Twitter lost control of its internal systems to attackers who hijacked almost a dozen high-profile accounts, in a breach that raises serious concerns about the security of a platform that's growing increasingly influential. The first signs of compromise occurred around 1pm California time when hijacked accounts started pumping out messages that tried to scam people into transferring cryptocurrency to attacker-controlled wallets. READ MORE...
Citrix on Wednesday denied claims that its systems have been breached and says the information being sold on the dark web actually comes from a third party and it's not very sensitive. Data breach monitoring service Under the Breach reported on Tuesday that a threat actor was offering to sell a database containing information on 2 million users. The data was allegedly obtained after breaching Citrix systems and the asking price was $20,000. READ MORE...
A well-known private hacking forum has recently become more inclusive, introducing a new platform to help newbie threat actors flourish and hone their expertise, research has found. The discovery is unique, as private hacker forums tend to be the exclusive province of elite cybercriminals. Digital Shadows on Thursday published a report that takes a deep dive into CryptBB, an exclusive hacker forum that has been operational since 2017. READ MORE...
Microsoft's desktop email client Outlook has stopped working worldwide for countless users, whether they are using it with an on-premises Exchange server or with the Office 365 cloud. When you try to start the software on Windows, it immediately crashes with the error code 0xc0000005. "Microsoft has borked Outlook," one Reg reader told us. "Thousands of users worldwide are now experiencing this." READ MORE...
Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that's attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices. The apps targeted include: Amazon, eBay, Facebook, Grinder, Instagram, Netflix, PlayStation, Reddit, Skype, Snapchat, TikTok, Tinder, Tumblr, Twitter and VK, among many others, researchers said. READ MORE...
Yesterday was Patch Tuesday, and with 123 bugs fixed, including 20 in the "critical" category, we're saying what we always do, namely, "Patch early, patch often." The vulnerability turned out to be a long-standing bug that needing fixing in every supported version of Windows Server from 2008 to the present day. The bug has been dramatically dubbed SIGRed, presumably in a cheeky historical nod to the Code Red worm of 2001. READ MORE...
Just two days after SAP released patches for a critical NetWeaver AS JAVA remote code execution vulnerability, proof-of-concept (PoC) exploits have been released, and active scans are underway to exploit devices. Discovered by Onapsis, The RECON (Remotely Exploitable Code On NetWeaver) vulnerability is tracked as CVE-2020-6287 and is rated with a maximum CVSS score of 10 out of 10. READ MORE...