Data of millions of eBay and Amazon shoppers exposed
Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services (AWS) for anyone to find using a search engine. A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe. READ MORE...
Russia-Based Turla APT Group's Infrastructure, Activity Traceable
The activities of Turla Group, a stealthy Russia-based threat actor associated with numerous attacks on government, diplomatic, technology, and research organizations, may be trackable because of the group's penchant to use older malware and techniques alongside its arsenal of newer custom tools. Researchers at Recorded Future recently came to that conclusion after conducting an in-depth analysis of Turla's activities using data from its threat intelligence platform and several other sources. READ MORE...
European power grid organization hit by cyberattack
The European Network of Transmission System Operators for Electricity (ENTSO-E) has admitted that it fell victim to a cyberattack recently. In a brief statement published on its website, the organization says that it has found evidence of a "successful cyber intrusion" that affected its office network. ENTSO-E, which represents 42 electricity Transmission System Operators (TSOs) across Europe, emphasized that the compromised systems are not connected to any operational transmission network. READ MORE...
Out-of-Band Windows Updates Patch Wormable SMB Vulnerability
Microsoft has released out-of-band updates for Windows to patch a critical remote code execution vulnerability in Server Message Block 3.0 (SMBv3) that has been described as "wormable." The vulnerability, related to the way SMB 3.1.1 handles certain requests, can be exploited by an unauthenticated attacker to execute arbitrary code on SMB servers and clients. READ MORE...
Krebs on Security: Live Coronavirus Map Used to Spread Malware
Cybercriminals constantly latch on to news items that captivate the public's attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software. READ MORE...
Researchers Warn of Novel PXJ Ransomware Strain
Researchers have discovered a new strain of ransomware, dubbed "PXJ," which emerged in the wild in early 2020. While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said. They first identified PXJ on Feb. 29, after discovering two samples that were uploaded to VirusTotal by a user from the community. READ MORE...
WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites
Vulnerabilities in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups displayed on tens of thousands of websites, to steal information, and to potentially fully take over targeted sites. Popup Builder enables site owners to create, deploy, and manage customizable popups containing a wide range of content from HTML and JavaScript code to images and videos. READ MORE...
Working from Home? These Tips Can Help You Adapt
So, you're working from home for a while. You've probably worked remotely before, and you're thinking, "I've got this!" Odds are, you're mistaken. You don't have this. That's OK, this is an opportunity to learn new skills. You can think of working from home much like someone moving into an entirely new environment. Your patterns of work might be optimized for working in an office, and they might not quite fit at home. READ MORE...
