Hackers accessed direct messages (DMs) for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitter confirmed Wednesday. An elected official in the Netherlands was one of those whose DMs were compromised, the company tweeted in an update late Wednesday, as part of Twitter's interest in sharing "more specifics about what the attackers did with the accounts they accessed." READ MORE...
A server containing information of users of a genealogy service has exposed the data of 60,000 users, putting them at risk for fraud, phishing and other cybercriminal activity. Research led by Avishai Efrat at WizCase has discovered the leak, which affected an open and unencrypted ElasticSearch server that belonged to Software MacKiev, according to a report posted online by Chase Williams, a web security expert at WizCase. READ MORE...
North Korean government-linked hackers have refined their malware tools and expanded their target lists over the past two years, according to new research from Kaspersky, which says the attackers have devoted "significant resources" to improving their capabilities. In particular, the hackers have aggressively deployed a multi-stage malware framework - which Kaspersky calls MATA - to target Windows, Linux, and macOS operating systems. READ MORE...
The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week's epic hack against Twitter. These individuals said they were only customers of the person who had access to Twitter's internal employee tools, but new information suggests that at least two of them operated a service that resold access to Twitter employees for the purposes of modifying or seizing control of prized Twitter profiles. READ MORE...
A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol. The attacker's goal is to mine for Monero (XMR) cryptocurrency and enslave as many systems as possible for this task for increased profit. Researchers at Cisco Talos named the new botnet Prometei and determined that the actor has been active since March. READ MORE...
Dozens of unsecured databases exposed on the public web are the target of an automated 'meow' attack that destroys data without any explanation. The activity started recently and hits Elasticsearch and MongoDB instances indiscriminately without leaving any explanation, or even a ransom note. A quick search by BleepingComputer on the IoT search engine Shodan has found dozens of databases that have been affected by this attack. READ MORE...
Security researchers have demonstrated a method to decrypt proprietary firmware images embedded in D-Link routers. Firmware is the piece of code that powers low-level functions on hardware devices. It is typically hard-coded within the read-only memory. Companies encrypt firmware images in their devices to prevent their reverse engineering by competitors and threat actors, and to prevent their customers (or better yet malware) from flashing the device with customized firmware. READ MORE...