has already impacted multiple large companies in Israel and a few in Europe soon could pose a major threat to organizations all over the world. Check Point Software Technologies, which published a report today about the new so-called Pay2Key ransomware strain, said it's almost certainly of Iranian origin and capable of encrypting an entire network in an hour or less. READ MORE...